Return-Path: X-Original-To: apmail-db-derby-commits-archive@www.apache.org Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 47B82D7B9 for ; Fri, 2 Nov 2012 12:31:14 +0000 (UTC) Received: (qmail 89895 invoked by uid 500); 2 Nov 2012 12:31:14 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 89858 invoked by uid 500); 2 Nov 2012 12:31:13 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 89831 invoked by uid 99); 2 Nov 2012 12:31:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2012 12:31:13 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2012 12:31:10 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id E2DC12388A29; Fri, 2 Nov 2012 12:30:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1404947 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/functionTests/master/ testing/org/apache/derbyTesting/... Date: Fri, 02 Nov 2012 12:30:48 -0000 To: derby-commits@db.apache.org From: rhillegas@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121102123048.E2DC12388A29@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: rhillegas Date: Fri Nov 2 12:30:47 2012 New Revision: 1404947 URL: http://svn.apache.org/viewvc?rev=1404947&view=rev Log: DERBY-5969: Raise a SQLWarning if someone attempts to change the encryption state of an already booted database. Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Fri Nov 2 12:30:47 2012 @@ -251,6 +251,13 @@ public class EmbedConnection implements // see if database is already booted Database database = (Database) Monitor.findService(Property.DATABASE_MODULE, tr.getDBName()); + // encryption, re-encryption and decryption are not allowed on an already booted database. + // see DERBY-5969. + if ( (database != null) && isCryptoBoot( info ) ) + { + addWarning( SQLWarningFactory.newSQLWarning( SQLState.AUTH_ENCRYPT_ALREADY_BOOTED ) ); + } + // See if user wants to create a new database. boolean createBoot = createBoot(info); Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original) +++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Fri Nov 2 12:30:47 2012 @@ -235,6 +235,11 @@ Guide. databaseName + + 01J17 + You cannot encrypt, re-encrypt, or decrypt a database which is already booted. You must shutdown the database before attempting these operations. + + Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original) +++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Fri Nov 2 12:30:47 2012 @@ -1730,6 +1730,7 @@ public interface SQLState { String SQL_AUTHORIZATION_WITH_NO_AUTHENTICATION = "01J14"; String PASSWORD_EXPIRES_SOON = "01J15"; String DBO_PASSWORD_EXPIRES_SOON = "01J16"; + String AUTH_ENCRYPT_ALREADY_BOOTED = "01J17"; String CURSOR_OPERATION_CONFLICT = "01001"; Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out Fri Nov 2 12:30:47 2012 @@ -16,6 +16,7 @@ ij> -- -- -- Use a valid attribute, but do not display message. connect 'jdbc:derby:wombat;dataEncryption=true'; +WARNING 01J17: You cannot encrypt, re-encrypt, or decrypt a database which is already booted. You must shutdown the database before attempting these operations. ij(CONNECTION1)> -- Find an unknown attribute. connect 'jdbc:derby:wombat;unknown=x'; URL Attribute [unknown=x] Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java Fri Nov 2 12:30:47 2012 @@ -51,6 +51,7 @@ public class DecryptDatabaseTest private static final String TABLE = "DECRYPTTABLE"; private static final String BOOTPW = "Thursday"; + private static final String ALREADY_BOOTED = "01J17"; /** Current encryption algorithm, used when re-encrypting during set up. */ private static String encryptionAlgorithm; @@ -207,6 +208,15 @@ public class DecryptDatabaseTest public void testDecryptOnBootedDatabase() throws SQLException { getConnection(); + + // These connection attempts should succeed but raise a warning + // that encryption change is not possible while the database is booted. + println( "Test warning " + ALREADY_BOOTED ); + vetChangeWarning( connect( false, BOOTPW, "dataEncryption=true" ) ); + vetChangeWarning( connect( false, BOOTPW, "newBootPassword=foo" ) ); + vetChangeWarning( connect( false, BOOTPW, "newEncryptionKey=foo" ) ); + vetChangeWarning( connect( false, BOOTPW, "decryptDatabase=true" ) ); + // Connect to decrypt the database. We expect this to fail since the // database is already booted. In this case fail means ignored... connect(true, BOOTPW, null).close(); @@ -218,6 +228,13 @@ public class DecryptDatabaseTest assertSQLState("XBM06", sqle); } } + private void vetChangeWarning( Connection conn ) + throws SQLException + { + assertWarning( conn, ALREADY_BOOTED ); + conn.close(); + } + /** * Tests that asking to decrypt an un-encrypted doesn't fail. Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java?rev=1404947&r1=1404946&r2=1404947&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java Fri Nov 2 12:30:47 2012 @@ -887,6 +887,27 @@ public abstract class BaseJDBCTestCase } /** + * Assert that a warning is chained to the connection. + * + * @param conn the connection + * @param expected the expected SQLState of the warning + */ + public static void assertWarning( Connection conn, String expected ) + throws SQLException + { + SQLWarning firstWarning = conn.getWarnings(); + assertNotNull( firstWarning ); + + for ( SQLWarning warning = firstWarning; warning != null; warning = warning.getNextWarning() ) + { + if ( expected.equals( warning.getSQLState() ) ) { return; } + } + + fail( "Expected to see a SQLWarning with the SQLState " + expected ); + } + + + /** * Assert that SQLState is as expected. * * @param expected the expected SQLState.