/** Deserialize the bytes into an {@link AuthenticationKey} */
 AuthenticationKey deserializeKey(byte[] serializedKey) {
   AuthenticationKey key = new AuthenticationKey();
   try {
     key.readFields(new DataInputStream(new ByteArrayInputStream(serializedKey)));
   } catch (IOException e) {
     throw new AssertionError("Failed to read from an in-memory buffer");
   }
   return key;
 }
  /** Process the {@link WatchedEvent} for a node which represents an {@link AuthenticationKey} */
  void processChildNode(WatchedEvent event) throws KeeperException, InterruptedException {
    final String path = event.getPath();
    switch (event.getType()) {
      case NodeDeleted:
        // Key expired
        if (null == path) {
          log.error("Got null path for NodeDeleted event");
          return;
        }

        // Pull off the base ZK path and the '/' separator
        String childName = path.substring(baseNode.length() + 1);
        secretManager.removeKey(Integer.parseInt(childName));
        break;
      case None:
        // Not connected, don't care. We'll update when we're reconnected
        break;
      case NodeCreated:
        // New key created
        if (null == path) {
          log.error("Got null path for NodeCreated event");
          return;
        }
        // Get the data and reset the watcher
        AuthenticationKey key = deserializeKey(zk.getData(path, this, null));
        log.debug("Adding AuthenticationKey with keyId {}", key.getKeyId());
        secretManager.addKey(key);
        break;
      case NodeDataChanged:
        // Key changed, could happen on restart after not running Accumulo.
        if (null == path) {
          log.error("Got null path for NodeDataChanged event");
          return;
        }
        // Get the data and reset the watcher
        AuthenticationKey newKey = deserializeKey(zk.getData(path, this, null));
        // Will overwrite the old key if one exists
        secretManager.addKey(newKey);
        break;
      case NodeChildrenChanged:
        // no children for the children..
        log.warn("Unexpected NodeChildrenChanged event for authentication key node {}", path);
        break;
      default:
        log.warn("Unsupported event type: {}", event.getType());
        break;
    }
  }
Ejemplo n.º 3
0
  /**
   * Tests the key to see if it is expired or not.
   *
   * <p>If the key is expired, a call to {@link #removeExpiredKey(AuthenticationKey)} is issued, and
   * a {@link KeyNotFoundException} is thrown.
   *
   * @param authkey the key to test.
   * @throws KeyNotFoundException if the key is expired.
   * @throws KeyManagerException if there was a problem removing the key.
   */
  protected void assertNotExpired(AuthenticationKey authkey)
      throws KeyNotFoundException, KeyManagerException {
    if (authkey.getDateExpires() == null) {
      // No expiration means a permanent entry.
      return;
    }

    // Test for expiration.
    Calendar now = getNowGMT();
    Calendar expiration = getNowGMT();
    expiration.setTime(authkey.getDateExpires());

    if (now.after(expiration)) {
      deleteKey(authkey);
      throw new KeyNotFoundException("Key [" + authkey.getKey() + "] has expired.");
    }
  }
Ejemplo n.º 4
0
  public void removeExpiredKeys() throws KeyManagerException {
    List<AuthenticationKey> allKeys = getAllKeys();

    Calendar now = getNowGMT();
    Calendar expiration = getNowGMT();

    log.info("Removing expired keys.");
    for (AuthenticationKey authkey : allKeys) {
      if (authkey.getDateExpires() != null) {
        expiration.setTime(authkey.getDateExpires());

        if (now.after(expiration)) {
          deleteKey(authkey);
        }
      }
    }
    log.info("Expired keys removed.");
  }