[ https://issues.apache.org/jira/browse/HADOOP-10224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081147#comment-14081147 ]
Alejandro Abdelnur commented on HADOOP-10224: --------------------------------------------- *JavaKeyStoreProvider.java*: * {{if ((pwFile != null)&&(pwdFile == null))}}, no need to check for pwFile not NULL here, we can be here only if it is not NULL already. I think we should go over all corner cases (even if not happening under normal circumstances). *On startup should be something like:* {code} boolean loaded = false; Path keyStorePath = .... Path newPath = constructNewPath(path); Path oldPath = constructOldPath(path); FSPermission permission = ... if (fs.exists(keyStorePath)) { if (fs.exists(newPath)) { //THROW EXCEPTION, something weird happened, admin should take care of } keyStore = loadKeyStore(path, password); if (fs.exists(oldPath)) { fs.delete(oldPath); } loaded = true; //LOG } else { if (fs.exists(newPath) || fs.exists(oldPath)) { if (fs.exists(newPath)) { try { keyStore = loadKeyStore(newPath, password); fs.rename(newPath, path); fs.delete(oldPath); loaded = true; //LOG } catch (Exception ex) { //THROW EXCEPTION if password issue, we don’t want to trash the new file because of wrong password, admin should take care } } if (!loaded) { if (fs.exists(oldPath)) { try { keyStore = loadKeyStore(oldPath, password); fs.rename(oldPath, path); loaded = true; //LOG } catch (Exception ex) { //THROW EXCEPTION if password issue, we don’t want to trash the new file because of wrong password, admin should take care } } else { //LOG } } } else { //LOG } } if (!loaded) { // creating an empty store keyStore = KeyStore.getInstance(SCHEME_NAME); OutputStream out = FileSystem.create(fs, path, permissions); keyStore.store(out, password); out.close(); //LOG } {code} *On flush code should be something like:* {code} Path keyStorePath = .... Path newPath = constructNewPath(path); Path oldPath = constructOldPath(path); FSPermission permission = ... if (fs.exists(newPath) || fs.exists(oldPath)) { //THROW EXCEPTION, something weird happened, admin should take care of } fs.rename(path, oldPath); try { OutputStream out = FileSystem.create(fs, newPath, permissions); keyStore.store(out, password); out.close(); } catch (Exception ex) { fs.rename(oldPath, path); //THROW EXCEPTION } fs.rename(newPath, path); //assert it happens else we need to revert and throw exception fs.delete(oldPath); //LOG WARN if does not happen. {code} > JavaKeyStoreProvider has to protect against corrupting underlying store > ----------------------------------------------------------------------- > > Key: HADOOP-10224 > URL: https://issues.apache.org/jira/browse/HADOOP-10224 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Larry McCay > Assignee: Arun Suresh > Attachments: HADOOP-10224.1.patch, HADOOP-10224.2.patch > > > Java keystores get corrupted at times. A key management operation that writes > the store to disk could cause a corruption and all protected data would then > be unaccessible. -- This message was sent by Atlassian JIRA (v6.2#6252)