opendev/gerrit
Code Issues Proposed changes

Dissolve gerrit-server top-level directory

Browse Source 
Change-Id: I538512dfe0f1bea774c01fdd45fa410a45634011
This commit is contained in:
David Ostrovsky
2017-09-21 08:37:42 +02:00
committed by Dave Borowitz
parent 472396c797
commit 376a7bbb64
1549 changed files with 342 additions and 335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
java/com/google/gerrit/server/securestore/DefaultSecureStore.java Normal file
View File

@@ -0,0 +1,152 @@
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.securestore;
import com.google.gerrit.common.FileUtil;
import com.google.gerrit.server.config.SitePaths;
import com.google.inject.Inject;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.internal.storage.file.LockFile;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.storage.file.FileBasedConfig;
import org.eclipse.jgit.util.FS;
@Singleton
public class DefaultSecureStore extends SecureStore {
private final FileBasedConfig sec;
private final Map<String, FileBasedConfig> pluginSec;
private final SitePaths site;
@Inject
DefaultSecureStore(SitePaths site) {
this.site = site;
sec = new FileBasedConfig(site.secure_config.toFile(), FS.DETECTED);
try {
sec.load();
} catch (IOException | ConfigInvalidException e) {
throw new RuntimeException("Cannot load secure.config", e);
}
this.pluginSec = new HashMap<>();
}
@Override
public String[] getList(String section, String subsection, String name) {
return sec.getStringList(section, subsection, name);
}
@Override
public synchronized String[] getListForPlugin(
String pluginName, String section, String subsection, String name) {
FileBasedConfig cfg = null;
if (pluginSec.containsKey(pluginName)) {
cfg = pluginSec.get(pluginName);
} else {
String filename = pluginName + ".secure.config";
File pluginConfigFile = site.etc_dir.resolve(filename).toFile();
if (pluginConfigFile.exists()) {
cfg = new FileBasedConfig(pluginConfigFile, FS.DETECTED);
try {
cfg.load();
pluginSec.put(pluginName, cfg);
} catch (IOException | ConfigInvalidException e) {
throw new RuntimeException("Cannot load " + filename, e);
}
}
}
return cfg != null ? cfg.getStringList(section, subsection, name) : null;
}
@Override
public void setList(String section, String subsection, String name, List<String> values) {
if (values != null) {
sec.setStringList(section, subsection, name, values);
} else {
sec.unset(section, subsection, name);
}
save();
}
@Override
public void unset(String section, String subsection, String name) {
sec.unset(section, subsection, name);
save();
}
@Override
public Iterable<EntryKey> list() {
List<EntryKey> result = new ArrayList<>();
for (String section : sec.getSections()) {
for (String subsection : sec.getSubsections(section)) {
for (String name : sec.getNames(section, subsection)) {
result.add(new EntryKey(section, subsection, name));
}
}
for (String name : sec.getNames(section)) {
result.add(new EntryKey(section, null, name));
}
}
return result;
}
@Override
public boolean isOutdated() {
return sec.isOutdated();
}
@Override
public void reload() {
try {
sec.load();
} catch (IOException | ConfigInvalidException e) {
throw new ProvisionException("Couldn't reload secure.config", e);
}
}
private void save() {
try {
saveSecure(sec);
} catch (IOException e) {
throw new RuntimeException("Cannot save secure.config", e);
}
}
private static void saveSecure(FileBasedConfig sec) throws IOException {
if (FileUtil.modified(sec)) {
final byte[] out = Constants.encode(sec.toText());
final File path = sec.getFile();
final LockFile lf = new LockFile(path);
if (!lf.lock()) {
throw new IOException("Cannot lock " + path);
}
try {
FileUtil.chmod(0600, new File(path.getParentFile(), path.getName() + ".lock"));
lf.write(out);
if (!lf.commit()) {
throw new IOException("Cannot commit write to " + path);
}
} finally {
lf.unlock();
}
}
}
}

159
java/com/google/gerrit/server/securestore/SecureStore.java Normal file
View File

@@ -0,0 +1,159 @@
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.securestore;
import com.google.common.collect.Lists;
import java.util.List;
/**
* Abstract class for providing new SecureStore implementation for Gerrit.
*
* <p>SecureStore is responsible for storing sensitive data like passwords in a secure manner.
*
* <p>It is implementator's responsibility to encrypt and store values.
*
* <p>To deploy new SecureStore one needs to provide a jar file with explicitly one class that
* extends {@code SecureStore} and put it in Gerrit server. Then run:
*
* <p>`java -jar gerrit.war SwitchSecureStore -d $gerrit_site --new-secure-store-lib
* $path_to_new_secure_store.jar`
*
* <p>on stopped Gerrit instance.
*/
public abstract class SecureStore {
/** Describes {@link SecureStore} entry */
public static class EntryKey {
public final String name;
public final String section;
public final String subsection;
/**
* Creates EntryKey.
*
* @param section
* @param subsection
* @param name
*/
public EntryKey(String section, String subsection, String name) {
this.name = name;
this.section = section;
this.subsection = subsection;
}
}
/**
* Extract decrypted value of stored property from SecureStore or {@code null} when property was
* not found.
*
* @param section
* @param subsection
* @param name
* @return decrypted String value or {@code null} if not found
*/
public final String get(String section, String subsection, String name) {
String[] values = getList(section, subsection, name);
if (values != null && values.length > 0) {
return values[0];
}
return null;
}
/**
* Extract decrypted value of stored plugin config property from SecureStore or {@code null} when
* property was not found.
*
* @param pluginName
* @param section
* @param subsection
* @param name
* @return decrypted String value or {@code null} if not found
*/
public final String getForPlugin(
String pluginName, String section, String subsection, String name) {
String[] values = getListForPlugin(pluginName, section, subsection, name);
if (values != null && values.length > 0) {
return values[0];
}
return null;
}
/**
* Extract list of plugin config values from SecureStore and decrypt every value in that list, or
* {@code null} when property was not found.
*
* @param pluginName
* @param section
* @param subsection
* @param name
* @return decrypted list of string values or {@code null}
*/
public abstract String[] getListForPlugin(
String pluginName, String section, String subsection, String name);
/**
* Extract list of values from SecureStore and decrypt every value in that list or {@code null}
* when property was not found.
*
* @param section
* @param subsection
* @param name
* @return decrypted list of string values or {@code null}
*/
public abstract String[] getList(String section, String subsection, String name);
/**
* Store single value in SecureStore.
*
* <p>This method is responsible for encrypting value and storing it.
*
* @param section
* @param subsection
* @param name
* @param value plain text value
*/
public final void set(String section, String subsection, String name, String value) {
setList(section, subsection, name, Lists.newArrayList(value));
}
/**
* Store list of values in SecureStore.
*
* <p>This method is responsible for encrypting all values in the list and storing them.
*
* @param section
* @param subsection
* @param name
* @param values list of plain text values
*/
public abstract void setList(String section, String subsection, String name, List<String> values);
/**
* Remove value for given {@code section}, {@code subsection} and {@code name} from SecureStore.
*
* @param section
* @param subsection
* @param name
*/
public abstract void unset(String section, String subsection, String name);
/** @return list of stored entries. */
public abstract Iterable<EntryKey> list();
/** @return <code>true</code> if currently loaded values are outdated */
public abstract boolean isOutdated();
/** Reload the values */
public abstract void reload();
}

10
java/com/google/gerrit/server/securestore/SecureStoreClassName.java Normal file
View File

@@ -0,0 +1,10 @@
package com.google.gerrit.server.securestore;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import com.google.inject.BindingAnnotation;
import java.lang.annotation.Retention;
@Retention(RUNTIME)
@BindingAnnotation
public @interface SecureStoreClassName {}

65
java/com/google/gerrit/server/securestore/SecureStoreProvider.java Normal file
View File

@@ -0,0 +1,65 @@
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.securestore;
import com.google.common.base.Strings;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.SiteLibraryLoaderUtil;
import com.google.gerrit.server.config.SitePaths;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.nio.file.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Singleton
public class SecureStoreProvider implements Provider<SecureStore> {
private static final Logger log = LoggerFactory.getLogger(SecureStoreProvider.class);
private final Path libdir;
private final Injector injector;
private final String className;
@Inject
protected SecureStoreProvider(
Injector injector, SitePaths sitePaths, @Nullable @SecureStoreClassName String className) {
this.injector = injector;
this.libdir = sitePaths.lib_dir;
this.className = className;
}
@Override
public synchronized SecureStore get() {
return injector.getInstance(getSecureStoreImpl());
}
@SuppressWarnings("unchecked")
private Class<? extends SecureStore> getSecureStoreImpl() {
if (Strings.isNullOrEmpty(className)) {
return DefaultSecureStore.class;
}
SiteLibraryLoaderUtil.loadSiteLib(libdir);
try {
return (Class<? extends SecureStore>) Class.forName(className);
} catch (ClassNotFoundException e) {
String msg = String.format("Cannot load secure store class: %s", className);
log.error(msg, e);
throw new RuntimeException(msg, e);
}
}
}