risdenk commented on a change in pull request #243: KNOX-2200 -
DefaultKeystoreService can lose entries under concurrent access
URL: https://github.com/apache/knox/pull/243#discussion_r371409049
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -286,18 +287,21 @@ public KeyStore getCredentialStoreForCluster(String
clusterName)
@Override
public void addCredentialForCluster(String clusterName, String alias, String
value)
throws KeystoreServiceException {
- removeFromCache(clusterName, alias);
- KeyStore ks = getCredentialStoreForCluster(clusterName);
- if (ks != null) {
- try {
- final Key key = new
SecretKeySpec(value.getBytes(StandardCharsets.UTF_8), "AES");
- ks.setKeyEntry(alias, key, masterService.getMasterSecret(), null);
-
- final Path keyStoreFilePath = keyStoreDirPath.resolve(clusterName +
CREDENTIALS_SUFFIX);
- writeKeyStoreToFile(ks, keyStoreFilePath,
masterService.getMasterSecret());
- addToCache(clusterName, alias, value);
- } catch (KeyStoreException | IOException | CertificateException |
NoSuchAlgorithmException e) {
- LOG.failedToAddCredentialForCluster(clusterName, e);
+ // Needed to prevent read then write synchronization issue where alias is
not added
+ synchronized (this) {
Review comment:
Changes the method signature. There isn't necessarily a need to synchronize
the public method. This only comes up because we read the keystore then write
to it. Other implementations can just add (ie: if this was a map we could
update in place)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
