public class DistributedKeyManager extends AbstractKeyManager implements ResourceListener<KeyIdentifier>
KeyManager implementation that distributes shared secret keys via ZooKeeper to all instances, so that all
distributed instances maintain the same local cache of keys. Instances of this class will perform leader election,
so that one instance functions as the "active" leader at a time. The leader is responsible for periodically
generating a new secret key (with the frequency based on the configured value for
Constants.Security#TOKEN_DIGEST_KEY_EXPIRATION. Prior keys are retained for as long as necessary to
ensure that any previously issued, non-expired tokens may be validated. Once a previously used key's age exceeds
Constants.Security#TOKEN_DIGEST_KEY_EXPIRATION plus Constants.Security#TOKEN_EXPIRATION,
the key can safely be removed.KeyManager.DigestId| Modifier and Type | Field and Description |
|---|---|
protected AtomicBoolean |
leader |
currentKey, keyAlgo, keyExpirationPeriod, keyGenerator, keyLength, threadLocalMac| Constructor and Description |
|---|
DistributedKeyManager(CConfiguration conf,
Codec<KeyIdentifier> codec,
ZKClient zookeeper) |
DistributedKeyManager(CConfiguration conf,
Codec<KeyIdentifier> codec,
ZKClient zookeeper,
List<org.apache.zookeeper.data.ACL> acls) |
| Modifier and Type | Method and Description |
|---|---|
protected void |
addKey(KeyIdentifier key)
Adds a given key instance.
|
protected void |
doInit()
Extended classes must override this method to initialize/read the key(s) used for signing tokens.
|
protected KeyIdentifier |
getKey(int id)
Returns the key instance matching a given unique ID.
|
protected boolean |
hasKey(int id)
Returns whether or not a key exists for the given unique ID.
|
void |
onError(String name,
Throwable throwable)
Invoked when an error occurs in one of the resource operations.
|
void |
onResourceDelete(String name)
Invoked when a resource is removed from the shared cache.
|
void |
onResourceUpdate(String name,
KeyIdentifier instance)
Invoked on an update to an individual resource.
|
void |
onUpdate()
Invoked when the entire set of cached resources has changed.
|
void |
shutDown() |
generateKey, generateMAC, generateMAC, generateMAC, startUp, validateMACaddListener, executor, isRunning, start, startAndWait, state, stop, stopAndWait, toStringprotected final AtomicBoolean leader
public DistributedKeyManager(CConfiguration conf, Codec<KeyIdentifier> codec, ZKClient zookeeper)
public DistributedKeyManager(CConfiguration conf, Codec<KeyIdentifier> codec, ZKClient zookeeper, List<org.apache.zookeeper.data.ACL> acls)
protected void doInit()
throws IOException
AbstractKeyManagerdoInit in class AbstractKeyManagerIOExceptionpublic void shutDown()
shutDown in class com.google.common.util.concurrent.AbstractIdleServiceprotected boolean hasKey(int id)
AbstractKeyManagerhasKey in class AbstractKeyManagerprotected KeyIdentifier getKey(int id)
AbstractKeyManagergetKey in class AbstractKeyManagerprotected void addKey(KeyIdentifier key)
AbstractKeyManageraddKey in class AbstractKeyManagerpublic void onUpdate()
ResourceListeneronUpdate in interface ResourceListener<KeyIdentifier>public void onResourceUpdate(String name, KeyIdentifier instance)
ResourceListeneronResourceUpdate in interface ResourceListener<KeyIdentifier>name - the key for the resource being updatedinstance - the resource instance which was updatedpublic void onResourceDelete(String name)
ResourceListeneronResourceDelete in interface ResourceListener<KeyIdentifier>name - the key for the resource that has been removedpublic void onError(String name, Throwable throwable)
ResourceListeneronError in interface ResourceListener<KeyIdentifier>name - the key for the resource on which the error occurredthrowable - the exception that was thrownCopyright © 2016 Cask Data, Inc. Licensed under the Apache License, Version 2.0.