synchronized void rollCurrentKey() { if (!leaderElector.isMaster()) { LOG.info("Skipping rollCurrentKey() because not running as master."); return; } long now = EnvironmentEdgeManager.currentTime(); AuthenticationKey prev = currentKey; AuthenticationKey newKey = new AuthenticationKey( ++idSeq, Long.MAX_VALUE, // don't allow to expire until it's replaced by a new key generateSecret()); allKeys.put(newKey.getKeyId(), newKey); currentKey = newKey; zkWatcher.addKeyToZK(newKey); lastKeyUpdate = now; if (prev != null) { // make sure previous key is still stored prev.setExpiration(now + tokenMaxLifetime); allKeys.put(prev.getKeyId(), prev); zkWatcher.updateKeyInZK(prev); } }
@Override protected byte[] createPassword(AuthenticationTokenIdentifier identifier) { long now = EnvironmentEdgeManager.currentTime(); AuthenticationKey secretKey = currentKey; identifier.setKeyId(secretKey.getKeyId()); identifier.setIssueDate(now); identifier.setExpirationDate(now + tokenMaxLifetime); identifier.setSequenceNumber(tokenSeq.getAndIncrement()); return createPassword(identifier.getBytes(), secretKey.getKey()); }
@Override public boolean equals(Object obj) { if (obj == null || !(obj instanceof AuthenticationKey)) { return false; } AuthenticationKey other = (AuthenticationKey) obj; return id == other.getKeyId() && expirationDate == other.getExpiration() && (secret == null ? other.getKey() == null : other.getKey() != null && Bytes.equals(secret.getEncoded(), other.getKey().getEncoded())); }
@Override public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws InvalidToken { long now = EnvironmentEdgeManager.currentTime(); if (identifier.getExpirationDate() < now) { throw new InvalidToken("Token has expired"); } AuthenticationKey masterKey = allKeys.get(identifier.getKeyId()); if (masterKey == null) { throw new InvalidToken("Unknown master key for token (id=" + identifier.getKeyId() + ")"); } // regenerate the password return createPassword(identifier.getBytes(), masterKey.getKey()); }
synchronized void removeExpiredKeys() { if (!leaderElector.isMaster()) { LOG.info("Skipping removeExpiredKeys() because not running as master."); return; } long now = EnvironmentEdgeManager.currentTime(); Iterator<AuthenticationKey> iter = allKeys.values().iterator(); while (iter.hasNext()) { AuthenticationKey key = iter.next(); if (key.getExpiration() < now) { if (LOG.isDebugEnabled()) { LOG.debug("Removing expired key " + key.getKeyId()); } iter.remove(); zkWatcher.removeKeyFromZK(key); } } }
public synchronized void addKey(AuthenticationKey key) throws IOException { // ignore zk changes when running as master if (leaderElector.isMaster()) { if (LOG.isDebugEnabled()) { LOG.debug("Running as master, ignoring new key " + key.getKeyId()); } return; } if (LOG.isDebugEnabled()) { LOG.debug("Adding key " + key.getKeyId()); } allKeys.put(key.getKeyId(), key); if (currentKey == null || key.getKeyId() > currentKey.getKeyId()) { currentKey = key; } // update current sequence if (key.getKeyId() > idSeq) { idSeq = key.getKeyId(); } }