diff options
Diffstat (limited to 'java/com/google/gerrit/sshd/SshKeyCacheImpl.java')
-rw-r--r-- | java/com/google/gerrit/sshd/SshKeyCacheImpl.java | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/java/com/google/gerrit/sshd/SshKeyCacheImpl.java b/java/com/google/gerrit/sshd/SshKeyCacheImpl.java new file mode 100644 index 0000000000..fb0b8f6f15 --- /dev/null +++ b/java/com/google/gerrit/sshd/SshKeyCacheImpl.java @@ -0,0 +1,153 @@ +// Copyright (C) 2009 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.sshd; + +import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME; + +import com.google.common.cache.CacheLoader; +import com.google.common.cache.LoadingCache; +import com.google.common.flogger.FluentLogger; +import com.google.gerrit.server.account.AccountSshKey; +import com.google.gerrit.server.account.VersionedAuthorizedKeys; +import com.google.gerrit.server.account.externalids.ExternalId; +import com.google.gerrit.server.account.externalids.ExternalIds; +import com.google.gerrit.server.cache.CacheModule; +import com.google.gerrit.server.logging.TraceContext; +import com.google.gerrit.server.logging.TraceContext.TraceTimer; +import com.google.gerrit.server.ssh.SshKeyCache; +import com.google.gerrit.server.ssh.SshKeyCreator; +import com.google.inject.Inject; +import com.google.inject.Module; +import com.google.inject.Singleton; +import com.google.inject.TypeLiteral; +import com.google.inject.name.Named; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Optional; +import java.util.concurrent.ExecutionException; +import org.eclipse.jgit.errors.ConfigInvalidException; + +/** Provides the {@link SshKeyCacheEntry}. */ +@Singleton +public class SshKeyCacheImpl implements SshKeyCache { + private static final FluentLogger logger = FluentLogger.forEnclosingClass(); + + private static final String CACHE_NAME = "sshkeys"; + + static final Iterable<SshKeyCacheEntry> NO_SUCH_USER = none(); + static final Iterable<SshKeyCacheEntry> NO_KEYS = none(); + + public static Module module() { + return new CacheModule() { + @Override + protected void configure() { + cache(CACHE_NAME, String.class, new TypeLiteral<Iterable<SshKeyCacheEntry>>() {}) + .loader(Loader.class); + bind(SshKeyCacheImpl.class); + bind(SshKeyCache.class).to(SshKeyCacheImpl.class); + bind(SshKeyCreator.class).to(SshKeyCreatorImpl.class); + } + }; + } + + private static Iterable<SshKeyCacheEntry> none() { + return Collections.unmodifiableCollection(Arrays.asList(new SshKeyCacheEntry[0])); + } + + private final LoadingCache<String, Iterable<SshKeyCacheEntry>> cache; + + @Inject + SshKeyCacheImpl(@Named(CACHE_NAME) LoadingCache<String, Iterable<SshKeyCacheEntry>> cache) { + this.cache = cache; + } + + Iterable<SshKeyCacheEntry> get(String username) { + try { + return cache.get(username); + } catch (ExecutionException e) { + logger.atWarning().withCause(e).log("Cannot load SSH keys for %s", username); + return Collections.emptyList(); + } + } + + @Override + public void evict(String username) { + if (username != null) { + logger.atFine().log("Evict SSH key for username %s", username); + cache.invalidate(username); + } + } + + static class Loader extends CacheLoader<String, Iterable<SshKeyCacheEntry>> { + private final ExternalIds externalIds; + private final VersionedAuthorizedKeys.Accessor authorizedKeys; + + @Inject + Loader(ExternalIds externalIds, VersionedAuthorizedKeys.Accessor authorizedKeys) { + this.externalIds = externalIds; + this.authorizedKeys = authorizedKeys; + } + + @Override + public Iterable<SshKeyCacheEntry> load(String username) throws Exception { + try (TraceTimer timer = + TraceContext.newTimer("Loading SSH keys for account with username %s", username)) { + Optional<ExternalId> user = + externalIds.get(ExternalId.Key.create(SCHEME_USERNAME, username)); + if (!user.isPresent()) { + return NO_SUCH_USER; + } + + List<SshKeyCacheEntry> kl = new ArrayList<>(4); + for (AccountSshKey k : authorizedKeys.getKeys(user.get().accountId())) { + if (k.valid()) { + add(kl, k); + } + } + + if (kl.isEmpty()) { + return NO_KEYS; + } + return Collections.unmodifiableList(kl); + } + } + + private void add(List<SshKeyCacheEntry> kl, AccountSshKey k) { + try { + kl.add(new SshKeyCacheEntry(k.accountId(), SshUtil.parse(k))); + } catch (OutOfMemoryError e) { + // This is the only case where we assume the problem has nothing + // to do with the key object, and instead we must abort this load. + // + throw e; + } catch (Throwable e) { + markInvalid(k); + } + } + + private void markInvalid(AccountSshKey k) { + try { + logger.atInfo().log("Flagging SSH key %d of account %s invalid", k.seq(), k.accountId()); + authorizedKeys.markKeyInvalid(k.accountId(), k.seq()); + } catch (IOException | ConfigInvalidException e) { + logger.atSevere().withCause(e).log( + "Failed to mark SSH key %d of account %s invalid", k.seq(), k.accountId()); + } + } + } +} |