From f39d59c80410a7d392c49eb31a45b9c7b14ba38e Mon Sep 17 00:00:00 2001 From: Dariusz Luksza Date: Tue, 25 Mar 2014 03:17:39 +0100 Subject: [PATCH] Add default SecureStore implementation Provides default SecureStore implementation that behave same as current internal Gerrit implementation Change-Id: Iafcc01a4a0d57b5e54e61dc8b9d270bb213fa44f Signed-off-by: Dariusz Luksza --- .../securestore/DefaultSecureStore.java | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 gerrit-server/src/main/java/com/google/gerrit/server/securestore/DefaultSecureStore.java diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/securestore/DefaultSecureStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/securestore/DefaultSecureStore.java new file mode 100644 index 0000000000..e0e8237538 --- /dev/null +++ b/gerrit-server/src/main/java/com/google/gerrit/server/securestore/DefaultSecureStore.java @@ -0,0 +1,98 @@ +// Copyright (C) 2013 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.server.securestore; + +import com.google.gerrit.common.FileUtil; +import com.google.gerrit.extensions.annotations.Export; +import com.google.gerrit.server.config.SitePaths; +import com.google.inject.Inject; +import com.google.inject.Singleton; + +import org.eclipse.jgit.internal.storage.file.LockFile; +import org.eclipse.jgit.lib.Constants; +import org.eclipse.jgit.storage.file.FileBasedConfig; +import org.eclipse.jgit.util.FS; + +import java.io.File; +import java.io.IOException; + +@Singleton +@Export(DefaultSecureStore.NAME) +public class DefaultSecureStore implements SecureStore { + public static final String NAME = "default"; + + private final FileBasedConfig sec; + + @Inject + DefaultSecureStore(SitePaths site) { + File secureConfig = new File(site.etc_dir, "secure.config"); + sec = new FileBasedConfig(secureConfig, FS.DETECTED); + try { + sec.load(); + } catch (Exception e) { + throw new RuntimeException("Cannot load secure.config", e); + } + } + + @Override + public String get(String section, String subsection, String name) { + return sec.getString(section, subsection, name); + } + + @Override + public void set(String section, String subsection, String name, String value) { + if (value != null) { + sec.setString(section, subsection, name, value); + } else { + sec.unset(section, subsection, name); + } + save(); + } + + @Override + public void unset(String section, String subsection, String name) { + sec.unset(section, subsection, name); + save(); + } + + private void save() { + try { + saveSecure(sec); + } catch (IOException e) { + throw new RuntimeException("Cannot save secure.config", e); + } + } + + private static void saveSecure(final FileBasedConfig sec) throws IOException { + if (FileUtil.modified(sec)) { + final byte[] out = Constants.encode(sec.toText()); + final File path = sec.getFile(); + final LockFile lf = new LockFile(path, FS.DETECTED); + if (!lf.lock()) { + throw new IOException("Cannot lock " + path); + } + try { + FileUtil.chmod(0600, new File(path.getParentFile(), path.getName() + + ".lock")); + lf.write(out); + if (!lf.commit()) { + throw new IOException("Cannot commit write to " + path); + } + } finally { + lf.unlock(); + } + } + } +}