[Swift-commit] cog r3780

swift at ci.uchicago.edu swift at ci.uchicago.edu
Sun Sep 15 20:55:03 CDT 2013 

------------------------------------------------------------------------
r3780 | hategan | 2013-09-15 20:52:39 -0500 (Sun, 15 Sep 2013) | 1 line

disable sharing of proxies between JVM instances by default (see bug 1085)
------------------------------------------------------------------------
Index: modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/AutoCA.java
===================================================================
--- modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/AutoCA.java	(revision 3779)
+++ modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/AutoCA.java	(working copy)
@@ -62,8 +62,11 @@
 public class AutoCA {
     public static final Logger logger = Logger.getLogger(AutoCA.class);
     
+    public static final boolean SHARED_PROXIES = 
+        "true".equals(System.getProperty("autoCA.shared.proxies"));
+    
     public static final String CA_DIR = System.getProperty("user.home") + File.separator 
-    + ".globus" + File.separator + "coasters";
+        + ".globus" + File.separator + "coasters";
     public static final String CA_CRT_NAME_PREFIX = "CAcert";
     public static final String CA_KEY_NAME_PREFIX = "CAkey";
     public static final String USER_CRT_NAME_PREFIX = "usercert";
@@ -120,14 +123,9 @@
     private void ensureCACertsExist() throws IOException, GeneralSecurityException {
         // delete expired CAs, make a new one if the existing ones don't have
         // at least MIN_CA_LIFETIME_LEFT
-        FileLock fl = new FileLock(CA_DIR);
+        FileLock fl = lockDir(CA_DIR);
+        
         try {
-            fl.lock();
-        }
-        catch (Exception e) {
-            logger.warn("Failed to lock CA dir", e);
-        }
-        try {
             File[] certs = discoverProxies();
             long now = System.currentTimeMillis();
             long maxExpirationTime = 0;
@@ -153,7 +151,7 @@
                 }
             }
             
-            if (now + MIN_CA_CERT_LIFETIME_LEFT > maxExpirationTime) {
+            if (now + MIN_CA_CERT_LIFETIME_LEFT > maxExpirationTime && SHARED_PROXIES) {
                 int index = discoverNextIndex();
                 this.info = new Info(makeFile(PROXY_NAME_PREFIX, index), makeFile(CA_CRT_NAME_PREFIX, index));
                 if (logger.isInfoEnabled()) {
@@ -168,10 +166,32 @@
             }
         }
         finally {
+            unlock(fl);
+        }
+    }
+    
+    private void unlock(FileLock fl) throws IOException {
+        if (fl != null) {
             fl.unlock();
         }
     }
-    
+
+    private FileLock lockDir(String caDir) {
+        if (SHARED_PROXIES) {
+            FileLock fl = new FileLock(CA_DIR);
+            try {
+                fl.lock();
+            }
+            catch (Exception e) {
+                logger.warn("Failed to lock CA dir", e);
+            }
+            return fl;
+        }
+        else {
+            return null;
+        }
+    }
+
     private File makeFile(String prefix, int index) {
         return new File(CA_DIR + File.separator + prefix + "." + index + ".pem");
     }
@@ -204,7 +224,7 @@
     private File[] discoverProxies() {
         return new File(CA_DIR).listFiles(new FileFilter() {
             public boolean accept(File f) {
-                return f.isFile() && f.getName().matches(PROXY_NAME_PREFIX + "\\.[0-9]\\.pem");
+                return f.isFile() && f.getName().matches(PROXY_NAME_PREFIX + "\\.[0-9]+\\.pem");
             }
         });
     }

More information about the Swift-commit mailing list