You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/23 17:35:50 UTC
git commit: KNOX-130 added the throwing of KeystoreServiceException
to all methods in KeystoreService and the handling of the exception in the
consumers of the service.
Updated Branches:
refs/heads/master 899de15d0 -> 031d4c61f
KNOX-130 added the throwing of KeystoreServiceException to all methods in KeystoreService and the handling of the exception in the consumers of the service.
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/031d4c61
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/031d4c61
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/031d4c61
Branch: refs/heads/master
Commit: 031d4c61f5f2f69b179a66918fecab2d8ccb16d5
Parents: 899de15
Author: Larry McCay <lm...@hortonworks.com>
Authored: Mon Sep 23 11:35:33 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Mon Sep 23 11:35:33 2013 -0400
----------------------------------------------------------------------
.../apache/hadoop/gateway/GatewayMessages.java | 6 +++-
.../security/impl/DefaultAliasService.java | 29 ++++++++++++++++----
.../security/impl/DefaultCryptoService.java | 2 ++
.../security/impl/DefaultKeystoreService.java | 4 +--
.../services/security/KeystoreService.java | 14 +++++-----
.../security/impl/BaseKeystoreService.java | 8 +++++-
.../security/impl/CMFKeystoreService.java | 4 +--
7 files changed, 48 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
index 539aa8a..66bd319 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
@@ -22,6 +22,7 @@ import org.apache.hadoop.gateway.i18n.messages.Message;
import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
import org.apache.hadoop.gateway.i18n.messages.Messages;
import org.apache.hadoop.gateway.i18n.messages.StackTrace;
+import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
import java.io.File;
import java.net.URI;
@@ -276,5 +277,8 @@ public interface GatewayMessages {
void certificateValidityPeriod(Date notBefore, Date notAfter);
@Message( level = MessageLevel.ERROR, text = "Unable to retrieve certificate for Gateway: {0}." )
- void unableToRetrieveCertificateForGateway(KeyStoreException e);
+ void unableToRetrieveCertificateForGateway(Exception e);
+
+ @Message( level = MessageLevel.ERROR, text = "Failed to generate alias for cluster: {0} {1}." )
+ void failedToGenerateAliasForCluster(String clusterName, KeystoreServiceException e);
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
index 865a84a..c151c53 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.hadoop.gateway.services.security.AliasService;
import org.apache.hadoop.gateway.services.security.KeystoreService;
+import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
public class DefaultAliasService implements AliasService {
private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
@@ -66,11 +67,17 @@ public class DefaultAliasService implements AliasService {
*/
@Override
public char[] getPasswordFromAliasForCluster(String clusterName, String alias, boolean generate) {
- char[] credential = keystoreService.getCredentialForCluster(clusterName, alias);
- if (credential == null) {
- if (generate) {
- generateAliasForCluster(clusterName, alias);
+ char[] credential = null;
+ try {
+ credential = keystoreService.getCredentialForCluster(clusterName, alias);
+ if (credential == null) {
+ if (generate) {
+ generateAliasForCluster(clusterName, alias);
+ credential = keystoreService.getCredentialForCluster(clusterName, alias);
+ }
}
+ } catch (KeystoreServiceException e) {
+ LOG.failedToGetCredentialForCluster(clusterName, e);
}
return credential;
}
@@ -90,7 +97,11 @@ public class DefaultAliasService implements AliasService {
@Override
public void generateAliasForCluster(String clusterName, String alias) {
- keystoreService.getCredentialStoreForCluster(clusterName);
+ try {
+ keystoreService.getCredentialStoreForCluster(clusterName);
+ } catch (KeystoreServiceException e) {
+ LOG.failedToGenerateAliasForCluster(clusterName, e);
+ }
String passwordString = generatePassword(16);
addAliasForCluster(clusterName, alias, passwordString);
}
@@ -100,7 +111,11 @@ public class DefaultAliasService implements AliasService {
*/
@Override
public void addAliasForCluster(String clusterName, String alias, String value) {
- keystoreService.addCredentialForCluster(clusterName, alias, value);
+ try {
+ keystoreService.addCredentialForCluster(clusterName, alias, value);
+ } catch (KeystoreServiceException e) {
+ LOG.failedToAddCredentialForCluster(clusterName, e);
+ }
}
@Override
@@ -124,6 +139,8 @@ public class DefaultAliasService implements AliasService {
} catch (KeyStoreException e) {
LOG.unableToRetrieveCertificateForGateway(e);
// should we throw an exception?
+ } catch (KeystoreServiceException e) {
+ LOG.unableToRetrieveCertificateForGateway(e);
}
return cert;
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultCryptoService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultCryptoService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultCryptoService.java
index 1235e1d..56da903 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultCryptoService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultCryptoService.java
@@ -141,6 +141,8 @@ public class DefaultCryptoService implements CryptoService {
LOG.failedToVerifySignature( e );
} catch (UnsupportedEncodingException e) {
LOG.failedToVerifySignature( e );
+ } catch (KeystoreServiceException e) {
+ LOG.failedToVerifySignature( e );
}
LOG.signatureVerified( verified );
return verified;
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
index 167b8e2..c80a8aa 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
@@ -78,7 +78,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
}
@Override
- public void createKeystoreForGateway() {
+ public void createKeystoreForGateway() throws KeystoreServiceException {
String filename = keyStoreDir + GATEWAY_KEYSTORE;
createKeystore(filename, "JKS");
}
@@ -139,7 +139,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
}
@Override
- public void createCredentialStoreForCluster(String clusterName) {
+ public void createCredentialStoreForCluster(String clusterName) throws KeystoreServiceException {
String filename = keyStoreDir + clusterName + CREDENTIALS_SUFFIX;
createKeystore(filename, "JCEKS");
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/KeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/KeystoreService.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/KeystoreService.java
index 7e9dade..9dab8ed 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/KeystoreService.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/KeystoreService.java
@@ -22,24 +22,24 @@ import java.security.KeyStore;
public interface KeystoreService {
- public void createKeystoreForGateway();
+ public void createKeystoreForGateway() throws KeystoreServiceException;
- public void addSelfSignedCertForGateway(String alias, char[] passphrase);
+ public void addSelfSignedCertForGateway(String alias, char[] passphrase) throws KeystoreServiceException;
- public KeyStore getKeystoreForGateway();
+ public KeyStore getKeystoreForGateway() throws KeystoreServiceException;
public Key getKeyForGateway(String alias, char[] passphrase) throws KeystoreServiceException;
- public void createCredentialStoreForCluster(String clusterName);
+ public void createCredentialStoreForCluster(String clusterName) throws KeystoreServiceException;
public boolean isCredentialStoreForClusterAvailable(String clusterName) throws KeystoreServiceException;
public boolean isKeystoreForGatewayAvailable() throws KeystoreServiceException;
- public KeyStore getCredentialStoreForCluster(String clusterName);
+ public KeyStore getCredentialStoreForCluster(String clusterName) throws KeystoreServiceException;
- public void addCredentialForCluster(String clusterName, String alias, String key);
+ public void addCredentialForCluster(String clusterName, String alias, String key) throws KeystoreServiceException;
- public char[] getCredentialForCluster(String clusterName, String alias);
+ public char[] getCredentialForCluster(String clusterName, String alias) throws KeystoreServiceException;
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
index 3ea712f..2eafc2d 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.gateway.services.security.impl;
import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
import org.apache.hadoop.gateway.services.security.MasterService;
import sun.security.x509.*;
@@ -129,7 +130,7 @@ public class BaseKeystoreService {
return stream;
}
- protected void createKeystore(String filename, String keystoreType) {
+ protected void createKeystore(String filename, String keystoreType) throws KeystoreServiceException {
try {
FileOutputStream out = createKeyStoreFile( filename );
KeyStore ks = KeyStore.getInstance(keystoreType);
@@ -137,14 +138,19 @@ public class BaseKeystoreService {
ks.store( out, masterService.getMasterSecret() );
} catch (KeyStoreException e) {
LOG.failedToCreateKeystore( filename, keystoreType, e );
+ throw new KeystoreServiceException(e);
} catch (NoSuchAlgorithmException e) {
LOG.failedToCreateKeystore( filename, keystoreType, e );
+ throw new KeystoreServiceException(e);
} catch (CertificateException e) {
LOG.failedToCreateKeystore( filename, keystoreType, e );
+ throw new KeystoreServiceException(e);
} catch (FileNotFoundException e) {
LOG.failedToCreateKeystore( filename, keystoreType, e );
+ throw new KeystoreServiceException(e);
} catch (IOException e) {
LOG.failedToCreateKeystore( filename, keystoreType, e );
+ throw new KeystoreServiceException(e);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/031d4c61/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreService.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreService.java
index 344391e..ad9fbec 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreService.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/CMFKeystoreService.java
@@ -54,7 +54,7 @@ public class CMFKeystoreService extends BaseKeystoreService {
}
}
- public void createKeystore() {
+ public void createKeystore() throws KeystoreServiceException {
String filename = keyStoreDir + serviceName + ".jks";
createKeystore(filename, "JKS");
}
@@ -87,7 +87,7 @@ public class CMFKeystoreService extends BaseKeystoreService {
}
}
- public void createCredentialStore() {
+ public void createCredentialStore() throws KeystoreServiceException {
String filename = keyStoreDir + serviceName + CREDENTIALS_SUFFIX;
createKeystore(filename, "JCEKS");
}