← Back to branch summary

~ubuntu-branches/ubuntu/raring/eucalyptus/raring

« back to all changes in this revision

Viewing changes to clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java

  • Committer: Package Import Robot
  • Author(s): Brian Thomason
  • Date: 2011-11-29 13:17:52 UTC
  • mfrom: (1.2.1 upstream)
  • mto: This revision was merged to the branch mainline in revision 185.
  • Revision ID: package-import@ubuntu.com-20111129131752-rq31al3ntutv2vvl
Tags: upstream-3.0.999beta1
ImportĀ upstreamĀ versionĀ 3.0.999beta1

Show diffs side-by-side

added added

removed removed

Lines of Context:
clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
53
53
 *    SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
54
54
 *    IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
55
55
 *    BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
56
 
 *    THE REGENTSā€™ DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
 
56
 *    THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
57
57
 *    OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
58
58
 *    WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
59
59
 *    ANY SUCH LICENSES OR RIGHTS.
64
64
 * Author: Sunil Soman sunils@cs.ucsb.edu
65
65
 */
66
66
 
67
 
import edu.ucsb.eucalyptus.cloud.*;
68
 
import edu.ucsb.eucalyptus.cloud.entities.*;
69
 
import edu.ucsb.eucalyptus.msgs.*;
70
 
import edu.ucsb.eucalyptus.storage.StorageManager;
71
 
import edu.ucsb.eucalyptus.util.*;
72
 
import org.apache.log4j.Logger;
73
 
import org.apache.tools.ant.util.DateUtils;
74
 
import org.jboss.netty.channel.Channel;
75
 
import org.jboss.netty.channel.ChannelFuture;
76
 
import org.jboss.netty.channel.ChannelFutureListener;
77
 
import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
78
 
import org.jboss.netty.handler.codec.http.HttpHeaders;
79
 
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
80
 
import org.jboss.netty.handler.codec.http.HttpVersion;
81
 
import org.jboss.netty.handler.stream.ChunkedFile;
82
 
import org.jboss.netty.handler.stream.ChunkedInput;
83
 
 
84
 
import com.eucalyptus.auth.Authentication;
85
 
import com.eucalyptus.auth.NoSuchUserException;
86
 
import com.eucalyptus.auth.SystemCredentialProvider;
87
 
import com.eucalyptus.auth.Users;
88
 
import com.eucalyptus.auth.X509Cert;
89
 
import com.eucalyptus.auth.principal.User;
90
 
import com.eucalyptus.auth.util.EucaKeyStore;
91
 
import com.eucalyptus.auth.util.Hashes;
92
 
import com.eucalyptus.bootstrap.Component;
93
 
import com.eucalyptus.entities.EntityWrapper;
94
 
import com.eucalyptus.http.MappingHttpResponse;
95
 
import com.eucalyptus.util.EucalyptusCloudException;
96
 
import com.eucalyptus.auth.crypto.Digest;
97
 
 
98
 
import javax.crypto.Cipher;
99
 
import javax.crypto.SecretKey;
100
 
import javax.crypto.spec.IvParameterSpec;
101
 
import javax.crypto.spec.SecretKeySpec;
102
 
import java.io.*;
103
 
 
 
67
import java.io.BufferedInputStream;
 
68
import java.io.BufferedOutputStream;
 
69
import java.io.File;
 
70
import java.io.FileInputStream;
 
71
import java.io.FileNotFoundException;
 
72
import java.io.FileOutputStream;
 
73
import java.io.IOException;
 
74
import java.io.InputStream;
104
75
import java.nio.ByteBuffer;
105
76
import java.nio.channels.Channels;
106
77
import java.nio.channels.FileChannel;
118
89
import java.util.UUID;
119
90
import java.util.concurrent.ConcurrentHashMap;
120
91
import java.util.zip.GZIPInputStream;
121
 
 
122
92
import javax.crypto.Cipher;
123
93
import javax.crypto.SecretKey;
124
94
import javax.crypto.spec.IvParameterSpec;
131
101
import javax.xml.transform.TransformerFactory;
132
102
import javax.xml.transform.dom.DOMSource;
133
103
import javax.xml.transform.stream.StreamResult;
134
 
 
135
104
import org.apache.log4j.Logger;
136
105
import org.apache.tools.ant.util.DateUtils;
137
 
import org.apache.xml.dtm.DTMIterator;
138
 
import org.apache.xml.dtm.ref.DTMNodeList;
139
106
import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
140
107
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
141
108
import org.jboss.netty.handler.codec.http.HttpVersion;
142
109
import org.w3c.dom.Document;
143
110
import org.w3c.dom.Element;
144
111
import org.w3c.dom.Node;
145
 
 
146
 
import com.eucalyptus.auth.NoSuchUserException;
147
 
import com.eucalyptus.auth.SystemCredentialProvider;
148
 
import com.eucalyptus.auth.Users;
 
112
import com.eucalyptus.auth.Accounts;
 
113
import com.eucalyptus.auth.policy.PolicySpec;
 
114
import com.eucalyptus.auth.principal.Account;
 
115
import com.eucalyptus.auth.principal.Certificate;
149
116
import com.eucalyptus.auth.principal.User;
150
 
import com.eucalyptus.auth.X509Cert;
151
117
import com.eucalyptus.auth.util.Hashes;
152
 
import com.eucalyptus.bootstrap.Component;
 
118
import com.eucalyptus.component.auth.SystemCredentials;
 
119
import com.eucalyptus.component.id.Eucalyptus;
 
120
import com.eucalyptus.component.id.Walrus;
 
121
import com.eucalyptus.context.Context;
 
122
import com.eucalyptus.context.Contexts;
 
123
import com.eucalyptus.crypto.Digest;
153
124
import com.eucalyptus.entities.EntityWrapper;
 
125
import com.eucalyptus.records.Logs;
 
126
import com.eucalyptus.system.Threads;
154
127
import com.eucalyptus.util.EucalyptusCloudException;
 
128
import com.eucalyptus.util.Lookups;
155
129
import com.eucalyptus.util.WalrusProperties;
156
 
 
157
130
import edu.ucsb.eucalyptus.cloud.AccessDeniedException;
158
131
import edu.ucsb.eucalyptus.cloud.BucketLogData;
159
132
import edu.ucsb.eucalyptus.cloud.DecryptionFailedException;
160
133
import edu.ucsb.eucalyptus.cloud.NoSuchBucketException;
161
134
import edu.ucsb.eucalyptus.cloud.NoSuchEntityException;
162
135
import edu.ucsb.eucalyptus.cloud.NotAuthorizedException;
 
136
import edu.ucsb.eucalyptus.cloud.WalrusException;
163
137
import edu.ucsb.eucalyptus.cloud.entities.BucketInfo;
164
138
import edu.ucsb.eucalyptus.cloud.entities.ImageCacheInfo;
165
139
import edu.ucsb.eucalyptus.cloud.entities.ObjectInfo;
 
140
import edu.ucsb.eucalyptus.cloud.entities.WalrusInfo;
166
141
import edu.ucsb.eucalyptus.msgs.CacheImageResponseType;
167
142
import edu.ucsb.eucalyptus.msgs.CacheImageType;
168
143
import edu.ucsb.eucalyptus.msgs.CheckImageResponseType;
192
167
                this.imageMessenger = imageMessenger;
193
168
        }
194
169
 
195
 
        private String decryptImage(String bucketName, String objectKey, String userId, boolean isAdministrator) throws EucalyptusCloudException {
196
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
170
        private String decryptImage(String bucketName, String objectKey, Account account, boolean isAdministrator) throws EucalyptusCloudException {
 
171
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
197
172
                BucketInfo bucketInfo = new BucketInfo(bucketName);
198
173
                List<BucketInfo> bucketList = db.query(bucketInfo);
199
174
 
204
179
                        List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
205
180
                        if(objectInfos.size() > 0)  {
206
181
                                ObjectInfo objectInfo = objectInfos.get(0);
207
 
                                if(objectInfo.canRead(userId)) {
 
182
                                if(isAdministrator || (
 
183
                                                objectInfo.canRead(account.getAccountNumber()) &&
 
184
                                                Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
 
185
                                                                PolicySpec.VENDOR_S3,
 
186
                                                                PolicySpec.S3_RESOURCE_OBJECT,
 
187
                                                                PolicySpec.objectFullName(bucketName, objectKey),
 
188
                                                                objectInfo.getOwnerId()))) {
208
189
                                        String objectName = objectInfo.getObjectName();
209
190
                                        File file = new File(storageManager.getObjectPath(bucketName, objectName));
210
191
                                        XMLParser parser = new XMLParser(file);
231
212
                                        if(isAdministrator) {
232
213
                                                try {
233
214
                                                        boolean verified = false;
234
 
                                                        for(User user:Users.listAllUsers( )) {
235
 
                                                                for (X509Certificate cert : user.getAllX509Certificates()) {
 
215
                                                        for(User u:Accounts.listAllUsers( )) {
 
216
                                                                for (Certificate c : u.getCertificates()) {
 
217
                                                                        X509Certificate cert = c.getX509Certificate( );
236
218
                                                                        if(cert != null)
237
219
                                                                                verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
238
220
                                                                        if(verified)
239
221
                                                                                break;
240
222
                                                                }
 
223
                                                                if(verified) break;
241
224
                                                        }
242
225
                                                        if(!verified) {
243
 
                                                                X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
 
226
                                                                X509Certificate cert = SystemCredentials.lookup(Eucalyptus.class).getCertificate();
244
227
                                                                if(cert != null)
245
228
                                                                        verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
246
229
                                                        }
254
237
                                                }
255
238
                                        } else {
256
239
                                                boolean signatureVerified = false;
257
 
                                                User user = null;
258
 
                                                try {
259
 
                                                        user = Users.lookupUser( userId );
260
 
                                                } catch ( NoSuchUserException e ) {
261
 
                                                        throw new AccessDeniedException(userId,e);            
262
 
                                                }         
263
 
                                                try {
264
 
                                                        for(X509Certificate cert : user.getAllX509Certificates()) {
265
 
                                                                if(cert != null) {
266
 
                                                                        signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
 
240
                                                try {
 
241
                                                        for(User user: account.getUsers()) {
 
242
                                                                for(Certificate c : user.getCertificates()) {
 
243
                                                                        X509Certificate cert = c.getX509Certificate( );
 
244
                                                                        if(cert != null) {
 
245
                                                                                signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
 
246
                                                                        }
 
247
                                                                        if(signatureVerified)
 
248
                                                                                break;
267
249
                                                                }
268
 
                                                                if(signatureVerified)
269
 
                                                                        break;
 
250
                                                                if(signatureVerified) break;
270
251
                                                        }
271
252
                                                } catch(Exception ex) {
272
253
                                                        db.rollback();
275
256
                                                }
276
257
                                                if(!signatureVerified) {
277
258
                                                        try {
278
 
                                                                X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
 
259
                                                                X509Certificate cert = SystemCredentials.lookup(Eucalyptus.class).getCertificate();
279
260
                                                                if(cert != null)
280
261
                                                                        signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
281
262
                                                        } catch(Exception ex) {
304
285
                                                }
305
286
                                        }
306
287
                                        //Assemble parts
307
 
                                        String encryptedImageKey = UUID.randomUUID().toString() + ".crypt.gz";//imageKey + "-" + Hashes.getRandom(5) + ".crypt.gz";
 
288
                                        String encryptedImageKey = UUID.randomUUID().toString() + ".crypt.gz";
308
289
                                        String encryptedImageName = storageManager.getObjectPath(bucketName, encryptedImageKey);
309
290
                                        String decryptedImageKey = encryptedImageKey.substring(0, encryptedImageKey.lastIndexOf("crypt.gz")) + "tgz";
310
291
 
315
296
                                        byte[] key;
316
297
                                        byte[] iv;
317
298
                                        try {
318
 
                                                PrivateKey pk = SystemCredentialProvider.getCredentialProvider(
319
 
                                                                Component.eucalyptus ).getPrivateKey();
 
299
                                                PrivateKey pk = SystemCredentials.lookup(
 
300
                                                                Eucalyptus.class ).getPrivateKey();
320
301
                                                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
321
302
                                                cipher.init(Cipher.DECRYPT_MODE, pk);
322
303
                                                String keyString = new String(cipher.doFinal(Hashes.hexToBytes(encryptedKey)));
325
306
                                                iv = Hashes.hexToBytes(ivString);
326
307
                                        } catch(Exception ex) {
327
308
                                                db.rollback();
328
 
                                                LOG.error(ex, ex);
 
309
                                                LOG.error(ex);
 
310
                                                try {
 
311
                                                        storageManager.deleteAbsoluteObject(encryptedImageName);
 
312
                                                } catch (Exception e) {
 
313
                                                        LOG.error(e);
 
314
                                                        throw new WalrusException("Unable to delete: " + encryptedImageKey);
 
315
                                                }
329
316
                                                throw new DecryptionFailedException("AES params");
330
317
                                        }
331
318
 
332
319
                                        //Unencrypt image
333
320
                                        try {
 
321
                                                db.commit();
334
322
                                                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
335
323
                                                IvParameterSpec salt = new IvParameterSpec(iv);
336
324
                                                SecretKey keySpec = new SecretKeySpec(key, "AES");
338
326
                                                decryptImage(encryptedImageName, decryptedImageName, cipher);
339
327
                                        } catch (Exception ex) {
340
328
                                                db.rollback();
341
 
                                                LOG.error(ex, ex);
 
329
                                                LOG.error(ex);
 
330
                                                try {
 
331
                                                        storageManager.deleteAbsoluteObject(encryptedImageName);
 
332
                                                        storageManager.deleteAbsoluteObject(decryptedImageName);
 
333
                                                } catch (Exception e) {
 
334
                                                        LOG.error(e);
 
335
                                                        throw new WalrusException("Unable to delete: " + encryptedImageKey);
 
336
                                                }
342
337
                                                throw new DecryptionFailedException("decryption failed");
343
338
                                        }
344
339
                                        try {
345
340
                                                storageManager.deleteAbsoluteObject(encryptedImageName);
346
341
                                        } catch (Exception ex) {
347
342
                                                LOG.error(ex);
348
 
                                                throw new EucalyptusCloudException();
 
343
                                                throw new WalrusException("Unable to delete: " + encryptedImageKey);
349
344
                                        }
350
 
                                        db.commit();
351
345
                                        return decryptedImageKey;
352
346
                                }
353
347
                        }
363
357
        }
364
358
 
365
359
 
366
 
        private void checkManifest(String bucketName, String objectKey, String userId) throws EucalyptusCloudException {
367
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
360
        private void checkManifest(String bucketName, String objectKey, Account account) throws EucalyptusCloudException {
 
361
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
368
362
                BucketInfo bucketInfo = new BucketInfo(bucketName);
369
363
                BucketInfo bucket = null;
370
364
                try {
371
365
                        bucket = db.getUnique(bucketInfo);
372
 
                } catch(Throwable t) {
373
 
                        throw new EucalyptusCloudException("Unable to get bucket: " + bucketName, t);
 
366
                } catch(Exception t) {
 
367
                        throw new WalrusException("Unable to get bucket: " + bucketName, t);
374
368
                }
375
369
 
376
370
                if (bucket != null) {
380
374
                        if(objectInfos.size() > 0)  {
381
375
                                ObjectInfo objectInfo = objectInfos.get(0);
382
376
 
383
 
                                if(objectInfo.canRead(userId)) {
 
377
                                if(objectInfo.canRead(account.getAccountNumber())) {
384
378
                                        String objectName = objectInfo.getObjectName();
385
379
                                        File file = new File(storageManager.getObjectPath(bucketName, objectName));
386
380
                                        XMLParser parser = new XMLParser(file);
392
386
                                        String image = parser.getXML("image");
393
387
                                        String machineConfiguration = parser.getXML("machine_configuration");
394
388
 
395
 
                                        User user = null;
396
 
                                        try {
397
 
                                                user = Users.lookupUser( userId );
398
 
                                        } catch ( NoSuchUserException e ) {
399
 
                                                throw new AccessDeniedException(userId,e);            
400
 
                                        }         
401
389
                                        boolean signatureVerified = false;
402
390
 
403
391
                                        Signature sigVerifier;
409
397
                                        }
410
398
 
411
399
                                        try {
412
 
                                                X509Certificate cert = user.getX509Certificate( );
413
 
                                                PublicKey publicKey = cert.getPublicKey();
414
 
                                                sigVerifier.initVerify(publicKey);
415
 
                                                sigVerifier.update((machineConfiguration + image).getBytes());
416
 
                                                signatureVerified = sigVerifier.verify(Hashes.hexToBytes(signature));
 
400
                                                for(User u:Accounts.listAllUsers( )) {
 
401
                                                        for (Certificate cert : u.getCertificates()) {
 
402
                                                                if(cert != null&&cert instanceof X509Certificate)
 
403
                                                                        signatureVerified = canVerifySignature(sigVerifier, ( X509Certificate ) cert, signature, (machineConfiguration + image));
 
404
                                                                if(signatureVerified)
 
405
                                                                        break;
 
406
                                                        }
 
407
                                                }
 
408
                                                if(!signatureVerified) {
 
409
                                                        X509Certificate cert = SystemCredentials.lookup(Eucalyptus.class).getCertificate();
 
410
                                                        if(cert != null)
 
411
                                                                signatureVerified = canVerifySignature(sigVerifier, cert, signature, (machineConfiguration + image));
 
412
                                                }
417
413
                                        } catch(Exception ex) {
418
414
                                                db.rollback();
419
415
                                                LOG.error(ex, ex);
420
416
                                                throw new DecryptionFailedException("signature verification");
421
417
                                        }
422
 
 
423
 
                                        //check if Eucalyptus signed it
424
 
                                        if(!signatureVerified) {
425
 
                                                try {
426
 
                                                        X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
427
 
                                                        PublicKey publicKey = cert.getPublicKey();
428
 
                                                        sigVerifier.initVerify(publicKey);
429
 
                                                        sigVerifier.update((machineConfiguration + image).getBytes());
430
 
                                                        signatureVerified = sigVerifier.verify(Hashes.hexToBytes(signature));
431
 
                                                } catch(Exception ex) {
432
 
                                                        db.rollback();
433
 
                                                        LOG.error(ex, ex);
434
 
                                                        throw new DecryptionFailedException("signature verification");
435
 
                                                }
436
 
 
437
 
                                        }
438
418
                                        if(!signatureVerified) {
439
419
                                                throw new NotAuthorizedException("Invalid signature");
440
420
                                        }
443
423
                                        byte[] key;
444
424
                                        byte[] iv;
445
425
                                        try {
446
 
                                                PrivateKey pk = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getPrivateKey();
 
426
                                                PrivateKey pk = SystemCredentials.lookup(Eucalyptus.class).getPrivateKey();
447
427
                                                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
448
428
                                                cipher.init(Cipher.DECRYPT_MODE, pk);
449
429
                                                key = Hashes.hexToBytes(new String(cipher.doFinal(Hashes.hexToBytes(encryptedKey))));
469
449
        }
470
450
 
471
451
        private boolean isCached(String bucketName, String manifestKey) {
472
 
                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
452
                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
473
453
                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
474
454
                try {
475
455
                        ImageCacheInfo foundImageCacheInfo = db.getUnique(searchImageCacheInfo);
485
465
        }
486
466
 
487
467
        private long checkCachingProgress(String bucketName, String manifestKey, long oldBytesRead) {
488
 
                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
468
                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
489
469
                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
490
470
                try {
491
471
                        ImageCacheInfo foundImageCacheInfo = db.getUnique(searchImageCacheInfo);
502
482
                }
503
483
        }
504
484
 
505
 
        private synchronized void cacheImage(String bucketName, String manifestKey, String userId, boolean isAdministrator) throws EucalyptusCloudException {
506
 
 
507
 
                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
485
        private void cacheImage(String bucketName, String manifestKey, Account account, boolean isAdministrator) throws EucalyptusCloudException {
 
486
                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
508
487
                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
509
488
                List<ImageCacheInfo> imageCacheInfos = db.query(searchImageCacheInfo);
510
489
                String decryptedImageKey = null;
523
502
                if(imageCacher == null) {
524
503
                        if(decryptedImageKey == null) {
525
504
                                try {
526
 
                                        decryptedImageKey = decryptImage(bucketName, manifestKey, userId, isAdministrator);
 
505
                                        decryptedImageKey = decryptImage(bucketName, manifestKey, account, isAdministrator);
527
506
                                } catch(EucalyptusCloudException ex) {
528
507
                                        imageCachers.remove(bucketName + manifestKey);
529
508
                                        throw ex;
534
513
                                foundImageCacheInfo.setInCache(false);
535
514
                                foundImageCacheInfo.setUseCount(0);
536
515
                                foundImageCacheInfo.setSize(0L);
537
 
                                db = WalrusControl.getEntityWrapper();
 
516
                                db = EntityWrapper.get(ImageCacheInfo.class);
538
517
                                db.add(foundImageCacheInfo);
539
518
                                db.commit();
540
519
                        }
541
520
                        imageCacher = imageCachers.get(bucketName + manifestKey);
542
521
                        imageCacher.setDecryptedImageKey(decryptedImageKey);
543
 
                        imageCacher.start();
 
522
                        Threads.lookup(Walrus.class, WalrusImageManager.ImageCacher.class).limitTo(10).submit(imageCacher);
544
523
                } 
545
524
        }
546
525
 
556
535
                        }
557
536
                }
558
537
                EucaSemaphoreDirectory.removeSemaphore(bucketName + "/" + objectKey);
559
 
                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
538
                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
560
539
                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, objectKey);
561
540
                List<ImageCacheInfo> foundImageCacheInfos = db.query(searchImageCacheInfo);
562
541
 
574
553
                }
575
554
        }
576
555
 
577
 
        private void validateManifest(String bucketName, String objectKey, String userId) throws EucalyptusCloudException {
578
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
556
        private void validateManifest(String bucketName, String objectKey, String accountId) throws EucalyptusCloudException {
 
557
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
579
558
                BucketInfo bucketInfo = new BucketInfo(bucketName);
580
559
                BucketInfo bucket = null;
581
560
                try {
582
561
                        bucket = db.getUnique(bucketInfo);
583
 
                } catch(Throwable t) {
584
 
                        throw new EucalyptusCloudException("Unable to get bucket: " + bucketName, t);
 
562
                } catch(Exception t) {
 
563
                        throw new WalrusException("Unable to get bucket: " + bucketName, t);
585
564
                }
586
565
 
587
566
                if (bucket != null) {
591
570
                        if(objectInfos.size() > 0)  {
592
571
                                ObjectInfo objectInfo = objectInfos.get(0);
593
572
 
594
 
                                if(objectInfo.canRead(userId)) {
 
573
                                if(objectInfo.canRead(accountId)) {
595
574
                                        String objectName = objectInfo.getObjectName();
596
575
                                        File file = new File(storageManager.getObjectPath(bucketName, objectName));
597
576
                                        XMLParser parser = new XMLParser(file);
602
581
 
603
582
                                        FileInputStream fileInputStream = null;
604
583
                                        try {
605
 
                                                PrivateKey pk = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getPrivateKey();
 
584
                                                PrivateKey pk = SystemCredentials.lookup(Eucalyptus.class).getPrivateKey();
606
585
                                                Signature sigCloud = Signature.getInstance("SHA1withRSA");
607
586
                                                sigCloud.initSign(pk);
608
587
                                                sigCloud.update(verificationString.getBytes());
634
613
                                                                }
635
614
                                                        } catch (IOException e) {
636
615
                                                                LOG.error(e);
637
 
                                                                throw new EucalyptusCloudException(e);
 
616
                                                                throw new WalrusException(e.getMessage());
638
617
                                                        } finally {
639
618
                                                                try {
640
619
                                                                        inStream.close();
641
620
                                                                } catch (IOException e) {
642
621
                                                                        LOG.error(e);
643
 
                                                                        throw new EucalyptusCloudException(e);
 
622
                                                                        throw new WalrusException(e.getMessage());
644
623
                                                                }
645
624
                                                        }
646
625
                                                        String md5 = Hashes.bytesToHex(digest.digest());
648
627
                                                        objectInfo.setSize(totalBytesRead);
649
628
                                                } catch (FileNotFoundException e) {
650
629
                                                        LOG.error(e, e);
651
 
                                                        throw new EucalyptusCloudException(e);
 
630
                                                        throw new WalrusException(e.getMessage());
652
631
                                                }
653
632
                                        } catch(Exception ex) {
654
633
                                                if(inStream != null) {
667
646
                                                }
668
647
                                                db.rollback();
669
648
                                                LOG.error(ex, ex);
670
 
                                                throw new EucalyptusCloudException("Unable to sign manifest: " + bucketName + "/" + objectKey);
 
649
                                                throw new WalrusException("Unable to sign manifest: " + bucketName + "/" + objectKey);
671
650
                                        }
672
651
                                        db.commit();
673
652
                                } else {
686
665
 
687
666
        public void startImageCacheFlusher(String bucketName, String manifestName) {
688
667
                ImageCacheFlusher imageCacheFlusher = new ImageCacheFlusher(bucketName, manifestName);
689
 
                imageCacheFlusher.start();
 
668
                Threads.lookup(Walrus.class, WalrusImageManager.ImageCacheFlusher.class).limitTo(10).submit(imageCacheFlusher);
690
669
        }
691
670
 
692
 
        private class ImageCacheFlusher extends Thread {
 
671
        private class ImageCacheFlusher implements Runnable {
693
672
                private String bucketName;
694
673
                private String objectKey;
695
674
 
708
687
        }
709
688
 
710
689
 
711
 
        private class ImageCacher extends Thread {
 
690
        private class ImageCacher implements Runnable {
712
691
 
713
692
                private String bucketName;
714
693
                private String manifestKey;
749
728
 
750
729
                                }
751
730
                                Long oldCacheSize = 0L;
752
 
                                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
731
                                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
753
732
                                List<ImageCacheInfo> imageCacheInfos = db.query(new ImageCacheInfo());
754
733
                                for(ImageCacheInfo imageCacheInfo: imageCacheInfos) {
755
734
                                        if(imageCacheInfo.getInCache()) {
813
792
                                        notifyWaiters();
814
793
                                        return;
815
794
                                }
816
 
                                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
795
                                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
817
796
                                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo();
818
797
                                searchImageCacheInfo.setInCache(true);
819
798
                                List<ImageCacheInfo> imageCacheInfos = db.query(searchImageCacheInfo);
859
838
                                storageManager.deleteAbsoluteObject(decryptedImageName);
860
839
                                storageManager.deleteAbsoluteObject(tarredImageName);
861
840
 
862
 
                                EntityWrapper<ImageCacheInfo>db = WalrusControl.getEntityWrapper();
 
841
                                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
863
842
                                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
864
843
                                List<ImageCacheInfo> foundImageCacheInfos = db.query(searchImageCacheInfo);
865
844
                                if(foundImageCacheInfos.size() > 0) {
868
847
                                        foundImageCacheInfo.setInCache(true);
869
848
                                        foundImageCacheInfo.setSize(unencryptedSize);
870
849
                                        db.commit();
871
 
                                        //wake up waiters
872
 
                                        notifyWaiters();
873
850
                                } else {
874
851
                                        db.rollback();
875
852
                                        LOG.error("Could not expand image" + decryptedImageName);
876
 
                                }
 
853
                                }                               
877
854
                        } catch (Exception ex) {
878
855
                                LOG.error(ex);
879
856
                        }
 
857
                        //wake up waiters
 
858
                        notifyWaiters();
880
859
                }
881
860
        }
882
861
 
924
903
                if(outFile.exists())
925
904
                        return outFile.length();
926
905
                else
927
 
                        throw new EucalyptusCloudException("Could not untar image " + imageName);
 
906
                        throw new WalrusException("Could not untar image " + imageName);
928
907
        }
929
908
 
930
909
        private class StreamConsumer extends Thread
984
963
                                output.start();
985
964
                                int exitVal = proc.waitFor();
986
965
                                output.join();
987
 
                        } catch (Throwable t) {
 
966
                        } catch (Exception t) {
988
967
                                LOG.error(t);
989
968
                        }
990
969
                }
999
978
                int bytesRead = 0;
1000
979
                byte[] bytes = new byte[8192];
1001
980
 
1002
 
                while((bytesRead = in.read(bytes)) > 0) {
1003
 
                        byte[] outBytes = cipher.update(bytes, 0, bytesRead);
 
981
                try {
 
982
                        while((bytesRead = in.read(bytes)) > 0) {
 
983
                                byte[] outBytes = cipher.update(bytes, 0, bytesRead);
 
984
                                out.write(outBytes);
 
985
                        }
 
986
 
 
987
                        byte[] outBytes = cipher.doFinal();
1004
988
                        out.write(outBytes);
 
989
                } catch (IOException ex) {
 
990
                        LOG.error( ex );
 
991
                        Logs.extreme( ).error( ex, ex );
 
992
                        throw ex;
 
993
                } finally {
 
994
                        try {
 
995
                                out.close();
 
996
                        } catch (IOException ex) {
 
997
                                LOG.error( ex );
 
998
                        }
 
999
                        try {
 
1000
                                in.close();
 
1001
                        } catch (IOException ex) {
 
1002
                                LOG.error( ex );
 
1003
                        }
1005
1004
                }
1006
 
                byte[] outBytes = cipher.doFinal();
1007
 
                out.write(outBytes);
1008
 
                in.close();
1009
 
                out.close();
 
1005
                
1010
1006
                LOG.info("Done decrypting: " + decryptedImageName);
1011
1007
        }
1012
1008
 
1051
1047
                GetDecryptedImageResponseType reply = (GetDecryptedImageResponseType) request.getReply();
1052
1048
                String bucketName = request.getBucket();
1053
1049
                String objectKey = request.getKey();
1054
 
                String userId = request.getUserId();
 
1050
                Context ctx = Contexts.lookup();
 
1051
                Account account = ctx.getAccount();
1055
1052
 
1056
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
1053
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1057
1054
                BucketInfo bucketInfo = new BucketInfo(bucketName);
1058
1055
                List<BucketInfo> bucketList = db.query(bucketInfo);
1059
1056
                if (bucketList.size() > 0) {
1063
1060
                        if(objectInfos.size() > 0)  {
1064
1061
                                ObjectInfo objectInfo = objectInfos.get(0);
1065
1062
 
1066
 
                                if(objectInfo.canRead(userId) || request.isAdministrator() ) {
 
1063
                                if(ctx.hasAdministrativePrivileges() || (
 
1064
                                                objectInfo.canRead(account.getAccountNumber()) &&
 
1065
                                                Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
 
1066
                                                                PolicySpec.VENDOR_S3,
 
1067
                                                                PolicySpec.S3_RESOURCE_OBJECT,
 
1068
                                                                PolicySpec.objectFullName(bucketName, objectKey),
 
1069
                                                                objectInfo.getOwnerId()))) {
1067
1070
                                        db.commit();
1068
1071
                                        EucaSemaphore semaphore = EucaSemaphoreDirectory.getSemaphore(bucketName + "/" + objectKey);
1069
1072
                                        try {
1070
1073
                                                semaphore.acquire();
1071
1074
                                        } catch(InterruptedException ex) {
1072
 
                                                throw new EucalyptusCloudException("semaphore could not be acquired");
 
1075
                                                throw new WalrusException("semaphore could not be acquired");
1073
1076
                                        }
1074
 
                                        EntityWrapper<ImageCacheInfo> db2 = WalrusControl.getEntityWrapper();
 
1077
                                        EntityWrapper<ImageCacheInfo> db2 = EntityWrapper.get(ImageCacheInfo.class);
1075
1078
                                        ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, objectKey);
1076
1079
                                        List<ImageCacheInfo> foundImageCacheInfos = db2.query(searchImageCacheInfo);
1077
1080
                                        if(foundImageCacheInfos.size() > 0) {
1080
1083
                                                                (!storageManager.objectExists(bucketName, imageCacheInfo.getImageName()))) {
1081
1084
                                                        db2.delete(imageCacheInfo);
1082
1085
                                                        db2.commit();
1083
 
                                                        db2 = WalrusControl.getEntityWrapper();
 
1086
                                                        db2 = EntityWrapper.get(ImageCacheInfo.class);
1084
1087
                                                        foundImageCacheInfos = db2.query(searchImageCacheInfo);
1085
1088
                                                }                                               
1086
1089
                                        }
1089
1092
                                                db2.commit();
1090
1093
                                                //issue a cache request
1091
1094
                                                LOG.info("Image " + bucketName + "/" + objectKey + " not found in cache. Issuing cache request (might take a while...)");
1092
 
                                                cacheImage(bucketName, objectKey, userId, request.isAdministrator());
 
1095
                                                cacheImage(bucketName, objectKey, account, ctx.hasAdministrativePrivileges());
1093
1096
                                                //query db again
1094
 
                                                db2 = WalrusControl.getEntityWrapper();
 
1097
                                                db2 = EntityWrapper.get(ImageCacheInfo.class);
1095
1098
                                                foundImageCacheInfos = db2.query(searchImageCacheInfo);
1096
1099
                                        }
1097
1100
                                        ImageCacheInfo foundImageCacheInfo = null;
1125
1128
                                                                        }
1126
1129
                                                                } while(true);
1127
1130
                                                        } catch(Exception ex) {
1128
 
                                                                LOG.error(ex);
 
1131
                                                                LOG.error(ex, ex);
1129
1132
                                                                semaphore.release();
1130
 
                                                                throw new EucalyptusCloudException("monitor failure");
 
1133
                                                                imageMessenger.removeMonitor(bucketName + "/" + objectKey);
 
1134
                                                                throw new WalrusException("monitor failure");
1131
1135
                                                        }
1132
1136
                                                }
1133
1137
                                                if(!cached) {
1134
1138
                                                        LOG.error("Tired of waiting to cache image: " + bucketName + "/" + objectKey + " giving up");
 
1139
                                                        imageMessenger.removeMonitor(bucketName + "/" + objectKey);
1135
1140
                                                        semaphore.release();
1136
 
                                                        throw new EucalyptusCloudException("caching failure");
 
1141
                                                        throw new WalrusException("caching failure");
1137
1142
                                                }
1138
1143
                                                //caching may have modified the db. repeat the query
1139
 
                                                db2 = WalrusControl.getEntityWrapper();
 
1144
                                                db2 = EntityWrapper.get(ImageCacheInfo.class);
1140
1145
                                                foundImageCacheInfos = db2.query(searchImageCacheInfo);
1141
1146
                                                if(foundImageCacheInfos.size() > 0) {
1142
1147
                                                        foundImageCacheInfo = foundImageCacheInfos.get(0);
1160
1165
                                                        DateUtils.format(objectInfo.getLastModified().getTime(), DateUtils.ISO8601_DATETIME_PATTERN + ".000Z"), 
1161
1166
                                                        objectInfo.getContentType(), objectInfo.getContentDisposition(), request.getIsCompressed(), null, null);                            
1162
1167
                                        semaphore.release();
 
1168
                                        imageMessenger.removeMonitor(bucketName + "/" + objectKey);
1163
1169
                                        return reply;
1164
1170
                                } else {
1165
1171
                                        db.rollback();
1181
1187
                reply.setSuccess(false);
1182
1188
                String bucketName = request.getBucket();
1183
1189
                String objectKey = request.getKey();
1184
 
                String userId = request.getUserId();
 
1190
                Context ctx = Contexts.lookup();
 
1191
                Account account = ctx.getAccount();
1185
1192
 
1186
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
1193
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1187
1194
                BucketInfo bucketInfo = new BucketInfo(bucketName);
1188
1195
                BucketInfo bucket = null;
1189
1196
                try {
1190
1197
                        bucket = db.getUnique(bucketInfo);
1191
 
                } catch(Throwable t) {
1192
 
                        throw new EucalyptusCloudException("Unable to get bucket", t);
 
1198
                } catch(Exception t) {
 
1199
                        throw new WalrusException("Unable to get bucket", t);
1193
1200
                }
1194
1201
 
1195
1202
                if (bucket != null) {
1198
1205
                        List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
1199
1206
                        if(objectInfos.size() > 0)  {
1200
1207
                                ObjectInfo objectInfo = objectInfos.get(0);
1201
 
                                if(objectInfo.canRead(userId)) {
 
1208
                                if(ctx.hasAdministrativePrivileges() || (
 
1209
                                                objectInfo.canRead(account.getAccountNumber()) &&
 
1210
                                                Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
 
1211
                                                                PolicySpec.VENDOR_S3,
 
1212
                                                                PolicySpec.S3_RESOURCE_OBJECT,
 
1213
                                                                PolicySpec.objectFullName(bucketName, objectKey),
 
1214
                                                                objectInfo.getOwnerId()))) {
1202
1215
                                        db.commit();
1203
 
                                        checkManifest(bucketName, objectKey, userId);
 
1216
                                        checkManifest(bucketName, objectKey, account);
1204
1217
                                        reply.setSuccess(true);
1205
1218
                                        return reply;
1206
1219
                                } else {
1222
1235
                reply.setSuccess(false);
1223
1236
                String bucketName = request.getBucket();
1224
1237
                String manifestKey = request.getKey();
1225
 
                String userId = request.getUserId();
1226
 
 
1227
 
 
1228
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
1238
                Context ctx = Contexts.lookup();
 
1239
                Account account = ctx.getAccount();
 
1240
 
 
1241
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1229
1242
                BucketInfo bucketInfo = new BucketInfo(bucketName);
1230
1243
                List<BucketInfo> bucketList = db.query(bucketInfo);
1231
1244
 
1236
1249
                        if(objectInfos.size() > 0)  {
1237
1250
                                ObjectInfo objectInfo = objectInfos.get(0);
1238
1251
 
1239
 
                                if(objectInfo.canRead(userId)) {
1240
 
                                        EntityWrapper<ImageCacheInfo> db2 = WalrusControl.getEntityWrapper();
 
1252
                                if(ctx.hasAdministrativePrivileges() || (
 
1253
                                                objectInfo.canRead(account.getAccountNumber()) &&
 
1254
                                                Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
 
1255
                                                                PolicySpec.VENDOR_S3,
 
1256
                                                                PolicySpec.S3_RESOURCE_OBJECT,
 
1257
                                                                PolicySpec.objectFullName( bucketName, manifestKey ),
 
1258
                                                                objectInfo.getOwnerId()))) {
 
1259
                                        EntityWrapper<ImageCacheInfo> db2 = EntityWrapper.get(ImageCacheInfo.class);
1241
1260
                                        ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
1242
1261
                                        List<ImageCacheInfo> foundImageCacheInfos = db2.query(searchImageCacheInfo);
1243
1262
                                        db2.commit();
1244
1263
                                        if((foundImageCacheInfos.size() == 0) || (!imageCachers.containsKey(bucketName + manifestKey))) {
1245
 
                                                cacheImage(bucketName, manifestKey, userId, request.isAdministrator());
 
1264
                                                cacheImage(bucketName, manifestKey, account, Contexts.lookup( ).hasAdministrativePrivileges( ));
1246
1265
                                                reply.setSuccess(true);
1247
1266
                                        }
1248
1267
                                        db.commit( );
1269
1288
                String bucketName = request.getBucket();
1270
1289
                String manifestKey = request.getKey();
1271
1290
 
1272
 
                EntityWrapper<ImageCacheInfo> db = WalrusControl.getEntityWrapper();
 
1291
                EntityWrapper<ImageCacheInfo> db = EntityWrapper.get(ImageCacheInfo.class);
1273
1292
                ImageCacheInfo searchImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
1274
1293
                List<ImageCacheInfo> foundImageCacheInfos = db.query(searchImageCacheInfo);
1275
1294
 
1279
1298
                                //check that there are no operations in progress and then flush cache and delete image file
1280
1299
                                db.commit();
1281
1300
                                ImageCacheFlusher imageCacheFlusher = new ImageCacheFlusher(bucketName, manifestKey);
1282
 
                                imageCacheFlusher.start();
 
1301
                                Threads.lookup(Walrus.class, WalrusImageManager.ImageCacheFlusher.class).limitTo(10).submit(imageCacheFlusher);
1283
1302
                        } else {
1284
1303
                                db.rollback();
1285
 
                                throw new EucalyptusCloudException("not in cache");
 
1304
                                throw new WalrusException("not in cache");
1286
1305
                        }
1287
1306
                } else {
1288
1307
                        db.rollback();
1295
1314
                ValidateImageResponseType reply = (ValidateImageResponseType) request.getReply();
1296
1315
                String bucketName = request.getBucket();
1297
1316
                String manifestKey = request.getKey();
1298
 
                String userId = request.getUserId();
1299
 
                EntityWrapper<BucketInfo> db = WalrusControl.getEntityWrapper();
 
1317
                Context ctx = Contexts.lookup();
 
1318
                Account account = ctx.getAccount();
 
1319
                EntityWrapper<BucketInfo> db = EntityWrapper.get(BucketInfo.class);
1300
1320
                BucketInfo bucketInfo = new BucketInfo(bucketName);
1301
1321
                List<BucketInfo> bucketList = db.query(bucketInfo);
1302
1322
                if (bucketList.size() > 0) {
1309
1329
                                        List<ObjectInfo> objectInfos = dbObject.query(searchObjectInfo);
1310
1330
                                        if (objectInfos.size() > 0) {
1311
1331
                                                ObjectInfo objectInfo = objectInfos.get(0);
1312
 
                                                if (objectInfo.canRead(userId)) {
 
1332
                                                if (ctx.hasAdministrativePrivileges() || (
 
1333
                                                                objectInfo.canRead(account.getAccountNumber()) &&
 
1334
                                                                Lookups.checkPrivilege(PolicySpec.S3_GETOBJECT,
 
1335
                                                                                PolicySpec.VENDOR_S3,
 
1336
                                                                                PolicySpec.S3_RESOURCE_OBJECT,
 
1337
                                                                                PolicySpec.objectFullName(bucketName, manifestKey),
 
1338
                                                                                objectInfo.getOwnerId()))) {
1313
1339
                                                        //validate manifest
1314
 
                                                        validateManifest(bucketName, manifestKey, userId);
 
1340
                                                        validateManifest(bucketName, manifestKey, account.getAccountNumber());
1315
1341
                                                        db.commit();
1316
1342
                                                } else {
1317
1343
                                                        db.rollback();