RANGER-520: key list is retrieved before providing list of keys - to avoid stale list
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c5264171 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c5264171 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c5264171 Branch: refs/heads/ranger-0.5 Commit: c5264171128330e630e8be26ef7347b2f0fb69e8 Parents: 144c215 Author: sneethiraj <[email protected]> Authored: Mon Jun 1 16:26:52 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Jun 1 17:45:21 2015 -0400 ---------------------------------------------------------------------- .../crypto/key/RangerKeyStoreProvider.java | 25 +++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5264171/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java index 541f369..66356b2 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java @@ -93,13 +93,7 @@ public class RangerKeyStoreProvider extends KeyProvider{ // Master Key does not exists throw new IOException("Ranger MasterKey does not exists"); } - try { - loadKeys(masterKey); - } catch (NoSuchAlgorithmException e) { - throw new IOException("Can't load Keys"); - }catch(CertificateException e){ - throw new IOException("Can't load Keys"); - } + reloadKeys() ; ReadWriteLock lock = new ReentrantReadWriteLock(true); readLock = lock.readLock(); } @@ -145,6 +139,7 @@ public class RangerKeyStoreProvider extends KeyProvider{ @Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { + reloadKeys() ; if (dbStore.engineContainsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists"); } @@ -275,7 +270,8 @@ public class RangerKeyStoreProvider extends KeyProvider{ @Override public List<String> getKeys() throws IOException { ArrayList<String> list = new ArrayList<String>(); - String alias = null; + String alias = null; + reloadKeys() ; Enumeration<String> e = dbStore.engineAliases(); while (e.hasMoreElements()) { alias = e.nextElement(); @@ -289,8 +285,9 @@ public class RangerKeyStoreProvider extends KeyProvider{ @Override public Metadata getMetadata(String name) throws IOException { - readLock.lock(); try { + readLock.lock(); + reloadKeys() ; if (cache.containsKey(name)) { return cache.get(name); } @@ -345,6 +342,16 @@ public class RangerKeyStoreProvider extends KeyProvider{ } } } + + private void reloadKeys() throws IOException { + try { + loadKeys(masterKey); + } catch (NoSuchAlgorithmException e) { + throw new IOException("Can't load Keys"); + }catch(CertificateException e){ + throw new IOException("Can't load Keys"); + } + } /** * The factory to create JksProviders, which is used by the ServiceLoader.
