Return-Path: X-Original-To: apmail-accumulo-commits-archive@www.apache.org Delivered-To: apmail-accumulo-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B3AC9118BC for ; Tue, 22 Apr 2014 21:22:22 +0000 (UTC) Received: (qmail 19852 invoked by uid 500); 22 Apr 2014 21:22:22 -0000 Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org Received: (qmail 19824 invoked by uid 500); 22 Apr 2014 21:22:21 -0000 Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list commits@accumulo.apache.org Received: (qmail 19817 invoked by uid 99); 22 Apr 2014 21:22:21 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Apr 2014 21:22:21 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 77E888C2E07; Tue, 22 Apr 2014 21:22:21 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: vines@apache.org To: commits@accumulo.apache.org Message-Id: <098de4fd68ba4f96a5c88ff0aeefe728@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: ACCUMULO-2713 checking for all sensitive and raw output stream for walogs Date: Tue, 22 Apr 2014 21:22:21 +0000 (UTC) Repository: accumulo Updated Branches: refs/heads/1.6.0-SNAPSHOT 53136a7b3 -> fbbe472a3 ACCUMULO-2713 checking for all sensitive and raw output stream for walogs Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/fbbe472a Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/fbbe472a Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/fbbe472a Branch: refs/heads/1.6.0-SNAPSHOT Commit: fbbe472a304ac9dd25850f80de65479d3b19e3a6 Parents: 53136a7 Author: John Vines Authored: Tue Apr 22 17:20:48 2014 -0400 Committer: John Vines Committed: Tue Apr 22 17:22:16 2014 -0400 ---------------------------------------------------------------------- .../accumulo/core/file/rfile/RFileTest.java | 10 +++++--- .../core/security/crypto/CryptoTest.java | 26 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java index 767bb3d..969b179 100644 --- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java +++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java @@ -1751,7 +1751,7 @@ public class RFileTest { } @Test - public void testCryptoDoesntLeakInstanceSecret() throws IOException { + public void testCryptoDoesntLeakSensitive() throws IOException { conf = setAndGetAccumuloConfig(CryptoTest.CRYPTO_ON_CONF); // test an empty file @@ -1763,10 +1763,12 @@ public class RFileTest { byte[] rfBytes = trf.baos.toByteArray(); // If we get here, we have encrypted bytes - byte[] toCheck = Property.INSTANCE_SECRET.getKey().getBytes(); - assertEquals(-1, Bytes.indexOf(rfBytes, toCheck)); + for (Property prop : Property.values()) { + if (prop.isSensitive()) { + byte[] toCheck = prop.getKey().getBytes(); + assertEquals(-1, Bytes.indexOf(rfBytes, toCheck)); } + } } - @Test public void testRootTabletEncryption() throws Exception { http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java index 605e43a..fe16c0e 100644 --- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java +++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java @@ -44,11 +44,14 @@ import javax.crypto.spec.SecretKeySpec; import org.apache.accumulo.core.conf.AccumuloConfiguration; import org.apache.accumulo.core.conf.ConfigurationCopy; +import org.apache.accumulo.core.conf.Property; import org.apache.hadoop.conf.Configuration; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import com.google.common.primitives.Bytes; + public class CryptoTest { private static final int MARKER_INT = 0xCADEFEDD; @@ -102,6 +105,29 @@ public class CryptoTest { } @Test + public void testCryptoModuleDoesntLeakSensitive() throws IOException { + AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF); + + CryptoModuleParameters params = CryptoModuleFactory.createParamsObjectFromAccumuloConfiguration(conf); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + params.setPlaintextOutputStream(baos); + + CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf); + + cryptoModule.getEncryptingOutputStream(params); + params.getEncryptedOutputStream().close(); + + // If we get here, we have encrypted bytes + byte[] streamBytes = baos.toByteArray(); + for (Property prop : Property.values()) { + if (prop.isSensitive()) { + byte[] toCheck = prop.getKey().getBytes(); + assertEquals(-1, Bytes.indexOf(streamBytes, toCheck)); } + } + + } + + @Test public void testCryptoModuleParamsValidation1() throws IOException { AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);