/** Deserialize the bytes into an {@link AuthenticationKey} */ AuthenticationKey deserializeKey(byte[] serializedKey) { AuthenticationKey key = new AuthenticationKey(); try { key.readFields(new DataInputStream(new ByteArrayInputStream(serializedKey))); } catch (IOException e) { throw new AssertionError("Failed to read from an in-memory buffer"); } return key; }
/** Process the {@link WatchedEvent} for a node which represents an {@link AuthenticationKey} */ void processChildNode(WatchedEvent event) throws KeeperException, InterruptedException { final String path = event.getPath(); switch (event.getType()) { case NodeDeleted: // Key expired if (null == path) { log.error("Got null path for NodeDeleted event"); return; } // Pull off the base ZK path and the '/' separator String childName = path.substring(baseNode.length() + 1); secretManager.removeKey(Integer.parseInt(childName)); break; case None: // Not connected, don't care. We'll update when we're reconnected break; case NodeCreated: // New key created if (null == path) { log.error("Got null path for NodeCreated event"); return; } // Get the data and reset the watcher AuthenticationKey key = deserializeKey(zk.getData(path, this, null)); log.debug("Adding AuthenticationKey with keyId {}", key.getKeyId()); secretManager.addKey(key); break; case NodeDataChanged: // Key changed, could happen on restart after not running Accumulo. if (null == path) { log.error("Got null path for NodeDataChanged event"); return; } // Get the data and reset the watcher AuthenticationKey newKey = deserializeKey(zk.getData(path, this, null)); // Will overwrite the old key if one exists secretManager.addKey(newKey); break; case NodeChildrenChanged: // no children for the children.. log.warn("Unexpected NodeChildrenChanged event for authentication key node {}", path); break; default: log.warn("Unsupported event type: {}", event.getType()); break; } }
/** * Tests the key to see if it is expired or not. * * <p>If the key is expired, a call to {@link #removeExpiredKey(AuthenticationKey)} is issued, and * a {@link KeyNotFoundException} is thrown. * * @param authkey the key to test. * @throws KeyNotFoundException if the key is expired. * @throws KeyManagerException if there was a problem removing the key. */ protected void assertNotExpired(AuthenticationKey authkey) throws KeyNotFoundException, KeyManagerException { if (authkey.getDateExpires() == null) { // No expiration means a permanent entry. return; } // Test for expiration. Calendar now = getNowGMT(); Calendar expiration = getNowGMT(); expiration.setTime(authkey.getDateExpires()); if (now.after(expiration)) { deleteKey(authkey); throw new KeyNotFoundException("Key [" + authkey.getKey() + "] has expired."); } }
public void removeExpiredKeys() throws KeyManagerException { List<AuthenticationKey> allKeys = getAllKeys(); Calendar now = getNowGMT(); Calendar expiration = getNowGMT(); log.info("Removing expired keys."); for (AuthenticationKey authkey : allKeys) { if (authkey.getDateExpires() != null) { expiration.setTime(authkey.getDateExpires()); if (now.after(expiration)) { deleteKey(authkey); } } } log.info("Expired keys removed."); }