/** * Renew a delegation token. * * @param token the token to renew * @param renewer the full principal name of the user doing the renewal * @return the new expiration time * @throws InvalidToken if the token is invalid * @throws AccessControlException if the user can't renew token */ public synchronized long renewToken(Token<TokenIdent> token, String renewer) throws InvalidToken, IOException { long now = System.currentTimeMillis(); ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); TokenIdent id = createIdentifier(); id.readFields(in); LOG.info("Token renewal requested for identifier: " + id); if (id.getMaxDate() < now) { throw new InvalidToken("User " + renewer + " tried to renew an expired token"); } if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) { throw new AccessControlException( "User " + renewer + " tried to renew a token without " + "a renewer"); } if (!id.getRenewer().toString().equals(renewer)) { throw new AccessControlException( "Client " + renewer + " tries to renew a token with " + "renewer specified as " + id.getRenewer()); } DelegationKey key = allKeys.get(id.getMasterKeyId()); if (key == null) { throw new InvalidToken( "Unable to find master key for keyId=" + id.getMasterKeyId() + " from cache. Failed to renew an unexpired token" + " with sequenceNumber=" + id.getSequenceNumber()); } byte[] password = createPassword(token.getIdentifier(), key.getKey()); if (!Arrays.equals(password, token.getPassword())) { throw new AccessControlException( "Client " + renewer + " is trying to renew a token with " + "wrong password"); } long renewTime = Math.min(id.getMaxDate(), now + tokenRenewInterval); DelegationTokenInformation info = new DelegationTokenInformation(renewTime, password); if (currentTokens.get(id) == null) { throw new InvalidToken("Renewal request for unknown token"); } currentTokens.put(id, info); return renewTime; }