HADOOP-17379. AbstractS3ATokenIdentifier to set issue date == now.

Author: HeartSaVioR

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java

@@ -24,6 +24,8 @@
 import java.io.DataOutput;
 import java.io.IOException;
 import java.net.URI;
+import java.time.Clock;
+import java.time.Instant;
 import java.util.Objects;
 import java.util.UUID;
 
@@ -140,6 +142,7 @@ protected AbstractS3ATokenIdentifier(
       final URI uri) {
     super(kind, owner, renewer, realUser);
     this.uri = requireNonNull(uri);
+    initializeIssueDate();
   }
 
   /**
@@ -164,6 +167,13 @@ protected AbstractS3ATokenIdentifier(
    */
   protected AbstractS3ATokenIdentifier(final Text kind) {
     super(kind);
+    initializeIssueDate();
+  }
+
+  private void initializeIssueDate() {
+    Clock clock = Clock.systemDefaultZone();
+    long now = clock.millis();
+    setIssueDate(now);
   }
 
   public String getBucket() {

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/SessionTokenIdentifier.java

@@ -90,6 +90,7 @@ public SessionTokenIdentifier(
       final String origin) {
     super(kind, uri, owner, renewer, origin, encryptionSecrets);
     this.marshalledCredentials = marshalledCredentials;
+    this.setMaxDate(this.marshalledCredentials.getExpiration());
   }
 
   /**

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java

@@ -19,6 +19,7 @@
 package org.apache.hadoop.fs.s3a.auth.delegation;
 
 import java.net.URI;
+import java.util.Random;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -38,6 +39,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
 /**
  * Unit tests related to S3A DT support.
@@ -58,6 +60,34 @@ public void testSessionTokenKind() throws Throwable {
     assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
   }
 
+  @Test
+  public void testSessionTokenIssueDateAndMaxDate() throws Throwable {
+    AbstractS3ATokenIdentifier identifier
+        = new SessionTokenIdentifier();
+    assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
+    assertTrue("issue date is not set", identifier.getIssueDate() > 0L);
+    // there's no information on the max date, hence the default
+    assertEquals("max date", 0L, identifier.getMaxDate());
+
+    Text alice = new Text("alice");
+    Text renewer = new Text("yarn");
+    long expireTs = new Random().nextInt(Integer.MAX_VALUE);
+    MarshalledCredentials cred = new MarshalledCredentials("a", "b", "");
+    cred.setExpiration(expireTs);
+    AbstractS3ATokenIdentifier identifier2
+        = new SessionTokenIdentifier(SESSION_TOKEN_KIND,
+        alice,
+        renewer,
+        new URI("s3a://landsat-pds/"),
+        cred,
+        new EncryptionSecrets(S3AEncryptionMethods.SSE_S3, ""),
+        "origin");
+
+    assertTrue("issue date is not set", identifier2.getIssueDate() > 0L);
+    assertEquals("expiry time is not same as the credential's one", expireTs, identifier2.getExpiryTime());
+    assertEquals("max date is not same as expiry time", identifier2.getMaxDate(), identifier2.getExpiryTime());
+  }
+
   @Test
   public void testSessionTokenDecode() throws Throwable {
     Text alice = new Text("alice");
@@ -90,6 +120,8 @@ public void testSessionTokenDecode() throws Throwable {
         UserGroupInformation.AuthenticationMethod.TOKEN,
         decodedUser.getAuthenticationMethod());
     assertEquals("origin", decoded.getOrigin());
+    assertEquals("issue date", identifier.getIssueDate(), decoded.getIssueDate());
+    assertEquals("max date", identifier.getMaxDate(), decoded.getMaxDate());
   }
 
   @Test