Example 66 with InterProcessLock
use of org.apache.curator.framework.recipes.locks.InterProcessLock in project coprhd-controller by CoprHD.
the class DistributedKeyStoreImpl method checkKeyCertificatePair.
private KeyCertificateEntry checkKeyCertificatePair(KeyCertificateEntry entry) throws IOException, ClassNotFoundException {
InterProcessLock lock = null;
X509Certificate cert = (X509Certificate) entry.getCertificateChain()[0];
if (KeyStoreUtil.isSelfGeneratedCertificate(coordConfigStoringHelper) && !generator.isCertificateIPsCorrect(cert)) {
try {
lock = acquireKeyCertificatePairLock();
// re-read the key/cert pair after lock acquired. avoid the case another concurrent thread may have done that
entry = readKeyCertificateEntry();
if (!generator.isCertificateIPsCorrect(cert)) {
log.info("ViPR certificate is self generated and has illegal IPs. Generating a new one...");
entry = generateNewKeyCertificatePair();
}
} finally {
coordConfigStoringHelper.releaseLock(lock);
}
}
checkCertificateDateValidity(cert);
return entry;
}
Also used :
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
X509Certificate(java.security.cert.X509Certificate)
Example 67 with InterProcessLock
use of org.apache.curator.framework.recipes.locks.InterProcessLock in project coprhd-controller by CoprHD.
the class DistributedKeyStoreImpl method readKeyCertificateEntry.
private KeyCertificateEntry readKeyCertificateEntry() throws IOException, ClassNotFoundException {
KeyCertificateEntry entryToReturn = coordConfigStoringHelper.readConfig(coordConfigStoringHelper.getSiteId(), KEY_CERTIFICATE_PAIR_CONFIG_KIND, KEY_CERTIFICATE_PAIR_ID, KEY_CERTIFICATE_PAIR_KEY);
if (entryToReturn == null) {
log.info("Certificate not found from site specific area. Try global area");
entryToReturn = coordConfigStoringHelper.readConfig(KEY_CERTIFICATE_PAIR_CONFIG_KIND, KEY_CERTIFICATE_PAIR_ID, KEY_CERTIFICATE_PAIR_KEY);
if (entryToReturn != null) {
InterProcessLock lock = null;
try {
lock = acquireKeyCertificatePairLock();
// re-read from global area after acquiring the lock
entryToReturn = coordConfigStoringHelper.readConfig(KEY_CERTIFICATE_PAIR_CONFIG_KIND, KEY_CERTIFICATE_PAIR_ID, KEY_CERTIFICATE_PAIR_KEY);
if (entryToReturn != null) {
String siteId = coordConfigStoringHelper.getSiteId();
log.info("Found certificate from global area. Moving to site specific area");
coordConfigStoringHelper.createOrUpdateConfig(entryToReturn, KEY_CERTIFICATE_PAIR_LOCK, siteId, KEY_CERTIFICATE_PAIR_CONFIG_KIND, KEY_CERTIFICATE_PAIR_ID, KEY_CERTIFICATE_PAIR_KEY);
Boolean isSelfSigned = coordConfigStoringHelper.readConfig(DistributedKeyStoreImpl.KEY_CERTIFICATE_PAIR_CONFIG_KIND, DistributedKeyStoreImpl.KEY_CERTIFICATE_PAIR_ID, DistributedKeyStoreImpl.IS_SELF_GENERATED_KEY);
KeyStoreUtil.setSelfGeneratedCertificate(coordConfigStoringHelper, isSelfSigned);
coordConfigStoringHelper.removeConfig(KEY_CERTIFICATE_PAIR_LOCK, KEY_CERTIFICATE_PAIR_CONFIG_KIND, KEY_CERTIFICATE_PAIR_ID);
}
} catch (Exception ex) {
log.error("Failed to move key certificate pair to site specific area", ex);
} finally {
coordConfigStoringHelper.releaseLock(lock);
}
}
}
return entryToReturn;
}
Also used :
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
IOException(java.io.IOException)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
Example 68 with InterProcessLock
use of org.apache.curator.framework.recipes.locks.InterProcessLock in project coprhd-controller by CoprHD.
the class TrustStoreLoader method load.
public void load() {
InterProcessLock tsLock = null;
try {
/*
* the lock and version check to make sure, within one vdc only one service which uses truststore (like authsvc)
* fill up zk truststore at same time.
*/
log.info("Loading the builtin trust store ...");
tsLock = coordHelper.acquireLock(CA_CERTS_LOCK);
if (compareTrustStoreVersion()) {
// same version in zk and local
log.info("CA certs version match, no need to do anything.");
return;
}
log.info("CA certs version doesn't match, need to load root certs from file to zk.");
loadCertsFromLocalKeyStore();
addVersionInZK();
log.info("Loaded the builtin trust store successfully");
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
coordHelper.releaseLock(tsLock);
}
}
Also used :
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
Example 69 with InterProcessLock
use of org.apache.curator.framework.recipes.locks.InterProcessLock in project coprhd-controller by CoprHD.
the class InvalidLoginManager method removeInvalidRecord.
/**
* This is NOOP if the client IP is not in ZK,
* if exists, get a lock INVALID_LOGIN_CLEANER_LOCK and then remove the record
*
* @brief Remove the client IP from the invalid login records list
* @param clientIP The client IP to be removed from the invalid login records list
*/
public void removeInvalidRecord(String clientIP) {
try {
if (isClientIPExist(clientIP)) {
// zk contains the ClientIP, start removing.
InterProcessLock lock = null;
try {
lock = _coordinator.getLock(INVALID_LOGIN_CLEANER_LOCK);
lock.acquire();
_log.info("Got ZK lock to remove a record created for invalid logins from this client IP: {}", clientIP);
String zkPath = getZkPath(clientIP);
_distDataManager.removeNode(zkPath);
_log.info("Removed an invalid record entry: {}", zkPath);
} catch (Exception ex) {
_log.warn("Unexpected exception during db maintenance", ex);
} finally {
if (lock != null) {
try {
lock.release();
} catch (Exception ex) {
_log.warn("Unexpected exception unlocking the invalid login lock", ex);
}
}
}
} else {
_log.warn("Trying to remove an invalid record entry, the provided client IP is null or empty");
}
} catch (Exception ex) {
_log.error("Unexpected exception", ex);
}
}
Also used :
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
Example 70 with InterProcessLock
use of org.apache.curator.framework.recipes.locks.InterProcessLock in project coprhd-controller by CoprHD.
the class InvalidLoginManager method markErrorLogin.
/**
* The client failed to login. If an invalid login record exists for that client,
* increment the error count of that record.
* If that record does nor exists, create new entry.
*
* @brief Update the invalid login record for this client
* @param clientIP
*/
public void markErrorLogin(String clientIP) {
if (isDisabled()) {
return;
}
if (null != clientIP && !clientIP.isEmpty()) {
String zkPath = getZkPath(clientIP);
InterProcessLock lock = null;
try {
// Update the DB record. Get the lock first
lock = _coordinator.getLock(INVALID_LOGIN_CLEANER_LOCK);
lock.acquire();
_log.debug("Got a lock for updating the ZK");
InvalidLogins invLogins = (InvalidLogins) _distDataManager.getData(zkPath, false);
if (null == invLogins) {
// New entry for this invalid login
_distDataManager.createNode(zkPath, false);
invLogins = new InvalidLogins(clientIP, getCurrentTimeInMins(), 1);
_log.debug("Creating new record in the ZK for the client {}", clientIP);
} else {
invLogins.incrementErrorLoginCount();
}
// Update the last invalid login time stamp.
invLogins.setLastAccessTimeInLong(getCurrentTimeInMins());
_log.debug("Updating the record in the ZK for the client {}", clientIP);
_distDataManager.putData(zkPath, invLogins);
} catch (Exception ex) {
_log.error("Exception for the clientIP {} ", clientIP, ex);
} finally {
if (lock != null) {
try {
lock.release();
} catch (Exception ex) {
_log.error("Unexpected exception unlocking the lock for updating the ZK", ex);
}
}
}
} else {
_log.error("The provided clientIP is null or empty ");
}
return;
}
Also used :
InvalidLogins(com.emc.storageos.model.auth.InvalidLogins)
InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
Aggregations
InterProcessLock (org.apache.curator.framework.recipes.locks.InterProcessLock)98
APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)25
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)21
DeviceControllerException (com.emc.storageos.exceptions.DeviceControllerException)15
IOException (java.io.IOException)15
ControllerException (com.emc.storageos.volumecontroller.ControllerException)14
Configuration (com.emc.storageos.coordinator.common.Configuration)12
CoordinatorException (com.emc.storageos.coordinator.exceptions.CoordinatorException)12
UnknownHostException (java.net.UnknownHostException)12
Site (com.emc.storageos.coordinator.client.model.Site)11
RetryableCoordinatorException (com.emc.storageos.coordinator.exceptions.RetryableCoordinatorException)11
NetworkDeviceControllerException (com.emc.storageos.networkcontroller.exceptions.NetworkDeviceControllerException)10
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)9
ServiceError (com.emc.storageos.svcs.errorhandling.model.ServiceError)9
BiosCommandResult (com.emc.storageos.volumecontroller.impl.BiosCommandResult)9
ArrayList (java.util.ArrayList)9
POST (javax.ws.rs.POST)9
NetworkSystem (com.emc.storageos.db.client.model.NetworkSystem)8
Path (javax.ws.rs.Path)8
ConfigurationImpl (com.emc.storageos.coordinator.common.impl.ConfigurationImpl)6
