commit 186ca4ac117c079aa96db91eb353080d6cea3740
author Phil Zampino <pzampino@apache.org> Wed Feb 12 18:20:58 2020 -0500
committer GitHub <noreply@github.com> Wed Feb 12 18:20:58 2020 -0500
tree d32e65baccb7a018df33d89a227ab59d22df18dd
parent 30d5cb7f719f4df7e414655cbd1233059752fce0

KNOX-2233 - DefaultKeystoreService getCredentialForCluster uses cache without synchronization (#264)

gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java

diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
index 18acc74..021fb82 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
@@ -309,25 +309,30 @@
   @Override
   public char[] getCredentialForCluster(String clusterName, String alias)
       throws KeystoreServiceException {
-    char[] credential = checkCache(clusterName, alias);
-    if (credential == null) {
-      KeyStore ks = getCredentialStoreForCluster(clusterName);
-      if (ks != null) {
-        try {
-          char[] masterSecret = masterService.getMasterSecret();
-          Key credentialKey = ks.getKey( alias, masterSecret );
-          if (credentialKey != null) {
-            byte[] credentialBytes = credentialKey.getEncoded();
-            String credentialString = new String( credentialBytes, StandardCharsets.UTF_8 );
-            credential = credentialString.toCharArray();
-            addToCache(clusterName, alias, credentialString);
-          }
-        } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
-          LOG.failedToGetCredentialForCluster( clusterName, e );
-        }
+    char[] credential;
 
+    synchronized (this) {
+      credential = checkCache(clusterName, alias);
+      if (credential == null) {
+        KeyStore ks = getCredentialStoreForCluster(clusterName);
+        if (ks != null) {
+          try {
+            char[] masterSecret = masterService.getMasterSecret();
+            Key credentialKey = ks.getKey(alias, masterSecret);
+            if (credentialKey != null) {
+              byte[] credentialBytes = credentialKey.getEncoded();
+              String credentialString = new String(credentialBytes, StandardCharsets.UTF_8);
+              credential = credentialString.toCharArray();
+              addToCache(clusterName, alias, credentialString);
+            }
+          } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
+            LOG.failedToGetCredentialForCluster(clusterName, e);
+          }
+
+        }
       }
     }
+
     return credential;
   }