public NavigableMap<Number640, Data> removeReturnData(
Number640 from, Number640 to, PublicKey publicKey) {
RangeLock<Number640>.Range lock = rangeLock.lock(from, to);
try {
Map<Number640, Data> tmp = backend.subMap(from, to);
NavigableMap<Number640, Data> result = new TreeMap<Number640, Data>();
for (Number640 key : tmp.keySet()) {
// fail fast, as soon as we want to remove 1 domain that we
// cannot, abort
if (!canClaimDomain(key.locationAndDomainKey(), publicKey)) {
result.put(key, null);
} else if (!canClaimEntry(key.locationAndDomainAndContentKey(), publicKey)) {
result.put(key, null);
} else {
Data toRemove = backend.get(key);
if (toRemove != null
&& (toRemove.publicKey() == null || toRemove.publicKey().equals(publicKey))) {
backend.removeTimeout(key);
Data removed = backend.remove(key, true);
result.put(key, removed);
}
}
}
return result;
} finally {
lock.unlock();
}
}
public Enum<?> putConfirm(PublicKey publicKey, Number640 key, Data newData) {
RangeLock<Number640>.Range lock = lock(key);
try {
if (!securityEntryCheck(
key.locationAndDomainAndContentKey(),
publicKey,
newData.publicKey(),
newData.isProtectedEntry())) {
return PutStatus.FAILED_SECURITY;
}
final Data data = backend.get(key);
if (data != null) {
// remove prepare flag
data.prepareFlag(false);
data.validFromMillis(newData.validFromMillis());
data.ttlSeconds(newData.ttlSeconds());
long expiration = data.expirationMillis();
// handle timeout
backend.addTimeout(key, expiration);
backend.put(key, data);
// don't release data as we just update
return PutStatus.OK;
} else {
return PutStatus.NOT_FOUND;
}
} finally {
newData.release();
lock.unlock();
}
// TODO: check for FORKS!
}
@Test
public void testGetBucketEmptyFields() {
BucketInfo remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields());
assertEquals(BUCKET, remoteBucket.name());
assertNull(remoteBucket.createTime());
assertNull(remoteBucket.selfLink());
}
@Test
public void testGetBucketSelectedFields() {
BucketInfo remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID));
assertEquals(BUCKET, remoteBucket.name());
assertNull(remoteBucket.createTime());
assertNotNull(remoteBucket.id());
}
/**
* Add member to a group, once id and security checks have been cleared.
*
* @param azGroup
*/
protected void addMemberToGroup(AuthzGroup azGroup, String userId, String roleId, int maxSize)
throws GroupFullException {
// update the properties (sets last modified time and modified-by)
addLiveUpdateProperties((BaseAuthzGroup) azGroup);
// add user to the azGroup
m_storage.addNewUser(azGroup, userId, roleId, maxSize);
// track it
String event = ((BaseAuthzGroup) azGroup).getEvent();
if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
eventTrackingService()
.post(eventTrackingService().newEvent(event, azGroup.getReference(), true));
// close the azGroup object
((BaseAuthzGroup) azGroup).closeEdit();
// update the db with latest provider, and site security with the latest changes, using the
// updated azGroup
BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
updateSiteSecurity(updatedRealm);
// clear the event for next time
((BaseAuthzGroup) azGroup).setEvent(null);
}
/** {@inheritDoc} */
public void removeAuthzGroup(String azGroupId) throws AuthzPermissionException {
if (azGroupId == null) return;
// check for existance
AuthzGroup azGroup = m_storage.get(azGroupId);
if (azGroup == null) {
return;
}
// check security (throws if not permitted)
unlock(SECURE_REMOVE_AUTHZ_GROUP, authzGroupReference(azGroupId));
// complete the azGroup
m_storage.remove(azGroup);
// track it
eventTrackingService()
.post(
eventTrackingService()
.newEvent(SECURE_REMOVE_AUTHZ_GROUP, azGroup.getReference(), true));
// close the azGroup object
((BaseAuthzGroup) azGroup).closeEdit();
// clear any site security based on this (if a site) azGroup
removeSiteSecurity(azGroup);
}
private Data getInternal(Number640 key) {
Data data = backend.get(key);
if (data != null && !data.hasPrepareFlag()) {
return data;
} else {
return null;
}
}
public AliasEdit get(String id) {
AliasEdit rv = (AliasEdit) super.getResource(id);
// if not, check old
if (m_checkOld && (rv == null)) {
rv = m_oldStorage.get(id);
}
return rv;
}
@Test
public void testGetBlobEmptySelectedFields() {
String blobName = "test-get-empty-selected-fields-blob";
BlobInfo blob = BlobInfo.builder(BUCKET, blobName).contentType(CONTENT_TYPE).build();
assertNotNull(storage.create(blob));
BlobInfo remoteBlob = storage.get(blob.blobId(), Storage.BlobGetOption.fields());
assertEquals(blob.blobId(), remoteBlob.blobId());
assertNull(remoteBlob.contentType());
assertTrue(storage.delete(BUCKET, blobName));
}
@Test
public void testGetBlobsFail() {
String sourceBlobName1 = "test-get-blobs-fail-1";
String sourceBlobName2 = "test-get-blobs-fail-2";
BlobInfo sourceBlob1 = BlobInfo.builder(BUCKET, sourceBlobName1).build();
BlobInfo sourceBlob2 = BlobInfo.builder(BUCKET, sourceBlobName2).build();
assertNotNull(storage.create(sourceBlob1));
List<BlobInfo> remoteBlobs = storage.get(sourceBlob1.blobId(), sourceBlob2.blobId());
assertEquals(sourceBlob1.blobId(), remoteBlobs.get(0).blobId());
assertNull(remoteBlobs.get(1));
assertTrue(storage.delete(BUCKET, sourceBlobName1));
}
@Override
public Storage copy(Storage storage) {
if (!(storage instanceof Storage.MapStorage))
throw new UnsupportedOperationException(storage.getClass().getName());
Iterator<String> keys = ((Storage.MapStorage) storage).getKeys();
Storage.MapStorage copy = new Storage.MapStorage();
while (keys.hasNext()) {
String key = keys.next();
copy.put(key, storage.get(key));
}
return copy;
}
/** {@inheritDoc} */
public AuthzGroup getAuthzGroup(String id) throws GroupNotDefinedException {
// Note: since this is a "read" operations, we do NOT refresh (i.e. write) the provider info.
if (id == null) throw new GroupNotDefinedException("<null>");
AuthzGroup azGroup = m_storage.get(id);
// if not found
if (azGroup == null) {
throw new GroupNotDefinedException(id);
}
return azGroup;
}
public Content get(Address address) throws Exception {
// do I have this value on myself ?
Content result = storage.get(address);
if (result == null) {
if (isResponsible(address)) {
// JLG.debug("address not found on " + id + " : " + address);
return null;
} else {
result = getClient().getFromAddress(address);
}
}
return result;
}
@Test
public void testPostSignedUrl() throws IOException {
String blobName = "test-post-signed-url-blob";
BlobInfo blob = BlobInfo.builder(BUCKET, blobName).build();
assertNotNull(storage.create(blob));
URL url =
storage.signUrl(blob, 1, TimeUnit.HOURS, Storage.SignUrlOption.httpMethod(HttpMethod.POST));
URLConnection connection = url.openConnection();
connection.setDoOutput(true);
connection.connect();
BlobInfo remoteBlob = storage.get(BUCKET, blobName);
assertNotNull(remoteBlob);
assertEquals(blob.blobId(), remoteBlob.blobId());
assertTrue(storage.delete(BUCKET, blobName));
}
@Test
public void testGetBlobSelectedFields() {
String blobName = "test-get-selected-fields-blob";
BlobInfo blob =
BlobInfo.builder(BUCKET, blobName)
.contentType(CONTENT_TYPE)
.metadata(ImmutableMap.of("k", "v"))
.build();
assertNotNull(storage.create(blob));
BlobInfo remoteBlob =
storage.get(blob.blobId(), Storage.BlobGetOption.fields(BlobField.METADATA));
assertEquals(blob.blobId(), remoteBlob.blobId());
assertEquals(ImmutableMap.of("k", "v"), remoteBlob.metadata());
assertNull(remoteBlob.contentType());
assertTrue(storage.delete(BUCKET, blobName));
}
/** {@inheritDoc} */
public boolean allowJoinGroup(String authzGroupId) {
String user = sessionManager().getCurrentSessionUserId();
if (user == null) return false;
// check security (throws if not permitted)
if (!unlockCheck(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId)) return false;
// get the AuthzGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) return false;
// If already a member and inactive, disallow join
BaseMember grant = (BaseMember) azGroup.getMember(user);
if ((grant != null) && (!grant.active)) return false;
return true;
}
public Enum<?> updateMeta(PublicKey publicKey, Number640 key, Data newData) {
RangeLock<Number640>.Range lock = lock(key);
try {
if (!securityEntryCheck(
key.locationAndDomainAndContentKey(),
publicKey,
newData.publicKey(),
newData.isProtectedEntry())) {
return PutStatus.FAILED_SECURITY;
}
final Data data = backend.get(key);
boolean changed = false;
if (data != null && newData.publicKey() != null) {
data.publicKey(newData.publicKey());
changed = true;
}
if (data != null && newData.isSigned()) {
data.signature(newData.signature());
changed = true;
}
if (data != null) {
data.validFromMillis(newData.validFromMillis());
data.ttlSeconds(newData.ttlSeconds());
changed = true;
}
if (changed) {
long expiration = data.expirationMillis();
// handle timeout
backend.addTimeout(key, expiration);
// no release of old data, as we just update it
backend.put(key, data);
return PutStatus.OK;
} else {
return PutStatus.NOT_FOUND;
}
} finally {
newData.release();
lock.unlock();
}
}
/** {@inheritDoc} */
public void unjoinGroup(String authzGroupId)
throws GroupNotDefinedException, AuthzPermissionException {
String user = sessionManager().getCurrentSessionUserId();
if (user == null)
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// check security (throws if not permitted)
unlock(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// get the AuthzGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) {
throw new GroupNotDefinedException(authzGroupId);
}
// if not joined (no grant), we are done
BaseMember grant = (BaseMember) azGroup.getMember(user);
if (grant == null) {
return;
}
// if the user currently is the only maintain role user, disallow the unjoin
if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
if (maintainers.size() <= 1) {
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
}
}
// if the grant is provided, disallow the unjoin. There would be no point in
// allowing the user to unjoin, since the user will rejoin the realm the next
// time it is updated or he/she logs in.
if (grant.isProvided()) {
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
}
((BaseAuthzGroup) azGroup).setEvent(SECURE_UPDATE_OWN_AUTHZ_GROUP);
removeMemberFromGroup(azGroup, user);
}
/**
* Add member to a group, once id and security checks have been cleared.
*
* @param azGroup
*/
protected void removeMemberFromGroup(AuthzGroup azGroup, String userId) {
// update the properties (sets last modified time and modified-by)
addLiveUpdateProperties((BaseAuthzGroup) azGroup);
// remove user from the azGroup
m_storage.removeUser(azGroup, userId);
// track it
String event = ((BaseAuthzGroup) azGroup).getEvent();
if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
eventTrackingService()
.post(eventTrackingService().newEvent(event, azGroup.getReference(), true));
// close the azGroup object
((BaseAuthzGroup) azGroup).closeEdit();
// update the db with latest provider, and site security with the latest changes, using the
// updated azGroup
BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
updateSiteSecurity(updatedRealm);
// clear the event for next time
((BaseAuthzGroup) azGroup).setEvent(null);
}
/**
* Complete the saving of the group, once id and security checks have been cleared.
*
* @param azGroup
*/
protected void completeSave(AuthzGroup azGroup) {
// update the properties
addLiveUpdateProperties((BaseAuthzGroup) azGroup);
// complete the azGroup
m_storage.save(azGroup);
// track it
String event = ((BaseAuthzGroup) azGroup).getEvent();
if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
eventTrackingService()
.post(eventTrackingService().newEvent(event, azGroup.getReference(), true));
// close the azGroup object
((BaseAuthzGroup) azGroup).closeEdit();
// update the db with latest provider, and site security with the latest changes, using the
// updated azGroup
BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
updateSiteSecurity(updatedRealm);
// clear the event for next time
((BaseAuthzGroup) azGroup).setEvent(null);
}
/** {@inheritDoc} */
public boolean allowUnjoinGroup(String authzGroupId) {
String user = sessionManager().getCurrentSessionUserId();
if (user == null) {
return false;
}
// check security (throws if not permitted)
if (!unlockCheck(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId)) return false;
// get the azGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) {
return false;
}
// if not joined (no grant), unable to unjoin
BaseMember grant = (BaseMember) azGroup.getMember(user);
if (grant == null) {
return false;
}
// if the grant is provider, unable to unjoin
else if (grant.isProvided()) {
return false;
}
// if the user currently is the only maintain role user, disallow the unjoin
if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
if (maintainers.size() <= 1) {
return false;
}
}
return true;
}
/** {@inheritDoc} */
public void joinGroup(String authzGroupId, String roleId, int maxSize)
throws GroupNotDefinedException, AuthzPermissionException, GroupFullException {
String user = sessionManager().getCurrentSessionUserId();
if (user == null)
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// check security (throws if not permitted)
unlock(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// get the AuthzGroup
AuthzGroup azGroup = m_storage.get(authzGroupId);
if (azGroup == null) {
throw new GroupNotDefinedException(authzGroupId);
}
// check that the role exists
Role role = azGroup.getRole(roleId);
if (role == null) {
throw new GroupNotDefinedException(roleId);
}
((BaseAuthzGroup) azGroup).setEvent(SECURE_UPDATE_OWN_AUTHZ_GROUP);
// see if already a member
BaseMember grant = (BaseMember) azGroup.getMember(user);
if (grant == null) addMemberToGroup(azGroup, user, roleId, maxSize);
else
// if inactive, deny permission to join
if (!grant.active)
throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
// If the user is already in the group and active, or is already in the group and active but
// with a different role, no action will be taken
}
/** @inheritDoc */
protected BaseDigest findDigest(String id) {
BaseDigest digest = (BaseDigest) m_storage.get(id);
return digest;
}
public Map<Number640, Enum<?>> putAll(
final NavigableMap<Number640, Data> dataMap,
PublicKey publicKey,
boolean putIfAbsent,
boolean domainProtection,
boolean sendSelf) {
if (dataMap.isEmpty()) {
return Collections.emptyMap();
}
final Number640 min = dataMap.firstKey();
final Number640 max = dataMap.lastKey();
final Map<Number640, Enum<?>> retVal = new HashMap<Number640, Enum<?>>();
final HashSet<Number480> keysToCheck = new HashSet<Number480>();
final RangeLock<Number640>.Range lock = lock(min, max);
try {
for (Map.Entry<Number640, Data> entry : dataMap.entrySet()) {
Number640 key = entry.getKey();
keysToCheck.add(key.locationAndDomainAndContentKey());
Data newData = entry.getValue();
if (!securityDomainCheck(
key.locationAndDomainKey(), publicKey, publicKey, domainProtection)) {
retVal.put(key, PutStatus.FAILED_SECURITY);
newData.release();
continue;
}
// We need this check in case we did not use the encoder/decoder,
// which is the case if we send the message to ourself. In that
// case, the public key of the data is never set to the message
// publick key, if the publick key of the data was null.
final PublicKey dataKey;
if (sendSelf && newData.publicKey() == null) {
dataKey = publicKey;
} else {
dataKey = newData.publicKey();
}
if (!securityEntryCheck(
key.locationAndDomainAndContentKey(), publicKey, dataKey, newData.isProtectedEntry())) {
retVal.put(key, PutStatus.FAILED_SECURITY);
newData.release();
continue;
}
final Data oldDataGet = backend.get(key);
if (oldDataGet != null) {
if (putIfAbsent) {
retVal.put(key, PutStatus.FAILED_NOT_ABSENT);
newData.release();
continue;
}
if (oldDataGet.isDeleted()) {
retVal.put(key, PutStatus.DELETED);
newData.release();
continue;
}
if (!oldDataGet.basedOnSet().equals(newData.basedOnSet())) {
retVal.put(key, PutStatus.VERSION_FORK);
newData.release();
continue;
}
}
final Data oldDataPut = backend.put(key, newData);
long expiration = newData.expirationMillis();
// handle timeout
backend.addTimeout(key, expiration);
if (newData.hasPrepareFlag()) {
retVal.put(key, PutStatus.OK_PREPARED);
} else {
retVal.put(key, PutStatus.OK);
}
if (oldDataPut != null && oldDataPut != newData) {
oldDataPut.release();
}
}
for (Number480 key : keysToCheck) {
// now check for forks
Number640 minVersion = new Number640(key, Number160.ZERO);
Number640 maxVersion = new Number640(key, Number160.MAX_VALUE);
NavigableMap<Number640, Data> tmp = backend.subMap(minVersion, maxVersion);
tmp = filterCopyOrig(tmp, -1, true);
NavigableMap<Number640, Data> heads = getLatestInternalOrig(tmp);
final boolean forked = heads.size() > 1;
for (final Map.Entry<Number640, Data> entry : heads.entrySet()) {
if (forked) {
if (retVal.containsKey(entry.getKey())) {
retVal.put(entry.getKey(), PutStatus.VERSION_FORK);
}
}
}
// now remove old versions
if (maxVersions > 0) {
NavigableMap<Number640, Data> versions = backend.subMap(minVersion, maxVersion);
while (!versions.isEmpty()
&& versions.firstKey().versionKey().timestamp() + maxVersions
<= versions.lastKey().versionKey().timestamp()) {
Map.Entry<Number640, Data> entry = versions.pollFirstEntry();
Data removed = backend.remove(entry.getKey(), true);
if (removed != null) {
removed.release();
}
backend.removeTimeout(entry.getKey());
}
}
}
return retVal;
} finally {
lock.unlock();
}
}
