Menu
▾
▴
[Unicore-cvs-commits] SF.net SVN: unicore:[12064] securityFramework/authlib/trunk
|
From: <go...@us...> - 2011-12-23 00:27:41
|
Revision: 12064
http://unicore.svn.sourceforge.net/unicore/?rev=12064&view=rev
Author: golbi
Date: 2011-12-23 00:27:34 +0000 (Fri, 23 Dec 2011)
Log Message:
-----------
Fixed a bug in integration of GlobusNamespacesStore implemented on top of DirectoryTAS: reloadCerts is called once per update to ensure thread safety.
Modified Paths:
--------------
securityFramework/authlib/trunk/TODO.txt
securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java
securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java
securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java
Modified: securityFramework/authlib/trunk/TODO.txt
===================================================================
--- securityFramework/authlib/trunk/TODO.txt 2011-12-22 22:09:36 UTC (rev 12063)
+++ securityFramework/authlib/trunk/TODO.txt 2011-12-23 00:27:34 UTC (rev 12064)
@@ -1,11 +1,13 @@
Testing:
-) implement NIST testsuite
--) FIX ...ns.OpensslDirTest - timeouts/bugs/or bugs in code??
Implementation:
-) OCSP support
-) error codes: more full messages
Other:
+-) Fix javadocs warnings
+-) Make site, fix what maven generates from javadocs
-) Update and extend documentation
--) Etics + packaging
+-) RPM and deb packaging
+-) Etics
Modified: securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java
===================================================================
--- securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java 2011-12-22 22:09:36 UTC (rev 12063)
+++ securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/ns/GlobusNamespacesStore.java 2011-12-23 00:27:34 UTC (rev 12064)
@@ -55,6 +55,7 @@
public synchronized List<NamespacePolicy> getPolicies(X500Principal subject)
{
DNString dn = new DNString(subject.getName());
+
return policiesByName.get(dn);
}
Modified: securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java
===================================================================
--- securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java 2011-12-22 22:09:36 UTC (rev 12063)
+++ securityFramework/authlib/trunk/src/main/java/eu/emi/security/authn/x509/helpers/trust/DirectoryTrustAnchorStore.java 2011-12-23 00:27:34 UTC (rev 12064)
@@ -15,6 +15,7 @@
import java.security.cert.CertificateEncodingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
@@ -119,7 +120,8 @@
}
/**
- * For all URLs tries to load a CA cert
+ * For all URLs tries to load a CA cert. Information for extensions:
+ * this method is guaranteed to be called once per update.
*/
protected void reloadCerts(Collection<URL> locations)
{
@@ -172,8 +174,10 @@
{
utils.establishWildcardsLocations();
removeStaleCas();
- reloadCerts(utils.getURLLocations());
- reloadCerts(utils.getResolvedWildcards());
+ List<URL> resolvedLocations = new ArrayList<URL>();
+ resolvedLocations.addAll(utils.getURLLocations());
+ resolvedLocations.addAll(utils.getResolvedWildcards());
+ reloadCerts(resolvedLocations);
}
@Override
Modified: securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java
===================================================================
--- securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java 2011-12-22 22:09:36 UTC (rev 12063)
+++ securityFramework/authlib/trunk/src/test/java/eu/emi/security/authn/x509/ns/OpensslDirTest.java 2011-12-23 00:27:34 UTC (rev 12064)
@@ -9,7 +9,6 @@
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Collections;
-import java.util.List;
import junit.framework.Assert;
@@ -96,7 +95,6 @@
true, false
};
updateAndWait(null, PMA_NS_ACCEPTING);
- //FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING);
check(cert, validators, results);
@@ -109,7 +107,6 @@
true, true
};
updateAndWait(GLOBUS_NS_ACCEPTING, null);
- //FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING);
check(cert, validators, results);
@@ -122,7 +119,6 @@
false, false
};
updateAndWait(null, PMA_NS_REJECTING);
- //FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING);
check(cert, validators, results);
@@ -135,7 +131,6 @@
false, false
};
updateAndWait(GLOBUS_NS_REJECTING, null);
- //FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING);
check(cert, validators, results);
@@ -148,11 +143,9 @@
false, false
};
updateAndWait(GLOBUS_NS_REJECTING, PMA_NS_ACCEPTING);
- //FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING);
- //FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING);
check(cert, validators, results);
- /*
+
//case7: GLOBUS accepting EU is rejecting.
// All having EU first should fail, all with AND too, the rest pass
results = new boolean[] {
@@ -161,8 +154,7 @@
false, true, true,
true, true
};
- FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING);
- FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING);
+ updateAndWait(GLOBUS_NS_ACCEPTING, PMA_NS_REJECTING);
check(cert, validators, results);
@@ -174,8 +166,7 @@
true, true, true,
true, true
};
- FileUtils.writeStringToFile(nsFile, PMA_NS_ACCEPTING);
- FileUtils.writeStringToFile(spFile, GLOBUS_NS_ACCEPTING);
+ updateAndWait(GLOBUS_NS_ACCEPTING, PMA_NS_ACCEPTING);
check(cert, validators, results);
@@ -187,10 +178,9 @@
false, false, false,
false, false
};
- FileUtils.writeStringToFile(nsFile, PMA_NS_REJECTING);
- FileUtils.writeStringToFile(spFile, GLOBUS_NS_REJECTING);
+ updateAndWait(GLOBUS_NS_REJECTING, PMA_NS_REJECTING);
check(cert, validators, results);
-*/
+
for (OpensslCertChainValidator v: validators)
v.dispose();
@@ -216,30 +206,24 @@
for (int i=0; i<10; i++)
{
- System.out.println("Testing " + i + " is: " + notCounter[i]);
int possible = 0;
if (withGlobus[i] && globus != null)
possible++;
if (withEu[i] && eu != null)
possible++;
- possible *= 2;
if (notCounter[i] < possible)
{
- wait(100);
+ wait(50);
i--;
}
}
}
+ Thread.sleep(100); //overkill to be 100% sure: we got notification about all policies being successfully
+ //reread, but those needs to be also updated (100ms for calling two setters ;-)
}
private void check(X509Certificate cert, OpensslCertChainValidator validators[], boolean []results)
{
-// try
-// {
-// Thread.sleep(20*DELAY);
-// } catch (InterruptedException e)
-// {
-// }
System.out.println("------\nTEST " + ++test + "\n");
for (int i=0; i<validators.length; i++)
{
@@ -279,15 +263,12 @@
if (!type.equals(StoreUpdateListener.EACL_NAMESPACE) &&
!type.equals(StoreUpdateListener.EUGRIDPMA_NAMESPACE))
return;
+
if (level != Severity.NOTIFICATION)
System.err.println(type + " loading probelm: " +
location + " " + cause);
else
- {
- System.out.println("--->" + number + " Loading notification: " +
- location);
incCounter(number);
- }
}
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|