53
53
* SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
54
54
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
55
55
* BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
56
* THE REGENTSā DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
56
* THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
57
57
* OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
58
58
* WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
59
59
* ANY SUCH LICENSES OR RIGHTS.
64
64
* Author: Sunil Soman sunils@cs.ucsb.edu
67
import edu.ucsb.eucalyptus.cloud.*;
68
import edu.ucsb.eucalyptus.cloud.entities.*;
69
import edu.ucsb.eucalyptus.msgs.*;
70
import edu.ucsb.eucalyptus.storage.StorageManager;
71
import edu.ucsb.eucalyptus.util.*;
72
import org.apache.log4j.Logger;
73
import org.apache.tools.ant.util.DateUtils;
74
import org.jboss.netty.channel.Channel;
75
import org.jboss.netty.channel.ChannelFuture;
76
import org.jboss.netty.channel.ChannelFutureListener;
77
import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
78
import org.jboss.netty.handler.codec.http.HttpHeaders;
79
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
80
import org.jboss.netty.handler.codec.http.HttpVersion;
81
import org.jboss.netty.handler.stream.ChunkedFile;
82
import org.jboss.netty.handler.stream.ChunkedInput;
84
import com.eucalyptus.auth.Authentication;
85
import com.eucalyptus.auth.NoSuchUserException;
86
import com.eucalyptus.auth.SystemCredentialProvider;
87
import com.eucalyptus.auth.Users;
88
import com.eucalyptus.auth.X509Cert;
89
import com.eucalyptus.auth.principal.User;
90
import com.eucalyptus.auth.util.EucaKeyStore;
91
import com.eucalyptus.auth.util.Hashes;
92
import com.eucalyptus.bootstrap.Component;
93
import com.eucalyptus.entities.EntityWrapper;
94
import com.eucalyptus.http.MappingHttpResponse;
95
import com.eucalyptus.util.EucalyptusCloudException;
96
import com.eucalyptus.auth.crypto.Digest;
98
import javax.crypto.Cipher;
99
import javax.crypto.SecretKey;
100
import javax.crypto.spec.IvParameterSpec;
101
import javax.crypto.spec.SecretKeySpec;
67
import java.io.BufferedInputStream;
68
import java.io.BufferedOutputStream;
70
import java.io.FileInputStream;
71
import java.io.FileNotFoundException;
72
import java.io.FileOutputStream;
73
import java.io.IOException;
74
import java.io.InputStream;
104
75
import java.nio.ByteBuffer;
105
76
import java.nio.channels.Channels;
106
77
import java.nio.channels.FileChannel;
131
101
import javax.xml.transform.TransformerFactory;
132
102
import javax.xml.transform.dom.DOMSource;
133
103
import javax.xml.transform.stream.StreamResult;
135
104
import org.apache.log4j.Logger;
136
105
import org.apache.tools.ant.util.DateUtils;
137
import org.apache.xml.dtm.DTMIterator;
138
import org.apache.xml.dtm.ref.DTMNodeList;
139
106
import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
140
107
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
141
108
import org.jboss.netty.handler.codec.http.HttpVersion;
142
109
import org.w3c.dom.Document;
143
110
import org.w3c.dom.Element;
144
111
import org.w3c.dom.Node;
146
import com.eucalyptus.auth.NoSuchUserException;
147
import com.eucalyptus.auth.SystemCredentialProvider;
148
import com.eucalyptus.auth.Users;
112
import com.eucalyptus.auth.Accounts;
113
import com.eucalyptus.auth.policy.PolicySpec;
114
import com.eucalyptus.auth.principal.Account;
115
import com.eucalyptus.auth.principal.Certificate;
149
116
import com.eucalyptus.auth.principal.User;
150
import com.eucalyptus.auth.X509Cert;
151
117
import com.eucalyptus.auth.util.Hashes;
152
import com.eucalyptus.bootstrap.Component;
118
import com.eucalyptus.component.auth.SystemCredentials;
119
import com.eucalyptus.component.id.Eucalyptus;
120
import com.eucalyptus.component.id.Walrus;
121
import com.eucalyptus.context.Context;
122
import com.eucalyptus.context.Contexts;
123
import com.eucalyptus.crypto.Digest;
153
124
import com.eucalyptus.entities.EntityWrapper;
125
import com.eucalyptus.records.Logs;
126
import com.eucalyptus.system.Threads;
154
127
import com.eucalyptus.util.EucalyptusCloudException;
128
import com.eucalyptus.util.Lookups;
155
129
import com.eucalyptus.util.WalrusProperties;
157
130
import edu.ucsb.eucalyptus.cloud.AccessDeniedException;
158
131
import edu.ucsb.eucalyptus.cloud.BucketLogData;
159
132
import edu.ucsb.eucalyptus.cloud.DecryptionFailedException;
160
133
import edu.ucsb.eucalyptus.cloud.NoSuchBucketException;
161
134
import edu.ucsb.eucalyptus.cloud.NoSuchEntityException;
162
135
import edu.ucsb.eucalyptus.cloud.NotAuthorizedException;
136
import edu.ucsb.eucalyptus.cloud.WalrusException;
163
137
import edu.ucsb.eucalyptus.cloud.entities.BucketInfo;
164
138
import edu.ucsb.eucalyptus.cloud.entities.ImageCacheInfo;
165
139
import edu.ucsb.eucalyptus.cloud.entities.ObjectInfo;
140
import edu.ucsb.eucalyptus.cloud.entities.WalrusInfo;
166
141
import edu.ucsb.eucalyptus.msgs.CacheImageResponseType;
167
142
import edu.ucsb.eucalyptus.msgs.CacheImageType;
168
143
import edu.ucsb.eucalyptus.msgs.CheckImageResponseType;
192
167
this.imageMessenger = imageMessenger;
195
private String decryptImage(String bucketName, String objectKey, String userId, boolean isAdministrator) throws EucalyptusCloudException {
196
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
170
private String decryptImage(String bucketName, String objectKey, Account account, boolean isAdministrator) throws EucalyptusCloudException {
171
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
197
172
BucketInfo bucketInfo = new BucketInfo(bucketName);
198
173
List<BucketInfo> bucketList = db.query(bucketInfo);
204
179
List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
205
180
if(objectInfos.size() > 0) {
206
181
ObjectInfo objectInfo = objectInfos.get(0);
207
if(objectInfo.canRead(userId)) {
182
if(isAdministrator || (
183
objectInfo.canRead(account.getAccountNumber()) &&
184
Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
185
PolicySpec.VENDOR_S3,
186
PolicySpec.S3_RESOURCE_OBJECT,
187
PolicySpec.objectFullName(bucketName, objectKey),
188
objectInfo.getOwnerId()))) {
208
189
String objectName = objectInfo.getObjectName();
209
190
File file = new File(storageManager.getObjectPath(bucketName, objectName));
210
191
XMLParser parser = new XMLParser(file);
231
212
if(isAdministrator) {
233
214
boolean verified = false;
234
for(User user:Users.listAllUsers( )) {
235
for (X509Certificate cert : user.getAllX509Certificates()) {
215
for(User u:Accounts.listAllUsers( )) {
216
for (Certificate c : u.getCertificates()) {
217
X509Certificate cert = c.getX509Certificate( );
237
219
verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
243
X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
226
X509Certificate cert = SystemCredentials.lookup(Eucalyptus.class).getCertificate();
245
228
verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
256
239
boolean signatureVerified = false;
259
user = Users.lookupUser( userId );
260
} catch ( NoSuchUserException e ) {
261
throw new AccessDeniedException(userId,e);
264
for(X509Certificate cert : user.getAllX509Certificates()) {
266
signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
241
for(User user: account.getUsers()) {
242
for(Certificate c : user.getCertificates()) {
243
X509Certificate cert = c.getX509Certificate( );
245
signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
247
if(signatureVerified)
268
if(signatureVerified)
250
if(signatureVerified) break;
271
252
} catch(Exception ex) {
318
PrivateKey pk = SystemCredentialProvider.getCredentialProvider(
319
Component.eucalyptus ).getPrivateKey();
299
PrivateKey pk = SystemCredentials.lookup(
300
Eucalyptus.class ).getPrivateKey();
320
301
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
321
302
cipher.init(Cipher.DECRYPT_MODE, pk);
322
303
String keyString = new String(cipher.doFinal(Hashes.hexToBytes(encryptedKey)));
325
306
iv = Hashes.hexToBytes(ivString);
326
307
} catch(Exception ex) {
311
storageManager.deleteAbsoluteObject(encryptedImageName);
312
} catch (Exception e) {
314
throw new WalrusException("Unable to delete: " + encryptedImageKey);
329
316
throw new DecryptionFailedException("AES params");
332
319
//Unencrypt image
334
322
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
335
323
IvParameterSpec salt = new IvParameterSpec(iv);
336
324
SecretKey keySpec = new SecretKeySpec(key, "AES");
338
326
decryptImage(encryptedImageName, decryptedImageName, cipher);
339
327
} catch (Exception ex) {
331
storageManager.deleteAbsoluteObject(encryptedImageName);
332
storageManager.deleteAbsoluteObject(decryptedImageName);
333
} catch (Exception e) {
335
throw new WalrusException("Unable to delete: " + encryptedImageKey);
342
337
throw new DecryptionFailedException("decryption failed");
345
340
storageManager.deleteAbsoluteObject(encryptedImageName);
346
341
} catch (Exception ex) {
348
throw new EucalyptusCloudException();
343
throw new WalrusException("Unable to delete: " + encryptedImageKey);
351
345
return decryptedImageKey;
366
private void checkManifest(String bucketName, String objectKey, String userId) throws EucalyptusCloudException {
367
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
360
private void checkManifest(String bucketName, String objectKey, Account account) throws EucalyptusCloudException {
361
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
368
362
BucketInfo bucketInfo = new BucketInfo(bucketName);
369
363
BucketInfo bucket = null;
371
365
bucket = db.getUnique(bucketInfo);
372
} catch(Throwable t) {
373
throw new EucalyptusCloudException("Unable to get bucket: " + bucketName, t);
366
} catch(Exception t) {
367
throw new WalrusException("Unable to get bucket: " + bucketName, t);
376
370
if (bucket != null) {
380
374
if(objectInfos.size() > 0) {
381
375
ObjectInfo objectInfo = objectInfos.get(0);
383
if(objectInfo.canRead(userId)) {
377
if(objectInfo.canRead(account.getAccountNumber())) {
384
378
String objectName = objectInfo.getObjectName();
385
379
File file = new File(storageManager.getObjectPath(bucketName, objectName));
386
380
XMLParser parser = new XMLParser(file);
412
X509Certificate cert = user.getX509Certificate( );
413
PublicKey publicKey = cert.getPublicKey();
414
sigVerifier.initVerify(publicKey);
415
sigVerifier.update((machineConfiguration + image).getBytes());
416
signatureVerified = sigVerifier.verify(Hashes.hexToBytes(signature));
400
for(User u:Accounts.listAllUsers( )) {
401
for (Certificate cert : u.getCertificates()) {
402
if(cert != null&&cert instanceof X509Certificate)
403
signatureVerified = canVerifySignature(sigVerifier, ( X509Certificate ) cert, signature, (machineConfiguration + image));
404
if(signatureVerified)
408
if(!signatureVerified) {
409
X509Certificate cert = SystemCredentials.lookup(Eucalyptus.class).getCertificate();
411
signatureVerified = canVerifySignature(sigVerifier, cert, signature, (machineConfiguration + image));
417
413
} catch(Exception ex) {
419
415
LOG.error(ex, ex);
420
416
throw new DecryptionFailedException("signature verification");
423
//check if Eucalyptus signed it
424
if(!signatureVerified) {
426
X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
427
PublicKey publicKey = cert.getPublicKey();
428
sigVerifier.initVerify(publicKey);
429
sigVerifier.update((machineConfiguration + image).getBytes());
430
signatureVerified = sigVerifier.verify(Hashes.hexToBytes(signature));
431
} catch(Exception ex) {
434
throw new DecryptionFailedException("signature verification");
438
418
if(!signatureVerified) {
439
419
throw new NotAuthorizedException("Invalid signature");
487
467
private long checkCachingProgress(String bucketName, String manifestKey, long oldBytesRead) {
488
EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
468
EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
489
469
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
491
471
ImageCacheInfo foundImageCacheInfo = db.getUnique(searchImageCacheInfo);
505
private synchronized void cacheImage(String bucketName, String manifestKey, String userId, boolean isAdministrator) throws EucalyptusCloudException {
507
EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
485
private void cacheImage(String bucketName, String manifestKey, Account account, boolean isAdministrator) throws EucalyptusCloudException {
486
EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
508
487
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
509
488
List<ImageCacheInfo> imageCacheInfos = db.query(searchImageCacheInfo);
510
489
String decryptedImageKey = null;
523
502
if(imageCacher == null) {
524
503
if(decryptedImageKey == null) {
526
decryptedImageKey = decryptImage(bucketName, manifestKey, userId, isAdministrator);
505
decryptedImageKey = decryptImage(bucketName, manifestKey, account, isAdministrator);
527
506
} catch(EucalyptusCloudException ex) {
528
507
imageCachers.remove(bucketName + manifestKey);
534
513
foundImageCacheInfo.setInCache(false);
535
514
foundImageCacheInfo.setUseCount(0);
536
515
foundImageCacheInfo.setSize(0L);
537
db = WalrusControl.getEntityWrapper();
516
db = EntityWrapper.get(ImageCacheInfo.class);
538
517
db.add(foundImageCacheInfo);
541
520
imageCacher = imageCachers.get(bucketName + manifestKey);
542
521
imageCacher.setDecryptedImageKey(decryptedImageKey);
522
Threads.lookup(Walrus.class, WalrusImageManager.ImageCacher.class).limitTo(10).submit(imageCacher);
577
private void validateManifest(String bucketName, String objectKey, String userId) throws EucalyptusCloudException {
578
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
556
private void validateManifest(String bucketName, String objectKey, String accountId) throws EucalyptusCloudException {
557
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
579
558
BucketInfo bucketInfo = new BucketInfo(bucketName);
580
559
BucketInfo bucket = null;
582
561
bucket = db.getUnique(bucketInfo);
583
} catch(Throwable t) {
584
throw new EucalyptusCloudException("Unable to get bucket: " + bucketName, t);
562
} catch(Exception t) {
563
throw new WalrusException("Unable to get bucket: " + bucketName, t);
587
566
if (bucket != null) {
591
570
if(objectInfos.size() > 0) {
592
571
ObjectInfo objectInfo = objectInfos.get(0);
594
if(objectInfo.canRead(userId)) {
573
if(objectInfo.canRead(accountId)) {
595
574
String objectName = objectInfo.getObjectName();
596
575
File file = new File(storageManager.getObjectPath(bucketName, objectName));
597
576
XMLParser parser = new XMLParser(file);
635
614
} catch (IOException e) {
637
throw new EucalyptusCloudException(e);
616
throw new WalrusException(e.getMessage());
640
619
inStream.close();
641
620
} catch (IOException e) {
643
throw new EucalyptusCloudException(e);
622
throw new WalrusException(e.getMessage());
646
625
String md5 = Hashes.bytesToHex(digest.digest());
687
666
public void startImageCacheFlusher(String bucketName, String manifestName) {
688
667
ImageCacheFlusher imageCacheFlusher = new ImageCacheFlusher(bucketName, manifestName);
689
imageCacheFlusher.start();
668
Threads.lookup(Walrus.class, WalrusImageManager.ImageCacheFlusher.class).limitTo(10).submit(imageCacheFlusher);
692
private class ImageCacheFlusher extends Thread {
671
private class ImageCacheFlusher implements Runnable {
693
672
private String bucketName;
694
673
private String objectKey;
859
838
storageManager.deleteAbsoluteObject(decryptedImageName);
860
839
storageManager.deleteAbsoluteObject(tarredImageName);
862
EntityWrapper<ImageCacheInfo>db = WalrusControl.getEntityWrapper();
841
EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
863
842
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
864
843
List<ImageCacheInfo> foundImageCacheInfos = db.query(searchImageCacheInfo);
865
844
if(foundImageCacheInfos.size() > 0) {
999
978
int bytesRead = 0;
1000
979
byte[] bytes = new byte[8192];
1002
while((bytesRead = in.read(bytes)) > 0) {
1003
byte[] outBytes = cipher.update(bytes, 0, bytesRead);
982
while((bytesRead = in.read(bytes)) > 0) {
983
byte[] outBytes = cipher.update(bytes, 0, bytesRead);
987
byte[] outBytes = cipher.doFinal();
1004
988
out.write(outBytes);
989
} catch (IOException ex) {
991
Logs.extreme( ).error( ex, ex );
996
} catch (IOException ex) {
1001
} catch (IOException ex) {
1006
byte[] outBytes = cipher.doFinal();
1007
out.write(outBytes);
1010
1006
LOG.info("Done decrypting: " + decryptedImageName);
1051
1047
GetDecryptedImageResponseType reply = (GetDecryptedImageResponseType) request.getReply();
1052
1048
String bucketName = request.getBucket();
1053
1049
String objectKey = request.getKey();
1054
String userId = request.getUserId();
1050
Context ctx = Contexts.lookup();
1051
Account account = ctx.getAccount();
1056
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
1053
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1057
1054
BucketInfo bucketInfo = new BucketInfo(bucketName);
1058
1055
List<BucketInfo> bucketList = db.query(bucketInfo);
1059
1056
if (bucketList.size() > 0) {
1063
1060
if(objectInfos.size() > 0) {
1064
1061
ObjectInfo objectInfo = objectInfos.get(0);
1066
if(objectInfo.canRead(userId) || request.isAdministrator() ) {
1063
if(ctx.hasAdministrativePrivileges() || (
1064
objectInfo.canRead(account.getAccountNumber()) &&
1065
Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
1066
PolicySpec.VENDOR_S3,
1067
PolicySpec.S3_RESOURCE_OBJECT,
1068
PolicySpec.objectFullName(bucketName, objectKey),
1069
objectInfo.getOwnerId()))) {
1068
1071
EucaSemaphore semaphore = EucaSemaphoreDirectory.getSemaphore(bucketName + "/" + objectKey);
1070
1073
semaphore.acquire();
1071
1074
} catch(InterruptedException ex) {
1072
throw new EucalyptusCloudException("semaphore could not be acquired");
1075
throw new WalrusException("semaphore could not be acquired");
1074
EntityWrapper<ImageCacheInfo> db2 = WalrusControl.getEntityWrapper();
1077
EntityWrapper<ImageCacheInfo> db2 = EntityWrapper.get(ImageCacheInfo.class);
1075
1078
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, objectKey);
1076
1079
List<ImageCacheInfo> foundImageCacheInfos = db2.query(searchImageCacheInfo);
1077
1080
if(foundImageCacheInfos.size() > 0) {
1090
1093
//issue a cache request
1091
1094
LOG.info("Image " + bucketName + "/" + objectKey + " not found in cache. Issuing cache request (might take a while...)");
1092
cacheImage(bucketName, objectKey, userId, request.isAdministrator());
1095
cacheImage(bucketName, objectKey, account, ctx.hasAdministrativePrivileges());
1093
1096
//query db again
1094
db2 = WalrusControl.getEntityWrapper();
1097
db2 = EntityWrapper.get(ImageCacheInfo.class);
1095
1098
foundImageCacheInfos = db2.query(searchImageCacheInfo);
1097
1100
ImageCacheInfo foundImageCacheInfo = null;
1127
1130
} catch(Exception ex) {
1129
1132
semaphore.release();
1130
throw new EucalyptusCloudException("monitor failure");
1133
imageMessenger.removeMonitor(bucketName + "/" + objectKey);
1134
throw new WalrusException("monitor failure");
1134
1138
LOG.error("Tired of waiting to cache image: " + bucketName + "/" + objectKey + " giving up");
1139
imageMessenger.removeMonitor(bucketName + "/" + objectKey);
1135
1140
semaphore.release();
1136
throw new EucalyptusCloudException("caching failure");
1141
throw new WalrusException("caching failure");
1138
1143
//caching may have modified the db. repeat the query
1139
db2 = WalrusControl.getEntityWrapper();
1144
db2 = EntityWrapper.get(ImageCacheInfo.class);
1140
1145
foundImageCacheInfos = db2.query(searchImageCacheInfo);
1141
1146
if(foundImageCacheInfos.size() > 0) {
1142
1147
foundImageCacheInfo = foundImageCacheInfos.get(0);
1181
1187
reply.setSuccess(false);
1182
1188
String bucketName = request.getBucket();
1183
1189
String objectKey = request.getKey();
1184
String userId = request.getUserId();
1190
Context ctx = Contexts.lookup();
1191
Account account = ctx.getAccount();
1186
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
1193
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1187
1194
BucketInfo bucketInfo = new BucketInfo(bucketName);
1188
1195
BucketInfo bucket = null;
1190
1197
bucket = db.getUnique(bucketInfo);
1191
} catch(Throwable t) {
1192
throw new EucalyptusCloudException("Unable to get bucket", t);
1198
} catch(Exception t) {
1199
throw new WalrusException("Unable to get bucket", t);
1195
1202
if (bucket != null) {
1198
1205
List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
1199
1206
if(objectInfos.size() > 0) {
1200
1207
ObjectInfo objectInfo = objectInfos.get(0);
1201
if(objectInfo.canRead(userId)) {
1208
if(ctx.hasAdministrativePrivileges() || (
1209
objectInfo.canRead(account.getAccountNumber()) &&
1210
Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
1211
PolicySpec.VENDOR_S3,
1212
PolicySpec.S3_RESOURCE_OBJECT,
1213
PolicySpec.objectFullName(bucketName, objectKey),
1214
objectInfo.getOwnerId()))) {
1203
checkManifest(bucketName, objectKey, userId);
1216
checkManifest(bucketName, objectKey, account);
1204
1217
reply.setSuccess(true);
1222
1235
reply.setSuccess(false);
1223
1236
String bucketName = request.getBucket();
1224
1237
String manifestKey = request.getKey();
1225
String userId = request.getUserId();
1228
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
1238
Context ctx = Contexts.lookup();
1239
Account account = ctx.getAccount();
1241
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1229
1242
BucketInfo bucketInfo = new BucketInfo(bucketName);
1230
1243
List<BucketInfo> bucketList = db.query(bucketInfo);
1236
1249
if(objectInfos.size() > 0) {
1237
1250
ObjectInfo objectInfo = objectInfos.get(0);
1239
if(objectInfo.canRead(userId)) {
1240
EntityWrapper<ImageCacheInfo> db2 = WalrusControl.getEntityWrapper();
1252
if(ctx.hasAdministrativePrivileges() || (
1253
objectInfo.canRead(account.getAccountNumber()) &&
1254
Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
1255
PolicySpec.VENDOR_S3,
1256
PolicySpec.S3_RESOURCE_OBJECT,
1257
PolicySpec.objectFullName( bucketName, manifestKey ),
1258
objectInfo.getOwnerId()))) {
1259
EntityWrapper<ImageCacheInfo> db2 = EntityWrapper.get(ImageCacheInfo.class);
1241
1260
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
1242
1261
List<ImageCacheInfo> foundImageCacheInfos = db2.query(searchImageCacheInfo);
1244
1263
if((foundImageCacheInfos.size() == 0) || (!imageCachers.containsKey(bucketName + manifestKey))) {
1245
cacheImage(bucketName, manifestKey, userId, request.isAdministrator());
1264
cacheImage(bucketName, manifestKey, account, Contexts.lookup( ).hasAdministrativePrivileges( ));
1246
1265
reply.setSuccess(true);
1269
1288
String bucketName = request.getBucket();
1270
1289
String manifestKey = request.getKey();
1272
EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
1291
EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
1273
1292
ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
1274
1293
List<ImageCacheInfo> foundImageCacheInfos = db.query(searchImageCacheInfo);
1279
1298
//check that there are no operations in progress and then flush cache and delete image file
1281
1300
ImageCacheFlusher imageCacheFlusher = new ImageCacheFlusher(bucketName, manifestKey);
1282
imageCacheFlusher.start();
1301
Threads.lookup(Walrus.class, WalrusImageManager.ImageCacheFlusher.class).limitTo(10).submit(imageCacheFlusher);
1285
throw new EucalyptusCloudException("not in cache");
1304
throw new WalrusException("not in cache");
1295
1314
ValidateImageResponseType reply = (ValidateImageResponseType) request.getReply();
1296
1315
String bucketName = request.getBucket();
1297
1316
String manifestKey = request.getKey();
1298
String userId = request.getUserId();
1299
EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
1317
Context ctx = Contexts.lookup();
1318
Account account = ctx.getAccount();
1319
EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1300
1320
BucketInfo bucketInfo = new BucketInfo(bucketName);
1301
1321
List<BucketInfo> bucketList = db.query(bucketInfo);
1302
1322
if (bucketList.size() > 0) {
1309
1329
List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
1310
1330
if (objectInfos.size() > 0) {
1311
1331
ObjectInfo objectInfo = objectInfos.get(0);
1312
if (objectInfo.canRead(userId)) {
1332
if (ctx.hasAdministrativePrivileges() || (
1333
objectInfo.canRead(account.getAccountNumber()) &&
1334
Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
1335
PolicySpec.VENDOR_S3,
1336
PolicySpec.S3_RESOURCE_OBJECT,
1337
PolicySpec.objectFullName(bucketName, manifestKey),
1338
objectInfo.getOwnerId()))) {
1313
1339
//validate manifest
1314
validateManifest(bucketName, manifestKey, userId);
1340
validateManifest(bucketName, manifestKey, account.getAccountNumber());