db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Matrigali <mikem_...@sbcglobal.net>
Subject Re: [PATCH] Derby 236 BootPassword gets written out in plain text in sane mode and in our test environment.
Date Thu, 12 May 2005 18:34:14 GMT
I'll look into committing this one.  If anyone else is reviewing it
let me know.

Sunitha Kambhampati wrote:

> This patch fixes Derby 236 
> http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
> written out in plain text in sane mode and in our test environment.
> 
> Changes include
> 
> 1. remove sanity debug code in RawStore to not write bootpassword in
> plain text into the service.properties 2. currently the test harness
> does not seem to pass on the encryption related properties to the
> MultiTest and with change in #1, encryption wont be used for
> stress.multi. So changes made to  RunTest to pass on the encryption,
> testEncryptionAlgorithm values to the MultiTest harness. Also changed
> mtTestCase to recognize the encryption properties and modify the
> database url to use for the MultiTest.
> -- ran derbyall on jdk142 with no failures
> -- verified that encryption run for stress.multi was running ok, by
> adding keepfiles=true to encryptionAll.properties and checking the
> service.properties for all the databases created as part of this
> encryptionAll testrun.
> 
> svn stat
> M      java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
> M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
> A     
> java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
> 
> M     
> java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
> A     
> java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
> 
> M     
> java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
> 
> Can someone please review it and if it looks ok, can a committer please
> commit it.
> Thanks, Sunitha.
> 
> 
> ------------------------------------------------------------------------
> 
> Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
> ===================================================================
> --- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(revision 169429)
> +++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(working copy)
> @@ -156,6 +156,20 @@
>  						p.setProperty("ij.password","PWD");
>  					}
>  			}
> +            // this is a special case for the MultiTest.
> +            // check and alter url if there are any encryption related properties
> +            // that need to be set on the url 
> +            if (("true").equalsIgnoreCase(p.getProperty("encryption"))) 
> +            {
> +               String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
> +               String dbUrl = p.getProperty("database");
> +               String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
> +               if (encryptionAlgorithm != null)
> +                   p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
> +               else
> +                   p.setProperty("database",dbUrl + ";"+encryptUrl);
> +            }
> +            
>  			System.setProperties(p);
>  		}
>  		// set input stream
> Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
> ===================================================================
> --- java/engine/org/apache/derby/impl/store/raw/RawStore.java	(revision 169429)
> +++ java/engine/org/apache/derby/impl/store/raw/RawStore.java	(working copy)
> @@ -175,27 +175,6 @@
>  			String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
>  			databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();
>  
> -
> -			if (SanityManager.DEBUG)
> -			{
> -				if (!databaseEncrypted)
> -				{
> -					// check for system property if running under sanity - this
> -					// gives more test coverage for those that that hard code
> -					// connection URL in the test or somehow go thru the test
> -					// harness in a strange way.
> -					String testEncryption =
> -						PropertyUtil.getSystemProperty("testDataEncryption");
> -
> -					if (testEncryption != null)
> -					{
> -						properties.put(Attribute.DATA_ENCRYPTION, "true");
> -						properties.put(Attribute.BOOT_PASSWORD, testEncryption);
> -						databaseEncrypted = true;
> -                    }
> -				}
> -			}
> -
>  			if (databaseEncrypted)
>  			{
>  					cipherFactory =
> Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
(revision 0)
> +++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
(revision 0)
> @@ -0,0 +1,74 @@
> +/*
> + 
> + Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
> + 
> + Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
> + 
> + Licensed under the Apache License, Version 2.0 (the "License");
> + you may not use this file except in compliance with the License.
> + You may obtain a copy of the License at
> + 
> + http://www.apache.org/licenses/LICENSE-2.0
> + 
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + See the License for the specific language governing permissions and
> + limitations under the License.
> + 
> + */
> +
> +package org.apache.derbyTesting.functionTests.tests.store;
> +
> +import java.sql.Connection;
> +import java.sql.Statement;
> +import java.sql.PreparedStatement;
> +import java.sql.DriverManager;
> +import java.util.Properties;
> +import java.io.*;
> +
> +/**
> + * check if bootpassword is not written out in plain text into service.properties
> + * for an encrypted database run within the test harness.
> + * In future encryption related testcases can be added to this test
> + */
> +public class EncryptionTest {
> +    public static void main(String[] args) {
> +        Connection conn = null;
> +        try {
> +            // use the ij utility to read the property file and
> +            // make the initial connection.
> +            org.apache.derby.tools.ij.getPropertyArg(args);
> +            conn = org.apache.derby.tools.ij.startJBMS();
> +
> +            // Test 1
> +            // Derby 236 - boot password should not be written out
> +            // into service.properties
> +            String derbyHome = System.getProperty("derby.system.home");
> +
> +            // read in the properties in the service.properties file of the db
> +            Properties serviceProperties = new Properties();
> +            File f = new File(derbyHome + "/wombat/service.properties");
> +            serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
> +            if (serviceProperties.getProperty("bootPassword") == null)
> +                report("TEST PASSED");
> +            else
> +                report("FAIL -- bootPassword should not be written out into service.properties");
> +            
> +            conn.close();
> +        } catch (Throwable e) {
> +            report("FAIL -- unexpected exception: " + e);
> +            e.printStackTrace();
> +        }
> +
> +    }
> +
> +    /**
> +     * print message
> +     * @param msg to print out 
> +     */
> +    public static void report(String msg) {
> +        System.out.println(msg);
> +    }
> +
> +}
> 
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ___________________________________________________________________
> Name: svn:eol-style
>    + native
> 
> Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(revision
169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(working
copy)
> @@ -2021,13 +2021,24 @@
>              jvm.setFlags(jvmflags);
>          }
>          
> -        jvm.setD(jvmProps);
>          
>          if (testType.equals("multi"))
>          {
>              if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
>                  jvm.setMx(64*1024*1024); // -mx64m
> +            
> +            // MultiTest is special case, so pass on properties
> +            // related to encryption to MultiTest
> +            jvmProps.addElement("encryption="+encryption);
> +            Properties props = new Properties();
> +            // parse and get only the special properties that are needed for the url

> +            SpecialFlags.parse(testSpecialProps, props, new Properties());
> +            String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
> +            if(encryptionAlgorithm != null)
> +                jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM

> +                        +"="+encryptionAlgorithm+"\"");
>          }
> +        jvm.setD(jvmProps);
>              
>          Vector v = jvm.getCommandLine();
>          if ( ij.startsWith("ij") )
> Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision
0)
> +++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision
0)
> @@ -0,0 +1 @@
> +TEST PASSED
> 
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ___________________________________________________________________
> Name: svn:eol-style
>    + native
> 
> Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(revision
169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(working
copy)
> @@ -1,2 +1,3 @@
> -unit/T_Cipher.unit
> -store/encryptDatabase.sql
> +unit/T_Cipher.unit
> +store/encryptDatabase.sql
> +store/EncryptionTest.java

Mime
View raw message