KNOX-2233 - DefaultKeystoreService getCredentialForCluster uses cache without synchronization (#264)
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
index 18acc74..021fb82 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
@@ -309,25 +309,30 @@
@Override
public char[] getCredentialForCluster(String clusterName, String alias)
throws KeystoreServiceException {
- char[] credential = checkCache(clusterName, alias);
- if (credential == null) {
- KeyStore ks = getCredentialStoreForCluster(clusterName);
- if (ks != null) {
- try {
- char[] masterSecret = masterService.getMasterSecret();
- Key credentialKey = ks.getKey( alias, masterSecret );
- if (credentialKey != null) {
- byte[] credentialBytes = credentialKey.getEncoded();
- String credentialString = new String( credentialBytes, StandardCharsets.UTF_8 );
- credential = credentialString.toCharArray();
- addToCache(clusterName, alias, credentialString);
- }
- } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
- LOG.failedToGetCredentialForCluster( clusterName, e );
- }
+ char[] credential;
+ synchronized (this) {
+ credential = checkCache(clusterName, alias);
+ if (credential == null) {
+ KeyStore ks = getCredentialStoreForCluster(clusterName);
+ if (ks != null) {
+ try {
+ char[] masterSecret = masterService.getMasterSecret();
+ Key credentialKey = ks.getKey(alias, masterSecret);
+ if (credentialKey != null) {
+ byte[] credentialBytes = credentialKey.getEncoded();
+ String credentialString = new String(credentialBytes, StandardCharsets.UTF_8);
+ credential = credentialString.toCharArray();
+ addToCache(clusterName, alias, credentialString);
+ }
+ } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
+ LOG.failedToGetCredentialForCluster(clusterName, e);
+ }
+
+ }
}
}
+
return credential;
}