You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by pz...@apache.org on 2020/02/12 23:21:06 UTC
[knox] branch master updated: KNOX-2233 - DefaultKeystoreService
getCredentialForCluster uses cache without synchronization (#264)
This is an automated email from the ASF dual-hosted git repository.
pzampino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 186ca4a KNOX-2233 - DefaultKeystoreService getCredentialForCluster uses cache without synchronization (#264)
186ca4a is described below
commit 186ca4ac117c079aa96db91eb353080d6cea3740
Author: Phil Zampino <pz...@apache.org>
AuthorDate: Wed Feb 12 18:20:58 2020 -0500
KNOX-2233 - DefaultKeystoreService getCredentialForCluster uses cache without synchronization (#264)
---
.../security/impl/DefaultKeystoreService.java | 35 ++++++++++++----------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
index 18acc74..021fb82 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
@@ -309,25 +309,30 @@ public class DefaultKeystoreService implements KeystoreService, Service {
@Override
public char[] getCredentialForCluster(String clusterName, String alias)
throws KeystoreServiceException {
- char[] credential = checkCache(clusterName, alias);
- if (credential == null) {
- KeyStore ks = getCredentialStoreForCluster(clusterName);
- if (ks != null) {
- try {
- char[] masterSecret = masterService.getMasterSecret();
- Key credentialKey = ks.getKey( alias, masterSecret );
- if (credentialKey != null) {
- byte[] credentialBytes = credentialKey.getEncoded();
- String credentialString = new String( credentialBytes, StandardCharsets.UTF_8 );
- credential = credentialString.toCharArray();
- addToCache(clusterName, alias, credentialString);
+ char[] credential;
+
+ synchronized (this) {
+ credential = checkCache(clusterName, alias);
+ if (credential == null) {
+ KeyStore ks = getCredentialStoreForCluster(clusterName);
+ if (ks != null) {
+ try {
+ char[] masterSecret = masterService.getMasterSecret();
+ Key credentialKey = ks.getKey(alias, masterSecret);
+ if (credentialKey != null) {
+ byte[] credentialBytes = credentialKey.getEncoded();
+ String credentialString = new String(credentialBytes, StandardCharsets.UTF_8);
+ credential = credentialString.toCharArray();
+ addToCache(clusterName, alias, credentialString);
+ }
+ } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
+ LOG.failedToGetCredentialForCluster(clusterName, e);
}
- } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
- LOG.failedToGetCredentialForCluster( clusterName, e );
- }
+ }
}
}
+
return credential;
}