예제 #1
0
  public NavigableMap<Number640, Data> removeReturnData(
      Number640 from, Number640 to, PublicKey publicKey) {
    RangeLock<Number640>.Range lock = rangeLock.lock(from, to);
    try {
      Map<Number640, Data> tmp = backend.subMap(from, to);
      NavigableMap<Number640, Data> result = new TreeMap<Number640, Data>();

      for (Number640 key : tmp.keySet()) {
        // fail fast, as soon as we want to remove 1 domain that we
        // cannot, abort
        if (!canClaimDomain(key.locationAndDomainKey(), publicKey)) {
          result.put(key, null);
        } else if (!canClaimEntry(key.locationAndDomainAndContentKey(), publicKey)) {
          result.put(key, null);
        } else {
          Data toRemove = backend.get(key);
          if (toRemove != null
              && (toRemove.publicKey() == null || toRemove.publicKey().equals(publicKey))) {
            backend.removeTimeout(key);
            Data removed = backend.remove(key, true);
            result.put(key, removed);
          }
        }
      }
      return result;
    } finally {
      lock.unlock();
    }
  }
예제 #2
0
  public Enum<?> putConfirm(PublicKey publicKey, Number640 key, Data newData) {
    RangeLock<Number640>.Range lock = lock(key);
    try {
      if (!securityEntryCheck(
          key.locationAndDomainAndContentKey(),
          publicKey,
          newData.publicKey(),
          newData.isProtectedEntry())) {
        return PutStatus.FAILED_SECURITY;
      }

      final Data data = backend.get(key);
      if (data != null) {
        // remove prepare flag
        data.prepareFlag(false);

        data.validFromMillis(newData.validFromMillis());
        data.ttlSeconds(newData.ttlSeconds());

        long expiration = data.expirationMillis();
        // handle timeout
        backend.addTimeout(key, expiration);
        backend.put(key, data);
        // don't release data as we just update
        return PutStatus.OK;
      } else {
        return PutStatus.NOT_FOUND;
      }
    } finally {
      newData.release();
      lock.unlock();
    }
    // TODO: check for FORKS!
  }
예제 #3
0
 @Test
 public void testGetBucketEmptyFields() {
   BucketInfo remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields());
   assertEquals(BUCKET, remoteBucket.name());
   assertNull(remoteBucket.createTime());
   assertNull(remoteBucket.selfLink());
 }
예제 #4
0
 @Test
 public void testGetBucketSelectedFields() {
   BucketInfo remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID));
   assertEquals(BUCKET, remoteBucket.name());
   assertNull(remoteBucket.createTime());
   assertNotNull(remoteBucket.id());
 }
  /**
   * Add member to a group, once id and security checks have been cleared.
   *
   * @param azGroup
   */
  protected void addMemberToGroup(AuthzGroup azGroup, String userId, String roleId, int maxSize)
      throws GroupFullException {
    // update the properties (sets last modified time and modified-by)
    addLiveUpdateProperties((BaseAuthzGroup) azGroup);

    // add user to the azGroup
    m_storage.addNewUser(azGroup, userId, roleId, maxSize);

    // track it
    String event = ((BaseAuthzGroup) azGroup).getEvent();
    if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
    eventTrackingService()
        .post(eventTrackingService().newEvent(event, azGroup.getReference(), true));

    // close the azGroup object
    ((BaseAuthzGroup) azGroup).closeEdit();

    // update the db with latest provider, and site security with the latest changes, using the
    // updated azGroup
    BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
    updateSiteSecurity(updatedRealm);

    // clear the event for next time
    ((BaseAuthzGroup) azGroup).setEvent(null);
  }
  /** {@inheritDoc} */
  public void removeAuthzGroup(String azGroupId) throws AuthzPermissionException {
    if (azGroupId == null) return;

    // check for existance
    AuthzGroup azGroup = m_storage.get(azGroupId);
    if (azGroup == null) {
      return;
    }

    // check security (throws if not permitted)
    unlock(SECURE_REMOVE_AUTHZ_GROUP, authzGroupReference(azGroupId));

    // complete the azGroup
    m_storage.remove(azGroup);

    // track it
    eventTrackingService()
        .post(
            eventTrackingService()
                .newEvent(SECURE_REMOVE_AUTHZ_GROUP, azGroup.getReference(), true));

    // close the azGroup object
    ((BaseAuthzGroup) azGroup).closeEdit();

    // clear any site security based on this (if a site) azGroup
    removeSiteSecurity(azGroup);
  }
예제 #7
0
 private Data getInternal(Number640 key) {
   Data data = backend.get(key);
   if (data != null && !data.hasPrepareFlag()) {
     return data;
   } else {
     return null;
   }
 }
예제 #8
0
    public AliasEdit get(String id) {
      AliasEdit rv = (AliasEdit) super.getResource(id);

      // if not, check old
      if (m_checkOld && (rv == null)) {
        rv = m_oldStorage.get(id);
      }
      return rv;
    }
예제 #9
0
 @Test
 public void testGetBlobEmptySelectedFields() {
   String blobName = "test-get-empty-selected-fields-blob";
   BlobInfo blob = BlobInfo.builder(BUCKET, blobName).contentType(CONTENT_TYPE).build();
   assertNotNull(storage.create(blob));
   BlobInfo remoteBlob = storage.get(blob.blobId(), Storage.BlobGetOption.fields());
   assertEquals(blob.blobId(), remoteBlob.blobId());
   assertNull(remoteBlob.contentType());
   assertTrue(storage.delete(BUCKET, blobName));
 }
예제 #10
0
 @Test
 public void testGetBlobsFail() {
   String sourceBlobName1 = "test-get-blobs-fail-1";
   String sourceBlobName2 = "test-get-blobs-fail-2";
   BlobInfo sourceBlob1 = BlobInfo.builder(BUCKET, sourceBlobName1).build();
   BlobInfo sourceBlob2 = BlobInfo.builder(BUCKET, sourceBlobName2).build();
   assertNotNull(storage.create(sourceBlob1));
   List<BlobInfo> remoteBlobs = storage.get(sourceBlob1.blobId(), sourceBlob2.blobId());
   assertEquals(sourceBlob1.blobId(), remoteBlobs.get(0).blobId());
   assertNull(remoteBlobs.get(1));
   assertTrue(storage.delete(BUCKET, sourceBlobName1));
 }
 @Override
 public Storage copy(Storage storage) {
   if (!(storage instanceof Storage.MapStorage))
     throw new UnsupportedOperationException(storage.getClass().getName());
   Iterator<String> keys = ((Storage.MapStorage) storage).getKeys();
   Storage.MapStorage copy = new Storage.MapStorage();
   while (keys.hasNext()) {
     String key = keys.next();
     copy.put(key, storage.get(key));
   }
   return copy;
 }
  /** {@inheritDoc} */
  public AuthzGroup getAuthzGroup(String id) throws GroupNotDefinedException {
    // Note: since this is a "read" operations, we do NOT refresh (i.e. write) the provider info.
    if (id == null) throw new GroupNotDefinedException("<null>");

    AuthzGroup azGroup = m_storage.get(id);

    // if not found
    if (azGroup == null) {
      throw new GroupNotDefinedException(id);
    }

    return azGroup;
  }
예제 #13
0
파일: OCPAgent.java 프로젝트: ccbon/ocp
 public Content get(Address address) throws Exception {
   // do I have this value on myself ?
   Content result = storage.get(address);
   if (result == null) {
     if (isResponsible(address)) {
       // JLG.debug("address not found on " + id + " : " + address);
       return null;
     } else {
       result = getClient().getFromAddress(address);
     }
   }
   return result;
 }
예제 #14
0
 @Test
 public void testPostSignedUrl() throws IOException {
   String blobName = "test-post-signed-url-blob";
   BlobInfo blob = BlobInfo.builder(BUCKET, blobName).build();
   assertNotNull(storage.create(blob));
   URL url =
       storage.signUrl(blob, 1, TimeUnit.HOURS, Storage.SignUrlOption.httpMethod(HttpMethod.POST));
   URLConnection connection = url.openConnection();
   connection.setDoOutput(true);
   connection.connect();
   BlobInfo remoteBlob = storage.get(BUCKET, blobName);
   assertNotNull(remoteBlob);
   assertEquals(blob.blobId(), remoteBlob.blobId());
   assertTrue(storage.delete(BUCKET, blobName));
 }
예제 #15
0
 @Test
 public void testGetBlobSelectedFields() {
   String blobName = "test-get-selected-fields-blob";
   BlobInfo blob =
       BlobInfo.builder(BUCKET, blobName)
           .contentType(CONTENT_TYPE)
           .metadata(ImmutableMap.of("k", "v"))
           .build();
   assertNotNull(storage.create(blob));
   BlobInfo remoteBlob =
       storage.get(blob.blobId(), Storage.BlobGetOption.fields(BlobField.METADATA));
   assertEquals(blob.blobId(), remoteBlob.blobId());
   assertEquals(ImmutableMap.of("k", "v"), remoteBlob.metadata());
   assertNull(remoteBlob.contentType());
   assertTrue(storage.delete(BUCKET, blobName));
 }
  /** {@inheritDoc} */
  public boolean allowJoinGroup(String authzGroupId) {
    String user = sessionManager().getCurrentSessionUserId();
    if (user == null) return false;

    // check security (throws if not permitted)
    if (!unlockCheck(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId)) return false;

    // get the AuthzGroup
    AuthzGroup azGroup = m_storage.get(authzGroupId);
    if (azGroup == null) return false;

    // If already a member and inactive, disallow join
    BaseMember grant = (BaseMember) azGroup.getMember(user);

    if ((grant != null) && (!grant.active)) return false;

    return true;
  }
예제 #17
0
  public Enum<?> updateMeta(PublicKey publicKey, Number640 key, Data newData) {
    RangeLock<Number640>.Range lock = lock(key);
    try {
      if (!securityEntryCheck(
          key.locationAndDomainAndContentKey(),
          publicKey,
          newData.publicKey(),
          newData.isProtectedEntry())) {
        return PutStatus.FAILED_SECURITY;
      }

      final Data data = backend.get(key);
      boolean changed = false;
      if (data != null && newData.publicKey() != null) {
        data.publicKey(newData.publicKey());
        changed = true;
      }
      if (data != null && newData.isSigned()) {
        data.signature(newData.signature());
        changed = true;
      }
      if (data != null) {
        data.validFromMillis(newData.validFromMillis());
        data.ttlSeconds(newData.ttlSeconds());
        changed = true;
      }
      if (changed) {
        long expiration = data.expirationMillis();
        // handle timeout
        backend.addTimeout(key, expiration);
        // no release of old data, as we just update it
        backend.put(key, data);
        return PutStatus.OK;
      } else {
        return PutStatus.NOT_FOUND;
      }
    } finally {
      newData.release();
      lock.unlock();
    }
  }
  /** {@inheritDoc} */
  public void unjoinGroup(String authzGroupId)
      throws GroupNotDefinedException, AuthzPermissionException {
    String user = sessionManager().getCurrentSessionUserId();
    if (user == null)
      throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);

    // check security (throws if not permitted)
    unlock(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);

    // get the AuthzGroup
    AuthzGroup azGroup = m_storage.get(authzGroupId);
    if (azGroup == null) {
      throw new GroupNotDefinedException(authzGroupId);
    }

    // if not joined (no grant), we are done
    BaseMember grant = (BaseMember) azGroup.getMember(user);
    if (grant == null) {
      return;
    }

    // if the user currently is the only maintain role user, disallow the unjoin
    if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
      Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
      if (maintainers.size() <= 1) {
        throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
      }
    }

    // if the grant is provided, disallow the unjoin. There would be no point in
    // allowing the user to unjoin, since the user will rejoin the realm the next
    // time it is updated or he/she logs in.

    if (grant.isProvided()) {
      throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);
    }

    ((BaseAuthzGroup) azGroup).setEvent(SECURE_UPDATE_OWN_AUTHZ_GROUP);

    removeMemberFromGroup(azGroup, user);
  }
  /**
   * Add member to a group, once id and security checks have been cleared.
   *
   * @param azGroup
   */
  protected void removeMemberFromGroup(AuthzGroup azGroup, String userId) {
    // update the properties (sets last modified time and modified-by)
    addLiveUpdateProperties((BaseAuthzGroup) azGroup);

    // remove user from the azGroup
    m_storage.removeUser(azGroup, userId);

    // track it
    String event = ((BaseAuthzGroup) azGroup).getEvent();
    if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
    eventTrackingService()
        .post(eventTrackingService().newEvent(event, azGroup.getReference(), true));

    // close the azGroup object
    ((BaseAuthzGroup) azGroup).closeEdit();

    // update the db with latest provider, and site security with the latest changes, using the
    // updated azGroup
    BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
    updateSiteSecurity(updatedRealm);

    // clear the event for next time
    ((BaseAuthzGroup) azGroup).setEvent(null);
  }
  /**
   * Complete the saving of the group, once id and security checks have been cleared.
   *
   * @param azGroup
   */
  protected void completeSave(AuthzGroup azGroup) {
    // update the properties
    addLiveUpdateProperties((BaseAuthzGroup) azGroup);

    // complete the azGroup
    m_storage.save(azGroup);

    // track it
    String event = ((BaseAuthzGroup) azGroup).getEvent();
    if (event == null) event = SECURE_UPDATE_AUTHZ_GROUP;
    eventTrackingService()
        .post(eventTrackingService().newEvent(event, azGroup.getReference(), true));

    // close the azGroup object
    ((BaseAuthzGroup) azGroup).closeEdit();

    // update the db with latest provider, and site security with the latest changes, using the
    // updated azGroup
    BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId());
    updateSiteSecurity(updatedRealm);

    // clear the event for next time
    ((BaseAuthzGroup) azGroup).setEvent(null);
  }
  /** {@inheritDoc} */
  public boolean allowUnjoinGroup(String authzGroupId) {
    String user = sessionManager().getCurrentSessionUserId();
    if (user == null) {
      return false;
    }

    // check security (throws if not permitted)
    if (!unlockCheck(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId)) return false;

    // get the azGroup
    AuthzGroup azGroup = m_storage.get(authzGroupId);
    if (azGroup == null) {
      return false;
    }

    // if not joined (no grant), unable to unjoin
    BaseMember grant = (BaseMember) azGroup.getMember(user);
    if (grant == null) {
      return false;
    }

    // if the grant is provider, unable to unjoin
    else if (grant.isProvided()) {
      return false;
    }

    // if the user currently is the only maintain role user, disallow the unjoin
    if (grant.getRole().getId().equals(azGroup.getMaintainRole())) {
      Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole());
      if (maintainers.size() <= 1) {
        return false;
      }
    }

    return true;
  }
  /** {@inheritDoc} */
  public void joinGroup(String authzGroupId, String roleId, int maxSize)
      throws GroupNotDefinedException, AuthzPermissionException, GroupFullException {
    String user = sessionManager().getCurrentSessionUserId();
    if (user == null)
      throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);

    // check security (throws if not permitted)
    unlock(SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);

    // get the AuthzGroup
    AuthzGroup azGroup = m_storage.get(authzGroupId);
    if (azGroup == null) {
      throw new GroupNotDefinedException(authzGroupId);
    }

    // check that the role exists
    Role role = azGroup.getRole(roleId);
    if (role == null) {
      throw new GroupNotDefinedException(roleId);
    }

    ((BaseAuthzGroup) azGroup).setEvent(SECURE_UPDATE_OWN_AUTHZ_GROUP);

    // see if already a member
    BaseMember grant = (BaseMember) azGroup.getMember(user);

    if (grant == null) addMemberToGroup(azGroup, user, roleId, maxSize);
    else
    // if inactive, deny permission to join
    if (!grant.active)
      throw new AuthzPermissionException(user, SECURE_UPDATE_OWN_AUTHZ_GROUP, authzGroupId);

    // If the user is already in the group and active, or is already in the group and active but
    // with a different role, no action will be taken

  }
예제 #23
0
  /** @inheritDoc */
  protected BaseDigest findDigest(String id) {
    BaseDigest digest = (BaseDigest) m_storage.get(id);

    return digest;
  }
예제 #24
0
  public Map<Number640, Enum<?>> putAll(
      final NavigableMap<Number640, Data> dataMap,
      PublicKey publicKey,
      boolean putIfAbsent,
      boolean domainProtection,
      boolean sendSelf) {
    if (dataMap.isEmpty()) {
      return Collections.emptyMap();
    }
    final Number640 min = dataMap.firstKey();
    final Number640 max = dataMap.lastKey();
    final Map<Number640, Enum<?>> retVal = new HashMap<Number640, Enum<?>>();
    final HashSet<Number480> keysToCheck = new HashSet<Number480>();
    final RangeLock<Number640>.Range lock = lock(min, max);
    try {
      for (Map.Entry<Number640, Data> entry : dataMap.entrySet()) {
        Number640 key = entry.getKey();
        keysToCheck.add(key.locationAndDomainAndContentKey());
        Data newData = entry.getValue();
        if (!securityDomainCheck(
            key.locationAndDomainKey(), publicKey, publicKey, domainProtection)) {
          retVal.put(key, PutStatus.FAILED_SECURITY);
          newData.release();
          continue;
        }

        // We need this check in case we did not use the encoder/decoder,
        // which is the case if we send the message to ourself. In that
        // case, the public key of the data is never set to the message
        // publick key, if the publick key of the data was null.
        final PublicKey dataKey;
        if (sendSelf && newData.publicKey() == null) {
          dataKey = publicKey;
        } else {
          dataKey = newData.publicKey();
        }

        if (!securityEntryCheck(
            key.locationAndDomainAndContentKey(), publicKey, dataKey, newData.isProtectedEntry())) {
          retVal.put(key, PutStatus.FAILED_SECURITY);
          newData.release();
          continue;
        }

        final Data oldDataGet = backend.get(key);
        if (oldDataGet != null) {
          if (putIfAbsent) {
            retVal.put(key, PutStatus.FAILED_NOT_ABSENT);
            newData.release();
            continue;
          }

          if (oldDataGet.isDeleted()) {
            retVal.put(key, PutStatus.DELETED);
            newData.release();
            continue;
          }
          if (!oldDataGet.basedOnSet().equals(newData.basedOnSet())) {
            retVal.put(key, PutStatus.VERSION_FORK);
            newData.release();
            continue;
          }
        }

        final Data oldDataPut = backend.put(key, newData);

        long expiration = newData.expirationMillis();
        // handle timeout
        backend.addTimeout(key, expiration);

        if (newData.hasPrepareFlag()) {
          retVal.put(key, PutStatus.OK_PREPARED);
        } else {
          retVal.put(key, PutStatus.OK);
        }
        if (oldDataPut != null && oldDataPut != newData) {
          oldDataPut.release();
        }
      }

      for (Number480 key : keysToCheck) {

        // now check for forks
        Number640 minVersion = new Number640(key, Number160.ZERO);
        Number640 maxVersion = new Number640(key, Number160.MAX_VALUE);
        NavigableMap<Number640, Data> tmp = backend.subMap(minVersion, maxVersion);
        tmp = filterCopyOrig(tmp, -1, true);
        NavigableMap<Number640, Data> heads = getLatestInternalOrig(tmp);

        final boolean forked = heads.size() > 1;
        for (final Map.Entry<Number640, Data> entry : heads.entrySet()) {
          if (forked) {
            if (retVal.containsKey(entry.getKey())) {
              retVal.put(entry.getKey(), PutStatus.VERSION_FORK);
            }
          }
        }

        // now remove old versions
        if (maxVersions > 0) {
          NavigableMap<Number640, Data> versions = backend.subMap(minVersion, maxVersion);

          while (!versions.isEmpty()
              && versions.firstKey().versionKey().timestamp() + maxVersions
                  <= versions.lastKey().versionKey().timestamp()) {
            Map.Entry<Number640, Data> entry = versions.pollFirstEntry();
            Data removed = backend.remove(entry.getKey(), true);
            if (removed != null) {
              removed.release();
            }
            backend.removeTimeout(entry.getKey());
          }
        }
      }
      return retVal;

    } finally {
      lock.unlock();
    }
  }