From: <go...@us...> - 2011-12-23 00:27:41
|
Revision: 12064 http://unicore.svn.sourceforge.net/unicore/?rev=12064&view=rev Author: golbi Date: 2011-12-23 00:27:34 +0000 (Fri, 23 Dec 2011) Log Message: ----------- Fixed a bug in integration of GlobusNamespacesStore implemented on top of DirectoryTAS: reloadCerts is called once per update to ensure thread safety. Modified Paths: -------------- securityFramework/authlib/trunk/TODO.txt securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java Modified: securityFramework/authlib/trunk/TODO.txt =================================================================== --- securityFramework/authlib/trunk/TODO.txt 2011-12-22 22:09:36 UTC (rev 12063) +++ securityFramework/authlib/trunk/TODO.txt 2011-12-23 00:27:34 UTC (rev 12064) @@ -1,11 +1,13 @@ Testing: -) implement NIST testsuite --) FIX ...ns.OpensslDirTest - timeouts/bugs/or bugs in code?? Implementation: -) OCSP support -) error codes: more full messages Other: +-) Fix javadocs warnings +-) Make site, fix what maven generates from javadocs -) Update and extend documentation --) Etics + packaging +-) RPM and deb packaging +-) Etics Modified: securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java =================================================================== --- securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java 2011-12-22 22:09:36 UTC (rev 12063) +++ securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java 2011-12-23 00:27:34 UTC (rev 12064) @@ -55,6 +55,7 @@ public synchronized List<NamespacePolicy> getPolicies(X500Principal subject) { DNString dn = new DNString(subject.getName()); + return policiesByName.get(dn); } Modified: securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java =================================================================== --- securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java 2011-12-22 22:09:36 UTC (rev 12063) +++ securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java 2011-12-23 00:27:34 UTC (rev 12064) @@ -15,6 +15,7 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; @@ -119,7 +120,8 @@ } /** - * For all URLs tries to load a CA cert + * For all URLs tries to load a CA cert. Information for extensions: + * this method is guaranteed to be called once per update. */ protected void reloadCerts(Collection<URL> locations) { @@ -172,8 +174,10 @@ { utils.establishWildcardsLocations(); removeStaleCas(); - reloadCerts(utils.getURLLocations()); - reloadCerts(utils.getResolvedWildcards()); + List<URL> resolvedLocations = new ArrayList<URL>(); + resolvedLocations.addAll(utils.getURLLocations()); + resolvedLocations.addAll(utils.getResolvedWildcards()); + reloadCerts(resolvedLocations); } @Override Modified: securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java =================================================================== --- securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java 2011-12-22 22:09:36 UTC (rev 12063) +++ securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java 2011-12-23 00:27:34 UTC (rev 12064) @@ -9,7 +9,6 @@ import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Collections; -import java.util.List; import junit.framework.Assert; @@ -96,7 +95,6 @@ true, false }; updateAndWait(null, PMA_NS_ACCEPTING); - //FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING); check(cert, validators, results); @@ -109,7 +107,6 @@ true, true }; updateAndWait(GLOBUS_NS_ACCEPTING, null); - //FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING); check(cert, validators, results); @@ -122,7 +119,6 @@ false, false }; updateAndWait(null, PMA_NS_REJECTING); - //FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING); check(cert, validators, results); @@ -135,7 +131,6 @@ false, false }; updateAndWait(GLOBUS_NS_REJECTING, null); - //FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING); check(cert, validators, results); @@ -148,11 +143,9 @@ false, false }; updateAndWait(GLOBUS_NS_REJECTING, PMA_NS_ACCEPTING); - //FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING); - //FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING); check(cert, validators, results); - /* + //case7: GLOBUS accepting EU is rejecting. // All having EU first should fail, all with AND too, the rest pass results = new boolean[] { @@ -161,8 +154,7 @@ false, true, true, true, true }; - FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING); - FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING); + updateAndWait(GLOBUS_NS_ACCEPTING, PMA_NS_REJECTING); check(cert, validators, results); @@ -174,8 +166,7 @@ true, true, true, true, true }; - FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING); - FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING); + updateAndWait(GLOBUS_NS_ACCEPTING, PMA_NS_ACCEPTING); check(cert, validators, results); @@ -187,10 +178,9 @@ false, false, false, false, false }; - FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING); - FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING); + updateAndWait(GLOBUS_NS_REJECTING, PMA_NS_REJECTING); check(cert, validators, results); -*/ + for (OpensslCertChainValidator v: validators) v.dispose(); @@ -216,30 +206,24 @@ for (int i=0; i<10; i++) { - System.out.println("Testing " + i + " is: " + notCounter[i]); int possible = 0; if (withGlobus[i] && globus != null) possible++; if (withEu[i] && eu != null) possible++; - possible *= 2; if (notCounter[i] < possible) { - wait(100); + wait(50); i--; } } } + Thread.sleep(100); //overkill to be 100% sure: we got notification about all policies being successfully + //reread, but those needs to be also updated (100ms for calling two setters ;-) } private void check(X509Certificate cert, OpensslCertChainValidator validators[], boolean []results) { -// try -// { -// Thread.sleep(20*DELAY); -// } catch (InterruptedException e) -// { -// } System.out.println("------\nTEST " + ++test + "\n"); for (int i=0; i<validators.length; i++) { @@ -279,15 +263,12 @@ if (!type.equals(StoreUpdateListener.EACL_NAMESPACE) && !type.equals(StoreUpdateListener.EUGRIDPMA_NAMESPACE)) return; + if (level != Severity.NOTIFICATION) System.err.println(type + " loading probelm: " + location + " " + cause); else - { - System.out.println("--->" + number + " Loading notification: " + - location); incCounter(number); - } } } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |