diff options
author | Aurelien Poscia <aurelien.poscia@sonarsource.com> | 2024-01-19 10:08:55 +0100 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2024-01-25 20:02:56 +0000 |
commit | 858b1023bba599c5aa44119469d8451301434abb (patch) | |
tree | e0a8621447c7b5b8c7ea447a57deb9feab3f5b31 /server/sonar-server-common | |
parent | c7d0bb440b8e6bf4c625463b05ec390f1a7a27ab (diff) | |
download | sonarqube-858b1023bba599c5aa44119469d8451301434abb.tar.gz sonarqube-858b1023bba599c5aa44119469d8451301434abb.zip |
SONAR-21290 Use UUIDs v4 for all database identifiers
Diffstat (limited to 'server/sonar-server-common')
4 files changed, 310 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/MacAddressProvider.java b/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/MacAddressProvider.java new file mode 100644 index 00000000000..91b5f7d99c1 --- /dev/null +++ b/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/MacAddressProvider.java @@ -0,0 +1,109 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.serverid; + +import com.google.common.annotations.VisibleForTesting; +import java.net.NetworkInterface; +import java.net.SocketException; +import java.security.SecureRandom; +import java.util.Enumeration; +import javax.annotation.CheckForNull; +import javax.annotation.Nullable; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.sonar.core.util.UuidFactoryImpl; + +/** + * Used by {@link UuidFactoryImpl}. Heavily inspired by https://github.com/elastic/elasticsearch/blob/master/core/src/main/java/org/elasticsearch/common/MacAddressProvider.java + */ +class MacAddressProvider { + + private static final Logger LOGGER = LoggerFactory.getLogger(MacAddressProvider.class); + public static final int BYTE_SIZE = 6; + + private MacAddressProvider() { + // only static stuff + } + + public static byte[] getSecureMungedAddress() { + byte[] address = null; + try { + address = getMacAddress(); + } catch (SocketException se) { + LOGGER.warn("Unable to get mac address, will use a dummy address", se); + // address will be set below + } + + if (!isValidAddress(address)) { + LOGGER.warn("Unable to get a valid mac address, will use a dummy address"); + address = constructDummyMulticastAddress(); + } + + byte[] mungedBytes = new byte[BYTE_SIZE]; + new SecureRandom().nextBytes(mungedBytes); + for (int i = 0; i < BYTE_SIZE; ++i) { + mungedBytes[i] ^= address[i]; + } + + return mungedBytes; + } + + private static boolean isValidAddress(@Nullable byte[] address) { + if (address == null || address.length != BYTE_SIZE) { + return false; + } + for (byte b : address) { + if (b != 0x00) { + // If any of the bytes are non zero assume a good address + return true; + } + } + return false; + } + + @CheckForNull + private static byte[] getMacAddress() throws SocketException { + Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces(); + if (en != null) { + while (en.hasMoreElements()) { + NetworkInterface nint = en.nextElement(); + if (!nint.isLoopback()) { + // Pick the first valid non loopback address we find + byte[] address = nint.getHardwareAddress(); + if (isValidAddress(address)) { + return address; + } + } + } + } + // Could not find a mac address + return null; + } + + @VisibleForTesting + static byte[] constructDummyMulticastAddress() { + byte[] dummy = new byte[BYTE_SIZE]; + new SecureRandom().nextBytes(dummy); + // Set the broadcast bit to indicate this is not a _real_ mac address + dummy[0] |= (byte) 0x01; + return dummy; + } + +} diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/ServerIdGenerator.java b/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/ServerIdGenerator.java new file mode 100644 index 00000000000..a25738b3392 --- /dev/null +++ b/server/sonar-server-common/src/main/java/org/sonar/server/platform/serverid/ServerIdGenerator.java @@ -0,0 +1,99 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.serverid; + +import java.security.SecureRandom; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.Supplier; +import org.apache.commons.codec.binary.Base64; + +public final class ServerIdGenerator { + + private final FullNewIdGenerator fullNewIdGenerator = new FullNewIdGenerator(); + + public String generate() { + return Base64.encodeBase64URLSafeString(fullNewIdGenerator.get()); + } + + private static class IdGeneratorBase { + // We only use bottom 3 bytes for the sequence number. Paranoia: init with random int so that if JVM/OS/machine goes down, clock slips + // backwards, and JVM comes back up, we are less likely to be on the same sequenceNumber at the same time: + private final AtomicInteger sequenceNumber = new AtomicInteger(new SecureRandom().nextInt()); + private final byte[] secureMungedAddress = MacAddressProvider.getSecureMungedAddress(); + // Used to ensure clock moves forward + private long lastTimestamp = 0L; + + void initBase(byte[] buffer, int sequenceId) { + long timestamp = System.currentTimeMillis(); + + synchronized (this) { + // Don't let timestamp go backwards, at least "on our watch" (while this JVM is running). We are still vulnerable if we are + // shut down, clock goes backwards, and we restart... for this we randomize the sequenceNumber on init to decrease chance of + // collision: + timestamp = Math.max(lastTimestamp, timestamp); + + if (sequenceId == 0) { + // Always force the clock to increment whenever sequence number is 0, in case we have a long time-slip backwards: + timestamp++; + } + + lastTimestamp = timestamp; + } + + // Only use lower 6 bytes of the timestamp (this will suffice beyond the year 10000): + putLong(buffer, timestamp, 0, 6); + + // MAC address adds 6 bytes: + System.arraycopy(secureMungedAddress, 0, buffer, 6, secureMungedAddress.length); + } + + protected byte[] generate(byte[] buffer, int increment) { + // Sequence number adds 3 bytes + putLong(buffer, increment, 12, 3); + + return buffer; + } + + int getSequenceId() { + return sequenceNumber.incrementAndGet() & 0xffffff; + } + + /** + * Puts the lower numberOfLongBytes from l into the array, starting index pos. + */ + private static void putLong(byte[] array, long l, int pos, int numberOfLongBytes) { + for (int i = 0; i < numberOfLongBytes; ++i) { + array[pos + numberOfLongBytes - i - 1] = (byte) (l >>> (i * 8)); + } + } + } + + private static final class FullNewIdGenerator extends IdGeneratorBase implements Supplier<byte[]> { + + @Override + public byte[] get() { + byte[] buffer = new byte[15]; + int sequenceId = getSequenceId(); + initBase(buffer, sequenceId); + return super.generate(buffer, sequenceId); + } + } + +} diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/MacAddressProviderTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/MacAddressProviderTest.java new file mode 100644 index 00000000000..6babb49a4cb --- /dev/null +++ b/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/MacAddressProviderTest.java @@ -0,0 +1,43 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.serverid; + +import org.junit.Test; + +import static org.assertj.core.api.Assertions.assertThat; + +public class MacAddressProviderTest { + + @Test + public void getSecureMungedAddress() { + byte[] address = MacAddressProvider.getSecureMungedAddress(); + assertThat(address) + .isNotEmpty() + .hasSize(6); + } + + @Test + public void constructDummyMulticastAddress() { + byte[] address = MacAddressProvider.constructDummyMulticastAddress(); + assertThat(address) + .isNotEmpty() + .hasSize(6); + } +} diff --git a/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/ServerIdGeneratorTest.java b/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/ServerIdGeneratorTest.java new file mode 100644 index 00000000000..dcb13c12b60 --- /dev/null +++ b/server/sonar-server-common/src/test/java/org/sonar/server/platform/serverid/ServerIdGeneratorTest.java @@ -0,0 +1,59 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.serverid; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import org.junit.Test; + +import static org.assertj.core.api.Assertions.assertThat; + +public class ServerIdGeneratorTest { + private final ServerIdGenerator underTest = new ServerIdGenerator(); + + @Test + public void generate_concurrent_test() throws InterruptedException { + int rounds = 500; + List<String> ids1 = new ArrayList<>(rounds); + List<String> ids2 = new ArrayList<>(rounds); + Thread t1 = new Thread(() -> { + for (int i = 0; i < rounds; i++) { + ids1.add(underTest.generate()); + } + }); + Thread t2 = new Thread(() -> { + for (int i = 0; i < rounds; i++) { + ids2.add(underTest.generate()); + } + }); + t1.start(); + t2.start(); + t1.join(); + t2.join(); + + Set<String> ids = new HashSet<>(rounds * 2); + ids.addAll(ids1); + ids.addAll(ids2); + assertThat(ids).hasSize(rounds * 2); + } + +} |