accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ctubb...@apache.org
Subject [1/6] accumulo git commit: ACCUMULO-2278 Return value from in.read() should be checked
Date Fri, 14 Oct 2016 21:49:41 GMT
Repository: accumulo
Updated Branches:
  refs/heads/1.7 c58cf6437 -> 9e236f289
  refs/heads/1.8 980309303 -> 9c11f72e3
  refs/heads/master 693d5be1a -> 3d11cab03


ACCUMULO-2278 Return value from in.read() should be checked

Return value from in.read() should be checked in
NonCachingSecretKeyEn.cryptionStrategy#doKeyEncryptionOperation()

Commits squashed and rebase'd onto 1.7 branch, formatted, and log
message reworded by ctubbsii. This closes #163

Signed-off-by: Christopher Tubbs <ctubbsii@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/9e236f28
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/9e236f28
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/9e236f28

Branch: refs/heads/1.7
Commit: 9e236f289679e950e181db7c14b7f54042d1bb14
Parents: c58cf64
Author: mm376k <mm376k@MDCDTL02MM376K.ITServices.sbc.com>
Authored: Tue Oct 11 19:29:03 2016 -0400
Committer: Christopher Tubbs <ctubbsii@apache.org>
Committed: Fri Oct 14 17:43:13 2016 -0400

----------------------------------------------------------------------
 .../NonCachingSecretKeyEncryptionStrategy.java  | 61 +++++++++++---------
 1 file changed, 33 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/9e236f28/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
index 1dd8d60..5c9ca8c 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
@@ -76,44 +76,49 @@ public class NonCachingSecretKeyEncryptionStrategy implements SecretKeyEncryptio
 
       int keyEncryptionKeyLength = in.readInt();
       byte[] keyEncryptionKey = new byte[keyEncryptionKeyLength];
-      in.read(keyEncryptionKey);
+      int bytesRead = in.read(keyEncryptionKey);
 
       Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
 
-      try {
-        cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, params.getAlgorithmName()));
-      } catch (InvalidKeyException e) {
-        log.error("{}", e.getMessage(), e);
-        throw new RuntimeException(e);
-      }
-
-      if (Cipher.UNWRAP_MODE == encryptionMode) {
+      // check if the number of bytes read into the array is the same as the value of the
length field,
+      if (bytesRead == keyEncryptionKeyLength) {
         try {
-          Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(),
Cipher.SECRET_KEY);
-          params.setPlaintextKey(plaintextKey.getEncoded());
+          cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, params.getAlgorithmName()));
         } catch (InvalidKeyException e) {
           log.error("{}", e.getMessage(), e);
           throw new RuntimeException(e);
-        } catch (NoSuchAlgorithmException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
-        }
-      } else {
-        Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName());
-        try {
-          byte[] encryptedSecretKey = cipher.wrap(plaintextKey);
-          params.setEncryptedKey(encryptedSecretKey);
-          params.setOpaqueKeyEncryptionKeyID(pathToKeyName);
-        } catch (InvalidKeyException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
-        } catch (IllegalBlockSizeException e) {
-          log.error("{}", e.getMessage(), e);
-          throw new RuntimeException(e);
         }
 
-      }
+        if (Cipher.UNWRAP_MODE == encryptionMode) {
+          try {
+            Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(),
Cipher.SECRET_KEY);
+            params.setPlaintextKey(plaintextKey.getEncoded());
+          } catch (InvalidKeyException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          } catch (NoSuchAlgorithmException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          }
+        } else {
+          Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName());
+          try {
+            byte[] encryptedSecretKey = cipher.wrap(plaintextKey);
+            params.setEncryptedKey(encryptedSecretKey);
+            params.setOpaqueKeyEncryptionKeyID(pathToKeyName);
+          } catch (InvalidKeyException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          } catch (IllegalBlockSizeException e) {
+            log.error("{}", e.getMessage(), e);
+            throw new RuntimeException(e);
+          }
 
+        }
+      } else {
+        log.error("{}", "Error:bytesRead does not match EncryptionkeyLength");
+        throw new IllegalArgumentException("Error:bytesRead does not match EncryptionkeyLength");
+      }
     } finally {
       if (in != null) {
         in.close();


Mime
View raw message