/** Deserialize the bytes into an {@link AuthenticationKey} */
AuthenticationKey deserializeKey(byte[] serializedKey) {
AuthenticationKey key = new AuthenticationKey();
try {
key.readFields(new DataInputStream(new ByteArrayInputStream(serializedKey)));
} catch (IOException e) {
throw new AssertionError("Failed to read from an in-memory buffer");
}
return key;
}
/** Process the {@link WatchedEvent} for a node which represents an {@link AuthenticationKey} */
void processChildNode(WatchedEvent event) throws KeeperException, InterruptedException {
final String path = event.getPath();
switch (event.getType()) {
case NodeDeleted:
// Key expired
if (null == path) {
log.error("Got null path for NodeDeleted event");
return;
}
// Pull off the base ZK path and the '/' separator
String childName = path.substring(baseNode.length() + 1);
secretManager.removeKey(Integer.parseInt(childName));
break;
case None:
// Not connected, don't care. We'll update when we're reconnected
break;
case NodeCreated:
// New key created
if (null == path) {
log.error("Got null path for NodeCreated event");
return;
}
// Get the data and reset the watcher
AuthenticationKey key = deserializeKey(zk.getData(path, this, null));
log.debug("Adding AuthenticationKey with keyId {}", key.getKeyId());
secretManager.addKey(key);
break;
case NodeDataChanged:
// Key changed, could happen on restart after not running Accumulo.
if (null == path) {
log.error("Got null path for NodeDataChanged event");
return;
}
// Get the data and reset the watcher
AuthenticationKey newKey = deserializeKey(zk.getData(path, this, null));
// Will overwrite the old key if one exists
secretManager.addKey(newKey);
break;
case NodeChildrenChanged:
// no children for the children..
log.warn("Unexpected NodeChildrenChanged event for authentication key node {}", path);
break;
default:
log.warn("Unsupported event type: {}", event.getType());
break;
}
}
/**
* Tests the key to see if it is expired or not.
*
* <p>If the key is expired, a call to {@link #removeExpiredKey(AuthenticationKey)} is issued, and
* a {@link KeyNotFoundException} is thrown.
*
* @param authkey the key to test.
* @throws KeyNotFoundException if the key is expired.
* @throws KeyManagerException if there was a problem removing the key.
*/
protected void assertNotExpired(AuthenticationKey authkey)
throws KeyNotFoundException, KeyManagerException {
if (authkey.getDateExpires() == null) {
// No expiration means a permanent entry.
return;
}
// Test for expiration.
Calendar now = getNowGMT();
Calendar expiration = getNowGMT();
expiration.setTime(authkey.getDateExpires());
if (now.after(expiration)) {
deleteKey(authkey);
throw new KeyNotFoundException("Key [" + authkey.getKey() + "] has expired.");
}
}
public void removeExpiredKeys() throws KeyManagerException {
List<AuthenticationKey> allKeys = getAllKeys();
Calendar now = getNowGMT();
Calendar expiration = getNowGMT();
log.info("Removing expired keys.");
for (AuthenticationKey authkey : allKeys) {
if (authkey.getDateExpires() != null) {
expiration.setTime(authkey.getDateExpires());
if (now.after(expiration)) {
deleteKey(authkey);
}
}
}
log.info("Expired keys removed.");
}
