db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sure...@apache.org
Subject svn commit: r429417 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/store/raw/ engine/org/apache/derby/impl/store/raw/data/ testing/org/apache/derbyTesting/functionTests/tests/store/
Date Mon, 07 Aug 2006 18:04:33 GMT
Author: suresht
Date: Mon Aug  7 11:04:32 2006
New Revision: 429417

URL: http://svn.apache.org/viewvc?rev=429417&view=rev
Log:
DERBY -1156 (partial) re-encryption of the database.

This patch adds priveleged blocks required to run (re) encryption of the 
database under security manager. Enabled the related tests to run under 
security manager,



Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/EncryptData.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest1_app.properties
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest2_app.properties

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java?rev=429417&r1=429416&r2=429417&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java Mon Aug
 7 11:04:32 2006
@@ -2101,7 +2101,7 @@
         catch( PrivilegedActionException pae) { return false;} // does not throw an exception
         finally
         {
-            actionRegularFile = null;
+            actionStorageFile = null;
         }
     }
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/EncryptData.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/EncryptData.java?rev=429417&r1=429416&r2=429417&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/EncryptData.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/EncryptData.java
Mon Aug  7 11:04:32 2006
@@ -34,6 +34,10 @@
 
 import org.apache.derby.io.StorageFactory;
 import org.apache.derby.io.StorageFile;
+import org.apache.derby.iapi.util.ReuseFactory;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
 
 /**
  * This class is used to encrypt all the containers in the data segment with a 
@@ -52,19 +56,28 @@
  *                                         another file (o<cid>.dat)
  *   4.	Rename the new encrypted version of the file (n<cid).dat) to be 
  *                                    the current container file (c<cid>.dat).
- *   5.	Submit a post commit work to remove the old version of 
- *                                      the container (o<cid>.dat) file. 
+ *   5.	All the old version of  the container (o<cid>.dat) files are removed
+ *      after a successful checkpoint with a new key or on a rollback.
  *   
  * 	@author  Suresh Thalamati
  */
 
-public class EncryptData {
+public class EncryptData implements PrivilegedAction {
 
     private BaseDataFileFactory dataFactory;
     private StorageFactory storageFactory;
     private StorageFile[] oldFiles;
     private int noOldFiles = 0; 
 
+
+    /* privileged actions */
+    private static final int STORAGE_FILE_EXISTS_ACTION = 1;
+    private static final int STORAGE_FILE_DELETE_ACTION = 2;
+    private static final int STORAGE_FILE_RENAME_ACTION = 3;
+    private int actionCode;
+    private StorageFile actionStorageFile;
+    private StorageFile actionDestStorageFile;
+
 	public EncryptData(BaseDataFileFactory dataFactory) {
 		this.dataFactory = dataFactory;
         this.storageFactory = dataFactory.getStorageFactory();
@@ -176,9 +189,9 @@
         /*
          * Replace the current container file with the new container file after
          * keeping a copy of the current container file, it will be removed on 
-         * post-commit or on a rollback this copy will be replace the container 
-         * file to bring the database back to the state before encryption 
-         * process started.  
+         * after a checkpoint with new key or on a rollback this copy will be 
+         * replace the container file to bring the database back to the 
+         * state before encryption process started.  
          */
 
         // discard pages in the cache related to this container. 
@@ -200,14 +213,14 @@
         StorageFile currentFile =  dataFactory.getContainerPath(ckey , false);
         StorageFile oldFile = getFile(ckey, true);
 
-        if (!currentFile.renameTo(oldFile)) {
+        if (!privRename(currentFile, oldFile)) {
                 throw StandardException.
                     newException(SQLState.RAWSTORE_ERROR_RENAMING_FILE,
                                  currentFile, oldFile);
             }
 
         // now replace current container file with the new file. 
-        if (!newFile.renameTo(currentFile)) {
+        if (!privRename(newFile, currentFile)) {
             throw StandardException.
                 newException(SQLState.RAWSTORE_ERROR_RENAMING_FILE,
                              newFile, currentFile);
@@ -292,17 +305,17 @@
         
         // if backup of the original container file exists, replace the 
         // container with the backup copy.
-        if (oldFile.exists()) {
-            if (currentFile.exists()) {
+        if (privExists(oldFile)) {
+            if (privExists(currentFile)) {
                 // rename the current container file to be the new file.
-                if (!currentFile.renameTo(newFile)) {
+                if (!privRename(currentFile, newFile)) {
                     throw StandardException.
                         newException(SQLState.RAWSTORE_ERROR_RENAMING_FILE,
                                      currentFile, newFile);
                 }
             }
 
-            if (!oldFile.renameTo(currentFile)) {
+            if (!privRename(oldFile, currentFile)) {
                 throw StandardException.
                     newException(SQLState.RAWSTORE_ERROR_RENAMING_FILE,
                                  oldFile, currentFile);
@@ -310,9 +323,9 @@
         }
 
         // if the new copy of the container file exists, remove it.
-        if (newFile.exists()) {
+        if (privExists(newFile)) {
 
-            if (!newFile.delete())
+            if (!privDelete(newFile))
                 throw StandardException.newException(
                                                  SQLState.UNABLE_TO_DELETE_FILE, 
                                                  newFile);
@@ -348,7 +361,7 @@
                     if (isOldContainerFile(files[i]))
                     {
                         StorageFile oldFile = getFile(files[i]);
-                        if (!oldFile.delete()) 
+                        if (!privDelete(oldFile)) 
                         {
                             throw StandardException.newException(
                                           SQLState.FILE_CANNOT_REMOVE_FILE,
@@ -362,7 +375,7 @@
             // delete all the old version of the containers. 
             for (int i = 0 ; i < noOldFiles ; i++) 
             {
-                if (!oldFiles[i].delete()) 
+                if (!privDelete(oldFiles[i])) 
                 {
                     throw StandardException.newException(
                                    SQLState.FILE_CANNOT_REMOVE_FILE, 
@@ -370,5 +383,60 @@
                 }
             }
         }
+    }
+
+
+    
+    private synchronized boolean privExists(StorageFile file)
+    {
+        actionCode = STORAGE_FILE_EXISTS_ACTION;
+        actionStorageFile = file;
+        Object ret = AccessController.doPrivileged(this);
+        actionStorageFile = null;
+        return ((Boolean) ret).booleanValue();
+
+    }
+
+    
+    private synchronized boolean privDelete(StorageFile file)
+    {
+        actionCode = STORAGE_FILE_DELETE_ACTION;
+        actionStorageFile = file;
+        Object ret = AccessController.doPrivileged(this);
+        actionStorageFile = null;
+        return ((Boolean) ret).booleanValue();
+        
+    }
+
+    private synchronized boolean privRename(StorageFile fromFile, 
+                                            StorageFile destFile)
+    {
+        actionCode = STORAGE_FILE_RENAME_ACTION;
+        actionStorageFile = fromFile;
+        actionDestStorageFile = destFile;
+        Object ret = AccessController.doPrivileged(this);
+        actionStorageFile = null;
+        actionDestStorageFile = null;
+        return ((Boolean) ret).booleanValue();
+
+    }
+
+
+
+    // PrivilegedAction method
+    public Object run() 
+    {
+        switch(actionCode)
+        {
+        case STORAGE_FILE_EXISTS_ACTION:
+            return ReuseFactory.getBoolean(actionStorageFile.exists());
+        case STORAGE_FILE_DELETE_ACTION:
+            return ReuseFactory.getBoolean(actionStorageFile.delete());
+        case STORAGE_FILE_RENAME_ACTION:
+            return ReuseFactory.getBoolean(
+                       actionStorageFile.renameTo(actionDestStorageFile));
+        }
+
+        return null;
     }
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java?rev=429417&r1=429416&r2=429417&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
Mon Aug  7 11:04:32 2006
@@ -83,6 +83,7 @@
     private static final int OPEN_CONTAINER_ACTION = 4;
     private static final int STUBBIFY_ACTION = 5;
 	private static final int BACKUP_CONTAINER_ACTION = 6;
+    private static final int GET_RANDOM_ACCESS_FILE_ACTION = 7;
     private ContainerKey actionIdentity;
     private boolean actionStub;
     private boolean actionErrorOK;
@@ -1288,7 +1289,7 @@
         try {
             long lastPageNumber= getLastPageNumber(handle);
  
-            StorageRandomAccessFile newRaf = newFile.getRandomAccessFile("rw");
+            StorageRandomAccessFile newRaf = privGetRandomAccessFile(newFile);
 
             byte[] encryptionBuf = null;
             encryptionBuf = new byte[pageSize];
@@ -1332,9 +1333,25 @@
     }
 
 
+    synchronized StorageRandomAccessFile privGetRandomAccessFile(StorageFile file)
+        throws SecurityException, StandardException
+    {
+        actionCode = GET_RANDOM_ACCESS_FILE_ACTION;
+        actionFile = file;
+        try
+        {
+            return (StorageRandomAccessFile)AccessController.doPrivileged(this);
+        }
+        catch( PrivilegedActionException pae){ 
+            throw (StandardException) pae.getException();
+        }
+        finally{ actionFile = null; }
+    }
+
+
 
      // PrivilegedExceptionAction method
-     public Object run() throws StandardException
+    public Object run() throws StandardException, IOException
      {
          switch( actionCode)
          {
@@ -1620,6 +1637,11 @@
 			 privBackupContainer(actionContainerHandle, actionBackupLocation);
 			 return null;
 		 } // end of case BACKUP_CONTAINER_ACTION
+
+         case GET_RANDOM_ACCESS_FILE_ACTION: {
+             return actionFile.getRandomAccessFile("rw");
+		 } // end of case BACKUP_CONTAINER_ACTION
+
 		 
 		 } // end of switch
          return null;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest1_app.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest1_app.properties?rev=429417&r1=429416&r2=429417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest1_app.properties
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest1_app.properties
Mon Aug  7 11:04:32 2006
@@ -1,4 +1 @@
 usedefaults=true
-# Temporarily disabling the securiy manager for  this  new test
-# related to DERBY-1156 (reencrypt database ) work in progress. 
-noSecurityManager=true

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest2_app.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest2_app.properties?rev=429417&r1=429416&r2=429417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest2_app.properties
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/encryptDatabaseTest2_app.properties
Mon Aug  7 11:04:32 2006
@@ -1,4 +1 @@
 usedefaults=true
-# Temporarily disabling the securiy manager for  this  new test
-# related to DERBY-1156 (reencrypt database ) work in progress. 
-noSecurityManager=true



Mime
View raw message