[
https://issues.apache.org/jira/browse/HADOOP-10224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081147#comment-14081147
]
Alejandro Abdelnur commented on HADOOP-10224:
---------------------------------------------
*JavaKeyStoreProvider.java*:
* {{if ((pwFile != null)&&(pwdFile == null))}}, no need to check for pwFile not
NULL here, we can be here only if it is not NULL already.
I think we should go over all corner cases (even if not happening under normal
circumstances).
*On startup should be something like:*
{code}
boolean loaded = false;
Path keyStorePath = ....
Path newPath = constructNewPath(path);
Path oldPath = constructOldPath(path);
FSPermission permission = ...
if (fs.exists(keyStorePath)) {
if (fs.exists(newPath)) {
//THROW EXCEPTION, something weird happened, admin should take care of
}
keyStore = loadKeyStore(path, password);
if (fs.exists(oldPath)) {
fs.delete(oldPath);
}
loaded = true;
//LOG
} else {
if (fs.exists(newPath) || fs.exists(oldPath)) {
if (fs.exists(newPath)) {
try {
keyStore = loadKeyStore(newPath, password);
fs.rename(newPath, path);
fs.delete(oldPath);
loaded = true;
//LOG
} catch (Exception ex) {
//THROW EXCEPTION if password issue, we don’t want to trash the new
file because of wrong password, admin should take care
}
}
if (!loaded) {
if (fs.exists(oldPath)) {
try {
keyStore = loadKeyStore(oldPath, password);
fs.rename(oldPath, path);
loaded = true;
//LOG
} catch (Exception ex) {
//THROW EXCEPTION if password issue, we don’t want to trash the new
file because of wrong password, admin should take care
}
} else {
//LOG
}
}
} else {
//LOG
}
}
if (!loaded) {
// creating an empty store
keyStore = KeyStore.getInstance(SCHEME_NAME);
OutputStream out = FileSystem.create(fs, path, permissions);
keyStore.store(out, password);
out.close();
//LOG
}
{code}
*On flush code should be something like:*
{code}
Path keyStorePath = ....
Path newPath = constructNewPath(path);
Path oldPath = constructOldPath(path);
FSPermission permission = ...
if (fs.exists(newPath) || fs.exists(oldPath)) {
//THROW EXCEPTION, something weird happened, admin should take care of
}
fs.rename(path, oldPath);
try {
OutputStream out = FileSystem.create(fs, newPath, permissions);
keyStore.store(out, password);
out.close();
} catch (Exception ex) {
fs.rename(oldPath, path);
//THROW EXCEPTION
}
fs.rename(newPath, path); //assert it happens else we need to revert and
throw exception
fs.delete(oldPath); //LOG WARN if does not happen.
{code}
> JavaKeyStoreProvider has to protect against corrupting underlying store
> -----------------------------------------------------------------------
>
> Key: HADOOP-10224
> URL: https://issues.apache.org/jira/browse/HADOOP-10224
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Larry McCay
> Assignee: Arun Suresh
> Attachments: HADOOP-10224.1.patch, HADOOP-10224.2.patch
>
>
> Java keystores get corrupted at times. A key management operation that writes
> the store to disk could cause a corruption and all protected data would then
> be unaccessible.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
