Implementing cluster token caching #4159

- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
- introduced integration test + unit tests

Author: de-jcup

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/cache/CacheData.java

@@ -0,0 +1,74 @@
+package com.mercedesbenz.sechub.commons.core.cache;
+
+import static java.util.Objects.*;
+
+import java.io.Serializable;
+import java.time.Duration;
+import java.time.Instant;
+
+import javax.crypto.SealedObject;
+
+import com.mercedesbenz.sechub.commons.core.security.CryptoAccess;
+import com.mercedesbenz.sechub.commons.core.security.CryptoAccessProvider;
+
+/**
+ * Represents the data stored in the cache under a specific key.
+ *
+ * <p>
+ * The cached data can be any serializable object. If cryptoAccess provider is
+ * nut null, the value is securely sealed using a {@link CryptoAccess} instance
+ * of type otherwise the value be stored directly. <code>T</code>.
+ * </p>
+ */
+public class CacheData<T extends Serializable> {
+
+    private final CryptoAccessProvider<T> cryptoAccessProvider;
+    private final SealedObject sealedValue;
+    private final Duration duration;
+    private final T value;
+    private final Instant createdAt;
+
+    public CacheData(T value, Duration duration, Instant created) {
+        this(value, duration, null, created);
+    }
+
+    public CacheData(T value, Duration duration, CryptoAccessProvider<T> cryptoAccessProvider) {
+        this(value, duration, cryptoAccessProvider, null);
+    }
+
+    public CacheData(T value, Duration duration, CryptoAccessProvider<T> cryptoAccessProvider, Instant now) {
+
+        requireNonNull(value, "Property 'value' must not be null");
+
+        this.createdAt = now != null ? now : Instant.now();
+        this.cryptoAccessProvider = cryptoAccessProvider;
+
+        if (cryptoAccessProvider == null) {
+            this.value = value;
+            this.sealedValue = null;
+        } else {
+            this.value = null;
+            this.sealedValue = cryptoAccessProvider.getCryptoAccess().seal(value);
+        }
+        this.duration = requireNonNull(duration, "Property 'duration' must not be null");
+    }
+
+    public boolean isSealed() {
+        return sealedValue != null;
+    }
+
+    public T getValue() {
+        if (cryptoAccessProvider == null) {
+            return value;
+        }
+        return cryptoAccessProvider.getCryptoAccess().unseal(sealedValue);
+    }
+
+    public Duration getDuration() {
+        return duration;
+    }
+
+    public Instant getCreatedAt() {
+        return createdAt;
+    }
+}

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/cache/CachePersistence.java

@@ -0,0 +1,38 @@
+package com.mercedesbenz.sechub.commons.core.cache;
+
+import java.io.Serializable;
+import java.time.Instant;
+
+public interface CachePersistence<T extends Serializable> {
+
+    /**
+     * Updates or creates a cache entry
+     *
+     * @param key       the key for the cache entry
+     * @param cacheData cache data containing
+     */
+    void put(String key, CacheData<T> cacheData);
+
+    /**
+     * Fetch cache entry for given key
+     *
+     * @param key key to identify value
+     * @return cache data or <code>null</code> if not available
+     */
+    CacheData<T> get(String key);
+
+    /**
+     * Remove entry from cache
+     *
+     * @param key key to identify value
+     */
+    void remove(String key);
+
+    /**
+     * Removes all outdated entries from cache
+     *
+     * @param now an instant representing now
+     */
+    void removeOutdated(Instant now);
+
+}

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/cache/InMemoryCachePersistence.java

@@ -0,0 +1,48 @@
+package com.mercedesbenz.sechub.commons.core.cache;
+
+import java.io.Serializable;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * <b>Note:</b> This cache persistence is local to a single application instance
+ * and is not shared across multiple instances. Avoid using it in scenarios
+ * where a distributed caching mechanism is required.
+ *
+ * @param <T>
+ */
+public class InMemoryCachePersistence<T extends Serializable> implements CachePersistence<T> {
+
+    private final Map<String, CacheData<T>> cacheMap = new ConcurrentHashMap<>();
+
+    @Override
+    public void remove(String key) {
+        cacheMap.remove(key);
+    }
+
+    @Override
+    public void put(String key, CacheData<T> cacheData) {
+        cacheMap.put(key, cacheData);
+    }
+
+    @Override
+    public CacheData<T> get(String key) {
+        return cacheMap.get(key);
+    }
+
+    @Override
+    public void removeOutdated(Instant now) {
+        cacheMap.forEach((key, value) -> {
+            Instant cacheDataCreatedAt = value.getCreatedAt();
+            Duration cacheDataDuration = value.getDuration();
+
+            if (cacheDataCreatedAt.plus(cacheDataDuration).isBefore(now)) {
+                cacheMap.remove(key);
+            }
+        });
+
+    }
+
+}

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/cache/SelfCleaningCache.java

@@ -1,20 +1,21 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.commons.core.cache;
 
-import static java.util.Objects.requireNonNull;
+import static java.util.Objects.*;
 
 import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Optional;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 
-import javax.crypto.SealedObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.mercedesbenz.sechub.commons.core.security.CryptoAccess;
+import com.mercedesbenz.sechub.commons.core.security.CryptoAccessProvider;
 import com.mercedesbenz.sechub.commons.core.shutdown.ApplicationShutdownHandler;
 import com.mercedesbenz.sechub.commons.core.shutdown.ShutdownListener;
 
@@ -23,47 +24,48 @@
  * caching mechanism for generic data.
  *
  * <p>
- * It uses a {@link ConcurrentHashMap} to store data and a scheduled task to
+ * It uses a {@link CachePersistence} to store data and a scheduled task to
  * clear expired entries periodically. By default, the cache cleanup runs every
  * minute with an initial delay of 1 minute. These values can be customized via
  * the constructor.
  * </p>
  *
- * <p>
- * <b>Note:</b> This cache is local to a single application instance and is not
- * shared across multiple instances. Avoid using it in scenarios where a
- * distributed caching mechanism is required.
- * </p>
- *
  * @param <T> the type of data stored in the cache (must be of type
  *            {@link Serializable})
  *
- * @author hamidonos
+ * @author hamidonos, de-jcup
  */
-public class InMemoryCache<T extends Serializable> implements ShutdownListener {
+public class SelfCleaningCache<T extends Serializable> implements ShutdownListener, CryptoAccessProvider<T> {
+
+    private static final Logger logger = LoggerFactory.getLogger(SelfCleaningCache.class);
 
     private static final Duration DEFAULT_CACHE_CLEAR_JOB_PERIOD = Duration.ofMinutes(1);
 
-    private final ConcurrentHashMap<String, CacheData> cacheMap = new ConcurrentHashMap<>();
     private final ScheduledExecutorService scheduledExecutorService;
     private final CryptoAccess<T> cryptoAccess = new CryptoAccess<>();
     private final ScheduledFuture<?> cacheClearJob;
     private final Duration cacheClearJobPeriod;
+    private final CachePersistence<T> cachePersistence;
 
-    public InMemoryCache(ScheduledExecutorService scheduledExecutorService, ApplicationShutdownHandler applicationShutdownHandler) {
-        this(DEFAULT_CACHE_CLEAR_JOB_PERIOD, scheduledExecutorService, applicationShutdownHandler);
+    public SelfCleaningCache(CachePersistence<T> cachePersistence, ScheduledExecutorService scheduledExecutorService,
+            ApplicationShutdownHandler applicationShutdownHandler) {
+        this(cachePersistence, DEFAULT_CACHE_CLEAR_JOB_PERIOD, scheduledExecutorService, applicationShutdownHandler);
     }
 
     /* @formatter:off */
-    public InMemoryCache(Duration cacheClearJobPeriod,
+    public SelfCleaningCache(CachePersistence<T> cachePersistence, Duration cacheClearJobPeriod,
                          ScheduledExecutorService scheduledExecutorService,
                          ApplicationShutdownHandler applicationShutdownHandler) {
         /* @formatter:on */
+        this.cachePersistence = requireNonNull(cachePersistence, "Parameter 'cachePersistence' must not be null");
         this.scheduledExecutorService = requireNonNull(scheduledExecutorService, "Property 'scheduledExecutorService' must not be null");
         this.cacheClearJobPeriod = requireNonNull(cacheClearJobPeriod, "Property 'cacheClearJobPeriod' must not be null");
+
         cacheClearJob = scheduleClearCacheJob();
+
         requireNonNull(applicationShutdownHandler, "Property 'applicationShutdownHandler' must not be null");
         applicationShutdownHandler.register(this);
+
     }
 
     /**
@@ -81,7 +83,10 @@ public InMemoryCache(Duration cacheClearJobPeriod,
      */
     public void put(String key, T value, Duration duration) {
         requireNonNull(key, "Argument 'key' must not be null");
-        cacheMap.put(key, new CacheData(value, duration));
+        if (logger.isTraceEnabled()) {
+            logger.trace("Put to persistence ({}): key={}, duration={}, value= {}", cachePersistence.getClass().getSimpleName(), key, duration, value);
+        }
+        cachePersistence.put(key, new CacheData<T>(value, duration, this));
     }
 
     /**
@@ -98,7 +103,7 @@ public void put(String key, T value, Duration duration) {
     public Optional<T> get(String key) {
         requireNonNull(key, "Argument 'key' must not be null");
 
-        CacheData cacheData = cacheMap.get(key);
+        CacheData<T> cacheData = cachePersistence.get(key);
 
         if (cacheData == null) {
             return Optional.empty();
@@ -115,7 +120,8 @@ public Optional<T> get(String key) {
      * @throws NullPointerException if the specified key is null
      */
     public void remove(String key) {
-        cacheMap.remove(key);
+        requireNonNull(key, "key must not be null!");
+        cachePersistence.remove(key);
     }
 
     public Duration getCacheClearJobPeriod() {
@@ -139,49 +145,12 @@ private ScheduledFuture<?> scheduleClearCacheJob() {
     }
 
     private void clearCache() {
-        Instant now = Instant.now();
-
-        cacheMap.forEach((key, value) -> {
-            Instant cacheDataCreatedAt = value.getCreatedAt();
-            Duration cacheDataDuration = value.getDuration();
-
-            if (cacheDataCreatedAt.plus(cacheDataDuration).isBefore(now)) {
-                cacheMap.remove(key);
-            }
-        });
+        cachePersistence.removeOutdated(Instant.now());
     }
 
-    /**
-     * Represents the data stored in the cache under a specific key.
-     *
-     * <p>
-     * The cached data can be any serializable object. It is securely sealed using a
-     * {@link CryptoAccess} instance of type <code>T</code>.
-     * </p>
-     */
-    private class CacheData {
-
-        private final SealedObject sealedValue;
-        private final Duration duration;
-        private final Instant createdAt = Instant.now();
-
-        public CacheData(T value, Duration duration) {
-            requireNonNull(value, "Property 'value' must not be null");
-            this.sealedValue = InMemoryCache.this.cryptoAccess.seal(value);
-            this.duration = requireNonNull(duration, "Property 'duration' must not be null");
-        }
-
-        public T getValue() {
-            return cryptoAccess.unseal(sealedValue);
-        }
-
-        public Duration getDuration() {
-            return duration;
-        }
-
-        public Instant getCreatedAt() {
-            return createdAt;
-        }
+    @Override
+    public CryptoAccess<T> getCryptoAccess() {
+        return cryptoAccess;
     }
 
 }

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/security/CryptoAccess.java

@@ -10,10 +10,14 @@
 import javax.crypto.SecretKey;
 
 /**
- * Represents a common possibility to encrypt data. The secret key of an
- * instance can unseal and seal objects for example. Be aware: Every crypto
- * access object has its own secret key inside! So you need to use the same
- * crypto access object for you operations...
+ * Represents a common possibility to encrypt data inside ONE JVM. The secret
+ * key of an instance can unseal and seal objects for example. Be aware: Every
+ * crypto access object has its own secret key inside! So you need to use the
+ * same crypto access object for you operations...
+ *
+ * NOTE: If you want to persist or share an object in a encrypted way you have
+ * to use other ways! This class is only meant to ensure that memory dumps do
+ * not reveal object data.
  *
  * @author Albert Tregnaghi
  *

sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/security/CryptoAccessProvider.java

@@ -0,0 +1,11 @@
+package com.mercedesbenz.sechub.commons.core.security;
+
+import java.io.Serializable;
+
+public interface CryptoAccessProvider<T extends Serializable> {
+
+    /**
+     * @return crypto access object, never <code>null</code>
+     */
+    public CryptoAccess<T> getCryptoAccess();
+}