db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Thalamati <suresh.thalam...@gmail.com>
Subject Re: [PATCH] Derby 236 BootPassword gets written out in plain text in sane mode and in our test environment.
Date Thu, 12 May 2005 18:55:50 GMT
- Why is password hard coded in the test harness code, is it not possible to 
specify it as test property ? for eg on the db URL itself. 

 +               String encryptUrl = "dataEncryption=true;bootPassword=Thursday";


Thanks
-suresht

Mike Matrigali wrote:

>I'll look into committing this one.  If anyone else is reviewing it
>let me know.
>
>Sunitha Kambhampati wrote:
>
>  
>
>>This patch fixes Derby 236 
>>http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
>>written out in plain text in sane mode and in our test environment.
>>
>>Changes include
>>
>>1. remove sanity debug code in RawStore to not write bootpassword in
>>plain text into the service.properties 2. currently the test harness
>>does not seem to pass on the encryption related properties to the
>>MultiTest and with change in #1, encryption wont be used for
>>stress.multi. So changes made to  RunTest to pass on the encryption,
>>testEncryptionAlgorithm values to the MultiTest harness. Also changed
>>mtTestCase to recognize the encryption properties and modify the
>>database url to use for the MultiTest.
>>-- ran derbyall on jdk142 with no failures
>>-- verified that encryption run for stress.multi was running ok, by
>>adding keepfiles=true to encryptionAll.properties and checking the
>>service.properties for all the databases created as part of this
>>encryptionAll testrun.
>>
>>svn stat
>>M      java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
>>M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
>>A     
>>java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
>>
>>M     
>>java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
>>A     
>>java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
>>
>>M     
>>java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
>>
>>Can someone please review it and if it looks ok, can a committer please
>>commit it.
>>Thanks, Sunitha.
>>
>>
>>------------------------------------------------------------------------
>>
>>Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>===================================================================
>>--- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(revision 169429)
>>+++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(working copy)
>>@@ -156,6 +156,20 @@
>> 						p.setProperty("ij.password","PWD");
>> 					}
>> 			}
>>+            // this is a special case for the MultiTest.
>>+            // check and alter url if there are any encryption related properties
>>+            // that need to be set on the url 
>>+            if (("true").equalsIgnoreCase(p.getProperty("encryption"))) 
>>+            {
>>+               String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
>>+               String dbUrl = p.getProperty("database");
>>+               String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
>>+               if (encryptionAlgorithm != null)
>>+                   p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
>>+               else
>>+                   p.setProperty("database",dbUrl + ";"+encryptUrl);
>>+            }
>>+            
>> 			System.setProperties(p);
>> 		}
>> 		// set input stream
>>Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>===================================================================
>>--- java/engine/org/apache/derby/impl/store/raw/RawStore.java	(revision 169429)
>>+++ java/engine/org/apache/derby/impl/store/raw/RawStore.java	(working copy)
>>@@ -175,27 +175,6 @@
>> 			String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
>> 			databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();
>> 
>>-
>>-			if (SanityManager.DEBUG)
>>-			{
>>-				if (!databaseEncrypted)
>>-				{
>>-					// check for system property if running under sanity - this
>>-					// gives more test coverage for those that that hard code
>>-					// connection URL in the test or somehow go thru the test
>>-					// harness in a strange way.
>>-					String testEncryption =
>>-						PropertyUtil.getSystemProperty("testDataEncryption");
>>-
>>-					if (testEncryption != null)
>>-					{
>>-						properties.put(Attribute.DATA_ENCRYPTION, "true");
>>-						properties.put(Attribute.BOOT_PASSWORD, testEncryption);
>>-						databaseEncrypted = true;
>>-                    }
>>-				}
>>-			}
>>-
>> 			if (databaseEncrypted)
>> 			{
>> 					cipherFactory =
>>Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
(revision 0)
>>+++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
(revision 0)
>>@@ -0,0 +1,74 @@
>>+/*
>>+ 
>>+ Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
>>+ 
>>+ Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
>>+ 
>>+ Licensed under the Apache License, Version 2.0 (the "License");
>>+ you may not use this file except in compliance with the License.
>>+ You may obtain a copy of the License at
>>+ 
>>+ http://www.apache.org/licenses/LICENSE-2.0
>>+ 
>>+ Unless required by applicable law or agreed to in writing, software
>>+ distributed under the License is distributed on an "AS IS" BASIS,
>>+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>+ See the License for the specific language governing permissions and
>>+ limitations under the License.
>>+ 
>>+ */
>>+
>>+package org.apache.derbyTesting.functionTests.tests.store;
>>+
>>+import java.sql.Connection;
>>+import java.sql.Statement;
>>+import java.sql.PreparedStatement;
>>+import java.sql.DriverManager;
>>+import java.util.Properties;
>>+import java.io.*;
>>+
>>+/**
>>+ * check if bootpassword is not written out in plain text into service.properties
>>+ * for an encrypted database run within the test harness.
>>+ * In future encryption related testcases can be added to this test
>>+ */
>>+public class EncryptionTest {
>>+    public static void main(String[] args) {
>>+        Connection conn = null;
>>+        try {
>>+            // use the ij utility to read the property file and
>>+            // make the initial connection.
>>+            org.apache.derby.tools.ij.getPropertyArg(args);
>>+            conn = org.apache.derby.tools.ij.startJBMS();
>>+
>>+            // Test 1
>>+            // Derby 236 - boot password should not be written out
>>+            // into service.properties
>>+            String derbyHome = System.getProperty("derby.system.home");
>>+
>>+            // read in the properties in the service.properties file of the db
>>+            Properties serviceProperties = new Properties();
>>+            File f = new File(derbyHome + "/wombat/service.properties");
>>+            serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
>>+            if (serviceProperties.getProperty("bootPassword") == null)
>>+                report("TEST PASSED");
>>+            else
>>+                report("FAIL -- bootPassword should not be written out into service.properties");
>>+            
>>+            conn.close();
>>+        } catch (Throwable e) {
>>+            report("FAIL -- unexpected exception: " + e);
>>+            e.printStackTrace();
>>+        }
>>+
>>+    }
>>+
>>+    /**
>>+     * print message
>>+     * @param msg to print out 
>>+     */
>>+    public static void report(String msg) {
>>+        System.out.println(msg);
>>+    }
>>+
>>+}
>>
>>Property changes on: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>___________________________________________________________________
>>Name: svn:eol-style
>>   + native
>>
>>Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(revision
169429)
>>+++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(working
copy)
>>@@ -2021,13 +2021,24 @@
>>             jvm.setFlags(jvmflags);
>>         }
>>         
>>-        jvm.setD(jvmProps);
>>         
>>         if (testType.equals("multi"))
>>         {
>>             if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
>>                 jvm.setMx(64*1024*1024); // -mx64m
>>+            
>>+            // MultiTest is special case, so pass on properties
>>+            // related to encryption to MultiTest
>>+            jvmProps.addElement("encryption="+encryption);
>>+            Properties props = new Properties();
>>+            // parse and get only the special properties that are needed for the
url 
>>+            SpecialFlags.parse(testSpecialProps, props, new Properties());
>>+            String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
>>+            if(encryptionAlgorithm != null)
>>+                jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM

>>+                        +"="+encryptionAlgorithm+"\"");
>>         }
>>+        jvm.setD(jvmProps);
>>             
>>         Vector v = jvm.getCommandLine();
>>         if ( ij.startsWith("ij") )
>>Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision
0)
>>+++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision
0)
>>@@ -0,0 +1 @@
>>+TEST PASSED
>>
>>Property changes on: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>___________________________________________________________________
>>Name: svn:eol-style
>>   + native
>>
>>Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(revision
169429)
>>+++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(working
copy)
>>@@ -1,2 +1,3 @@
>>-unit/T_Cipher.unit
>>-store/encryptDatabase.sql
>>+unit/T_Cipher.unit
>>+store/encryptDatabase.sql
>>+store/EncryptionTest.java
>>    
>>
>
>  
>



Mime
View raw message