accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From haydenmarchant <...@git.apache.org>
Subject [GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
Date Tue, 01 Jul 2014 12:20:25 GMT
GitHub user haydenmarchant opened a pull request:

    https://github.com/apache/accumulo/pull/11

    ACCUMULO-2943 Fixing failures where no RNG "SUN" provider

    Both org.apache.accumulo.core.security.crypto.CrypoTest &
    org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
    due to calls to SecureRandom with Random Number Generator Provider
    hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
    called IBMJCE. 2 issues - hard-coded calls to
    SecureRandom.getInstance(<algo>,"SUN") and also default value in
    Property class is "SUN".
    
    Most failures are due to the CryptoModuleParameters instance being
    populated with default value of Crypto Secure RNG Provider, in
    particular, the following line from CryptoModelFactory.fillParamsObjectFromStringMap():
    
    	params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
    
    Since the default as described in Property class for RNG provider
    is "SUN", I have made an override mechanism in which a default
    property can be overidden by passing System property of same name.
    Any property with annotation @SystemOverride has this functionality
    enabled. So, when using a JVM which does not have the "SUN" RNG
    Provider, a system property (-Dcrypto.secure.rng.provider={provname})
    can be added to the parent pom.xml in the surefire plugin definition
    (same location as the max memory for tests).
    
    In addition, CryptoTest.testCryptoModuleParamsParsing() has been
    changed to read from a separate config file since it just focuses on
     parsing of params and not the actual instantiation of providers etc...

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/haydenmarchant/accumulo ACCUMULO-2943

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/accumulo/pull/11.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #11
    
----
commit cc9ab93aa31f517fca4fe7ccfd7caf7160e07603
Author: haydenmarchant <hayden.marchant@gmail.com>
Date:   2014-07-01T12:12:32Z

    ACCUMULO-2943 Fixing failures where no RNG "SUN" provider
    
    Both org.apache.accumulo.core.security.crypto.CrypoTest &
    org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
    due to calls to SecureRandom with Random Number Generator Provider
    hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
    called IBMJCE. 2 issues - hard-coded calls to
    SecureRandom.getInstance(<algo>,"SUN") and also default value in
    Property class is "SUN".
    
    Most failures are due to the CryptoModuleParameters instance being
    populated with default value of Crypto Secure RNG Provider, in
    particular, the following line from CryptoModelFactory.fillParamsObjectFromStringMap():
    
    	params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
    
    Since the default as described in Property class for RNG provider
    is "SUN", I have made an override mechanism in which a default
    property can be overidden by passing System property of same name.
    Any property with annotation @SystemOverride has this functionality
    enabled. So, when using a JVM which does not have the "SUN" RNG
    Provider, a system property (-Dcrypto.secure.rng.provider={provname})
    can be added to the parent pom.xml in the surefire plugin definition
    (same location as the max memory for tests).
    
    In addition, CryptoTest.testCryptoModuleParamsParsing() has been
    changed to read from a separate config file so the on/off variants,
    since it just focuses on parsing of params.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message