db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mi...@apache.org
Subject svn commit: r399498 - in /db/derby/code/branches/10.1/java: client/org/apache/derby/client/am/ testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ testing/org/apache/derbyT...
Date Thu, 04 May 2006 00:08:02 GMT
Author: mikem
Date: Wed May  3 17:08:00 2006
New Revision: 399498

URL: http://svn.apache.org/viewcvs?rev=399498&view=rev
Log:
DERBY-1055

backporting fix for DERBY-1055 from trunk to 10.1 branch, targeting the
10.1.3 release.  See JIRA for details of original fix for 
When using EUSRIDPWD security mechanism, the JCE provider is added and since this is not in
a privileged block, an accesscontrol exception is raised when trying to connect using EUSRIDPWD
security mechanism, when client is run under security manager. 



Added:
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out
  (with props)
Modified:
    db/derby/code/branches/10.1/java/client/org/apache/derby/client/am/EncryptionManager.java
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
    db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java

Modified: db/derby/code/branches/10.1/java/client/org/apache/derby/client/am/EncryptionManager.java
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/client/org/apache/derby/client/am/EncryptionManager.java?rev=399498&r1=399497&r2=399498&view=diff
==============================================================================
--- db/derby/code/branches/10.1/java/client/org/apache/derby/client/am/EncryptionManager.java
(original)
+++ db/derby/code/branches/10.1/java/client/org/apache/derby/client/am/EncryptionManager.java
Wed May  3 17:08:00 2006
@@ -96,9 +96,6 @@
             }
             provider = list[0];
             providerName = provider.getName();
-
-            java.security.Security.addProvider((java.security.Provider) provider);
-
             paramSpec_ = new javax.crypto.spec.DHParameterSpec(modulus__, base__, exponential_length__);
             keyPairGenerator_ = java.security.KeyPairGenerator.getInstance("DH", providerName);
             keyPairGenerator_.initialize(paramSpec_);

Added: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out?rev=399498&view=auto
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
(added)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
Wed May  3 17:08:00 2006
@@ -0,0 +1,10 @@
+Checking security mechanism authentication with DriverManager
+T4: jdbc:derby:net://localhost:20000/wombat;create=true:user=neelima;password=lee;securityMechanism=3;
+T1: jdbc:derby:net://localhost:20000/wombat - EXCEPTION null userid not supported
+T2: jdbc:derby:net://localhost:20000/wombat:user=max; - EXCEPTION null password not supported
+T3: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;
+T5: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;securityMechanism=9;
+T6: jdbc:derby:net://localhost:20000/wombat:user=neelima;securityMechanism=4;
+T8: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;securityMechanism=4;
+SECMEC_USRIDPWD: OK
+Completed testSecMec

Modified: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out?rev=399498&r1=399497&r2=399498&view=diff
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
(original)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
Wed May  3 17:08:00 2006
@@ -3,6 +3,7 @@
 T1: jdbc:derby:net://localhost:20000/wombat - EXCEPTION null userid not supported
 T2: jdbc:derby:net://localhost:20000/wombat:user=max; - EXCEPTION null password not supported
 T3: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;
+T5: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;securityMechanism=9;
- EXCEPTION java.lang.ClassNotFoundException is caught when initializing EncryptionManager
'IBMJCE'
 T6: jdbc:derby:net://localhost:20000/wombat:user=neelima;securityMechanism=4;
 T8: jdbc:derby:net://localhost:20000/wombat:user=neelima;password=lee;securityMechanism=4;
 SECMEC_USRIDPWD: OK

Added: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out?rev=399498&view=auto
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
(added)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
Wed May  3 17:08:00 2006
@@ -0,0 +1,11 @@
+Checking security mechanism authentication with DriverManager
+T4: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;password=lee;securityMechanism=3
+T1: jdbc:derby://localhost:20000/wombat
+T2: jdbc:derby://localhost:20000/wombat;user=max
+T3: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee
+T5: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=9
+T6: jdbc:derby://localhost:20000/wombat;user=neelima;securityMechanism=4
+T8: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=4
+SECMEC_USRIDPWD: OK
+SECMEC_EUSRIDPWD: OK
+Completed testSecMec

Added: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out?rev=399498&view=auto
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out
(added)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out
Wed May  3 17:08:00 2006
@@ -0,0 +1,11 @@
+Checking security mechanism authentication with DriverManager
+T4: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;password=lee;securityMechanism=3
+T1: jdbc:derby://localhost:20000/wombat
+T2: jdbc:derby://localhost:20000/wombat;user=max
+T3: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee
+T5: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=9 - EXCEPTION
java.security.InvalidAlgorithmParameterException is caught when initializing EncryptionManager
'Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)'
+T6: jdbc:derby://localhost:20000/wombat;user=neelima;securityMechanism=4
+T8: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=4
+SECMEC_USRIDPWD: OK
+SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism()  java.security.InvalidAlgorithmParameterException
is caught when initializing EncryptionManager 'Prime size must be multiple of 64, and can
only range from 512 to 1024 (inclusive)'
+Completed testSecMec

Propchange: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/jdk14/testSecMec.out
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out?rev=399498&r1=399497&r2=399498&view=diff
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
(original)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
Wed May  3 17:08:00 2006
@@ -3,7 +3,9 @@
 T1: jdbc:derby://localhost:20000/wombat
 T2: jdbc:derby://localhost:20000/wombat;user=max
 T3: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee
+T5: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=9 - EXCEPTION
java.security.NoSuchProviderException is caught when initializing EncryptionManager 'null'
 T6: jdbc:derby://localhost:20000/wombat;user=neelima;securityMechanism=4
 T8: jdbc:derby://localhost:20000/wombat;user=neelima;password=lee;securityMechanism=4
 SECMEC_USRIDPWD: OK
+SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism()  java.security.NoSuchProviderException
is caught when initializing EncryptionManager 'null'
 Completed testSecMec

Modified: db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java
URL: http://svn.apache.org/viewcvs/db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java?rev=399498&r1=399497&r2=399498&view=diff
==============================================================================
--- db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java
(original)
+++ db/derby/code/branches/10.1/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java
Wed May  3 17:08:00 2006
@@ -149,9 +149,14 @@
 		getConnectionUsingDriverManager(getJDBCUrl("wombat",null),"T1:");
 		getConnectionUsingDriverManager(getJDBCUrl("wombat","user=max"),"T2:");
 		getConnectionUsingDriverManager(getJDBCUrl("wombat","user=neelima;password=lee"),"T3:");
-                // Disable because ibm142 doesnt support DiffieHelman prime of 32 bytes
-                // Also Sun JCE doesnt support it.
-		//getConnectionUsingDriverManager(getJDBCUrl("wombat","user=neelima;password=lee;securityMechanism="+SECMEC_EUSRIDPWD),"T5:");
+
+        // Please note: EUSRIDPWD security mechanism in DRDA uses Diffie-Helman for generation
of shared keys.
+        // The spec specifies the prime to use for DH which is 32 bytes and this needs to
be used as is.
+        // Sun JCE does not support a prime of 32 bytes for Diffie Helman and some 
+        // older versions of IBM JCE ( 1.4.2) also do not support it.
+        // Hence the following call to get connection might not be successful when 
+        // client is running in JVM  where the JCE does not support the DH (32 byte prime)
+		getConnectionUsingDriverManager(getJDBCUrl("wombat","user=neelima;password=lee;securityMechanism="+SECMEC_EUSRIDPWD),"T5:");
 		getConnectionUsingDriverManager(getJDBCUrl("wombat","user=neelima;securityMechanism="+SECMEC_USRIDONL),"T6:");
                 
                 // disable as ibm142 and sun jce doesnt support DH prime of 32 bytes
@@ -172,10 +177,21 @@
 		//testSecurityMechanism("sarah",null,new Short(SECMEC_USRIDONL),"SECMEC_USRIDONL:");
 		testSecurityMechanism("john","sarah",new Short(SECMEC_USRIDPWD),"SECMEC_USRIDPWD:");
                 
-		// Disable this test because ibm142, sun jce does not Diffie Helman prime of 32 bytes
-                // and so this security mechanism wont work in that case
-		//testSecurityMechanism("john","sarah",new Short(SECMEC_EUSRIDPWD),"SECMEC_EUSRIDPWD:");
-
+        // Possible bug in JCC, hence disable this test for JCC framework only
+        // the security mechanism when set on JCC datasource does not seem to 
+        // have an effect. JCC driver is sending a secmec of 3( USRIDPWD) to 
+        // the server even though the security mechanism on datasource is set to 
+        // EUSRIDPWD (9)
+        if (!TestUtil.isJCCFramework())
+        {
+            // Please note: EUSRIDPWD security mechanism in DRDA uses Diffie-Helman for generation
of shared keys.
+            // The spec specifies the prime to use for DH which is 32 bytes and this needs
to be used as is.
+            // Sun JCE does not support a prime of 32 bytes for Diffie Helman and some 
+            // older versions of IBM JCE ( 1.4.2)  also do not support it.
+            // Hence the following call to get connection might not be successful when 
+            // client is running in JVM  where the JCE does not support the DH (32 byte prime)
+            testSecurityMechanism("john","sarah",new Short(SECMEC_EUSRIDPWD),"SECMEC_EUSRIDPWD:");
+        }
 	}
 
 	public void testSecurityMechanism(String user, String password,Short secmec,String msg)
@@ -195,10 +211,20 @@
 			conn.close();
 			System.out.println(msg +" OK");
 		}
-		catch (Exception e)
+		catch (SQLException sqle)
 		{
-			System.out.println(msg +"EXCEPTION testSecurityMechanism()  " + e.getMessage());
+            // Exceptions expected in certain cases depending on JCE used for 
+            // running the test. hence printing message instead of stack traces
+            // here.
+            System.out.println(msg +"EXCEPTION testSecurityMechanism()  " + sqle.getMessage());
+            dumpSQLException(sqle.getNextException());
 		}
+        catch (Exception e)
+        {
+            System.out.println("UNEXPECTED EXCEPTION!!!" +msg);
+            e.printStackTrace();
+        }
+        
 	}
 
 	public void getConnectionUsingDriverManager(String dbUrl, String msg)
@@ -211,9 +237,29 @@
 		}
 		catch(SQLException sqle)
 		{
+            // Ideally - we would print stack trace of nested SQLException for
+            // any unexpected exception.
+            // But in this testcase, one test can give an exception in one JCE
+            // implementation and in some JCE's the test can pass. 
+            // Hence printing the messages instead of stack traces.
 			System.out.println(msg +" "+dbUrl +" - EXCEPTION "+ sqle.getMessage());
+            dumpSQLException(sqle.getNextException());
 		}
 	}
 
+
+    /**
+     * Dump SQLState and message for the complete nested chain of SQLException 
+     * @param sqle SQLException whose complete chain of exceptions is traversed and sqlstate
and 
+     * message is printed out
+     */
+    public static void dumpSQLException(SQLException sqle)
+    {
+        while ( sqle != null)
+        {
+            System.out.println("SQLSTATE("+sqle.getSQLState()+"): " + sqle.getMessage());
+            sqle = sqle.getNextException();
+        }
+    }
 
 }



Mime
View raw message