db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunitha Kambhampati <ksunitha...@gmail.com>
Subject Re: [PATCH] Derby 236 BootPassword gets written out in plain text in sane mode and in our test environment.
Date Thu, 12 May 2005 19:11:53 GMT
Suresh Thalamati wrote:

> - Why is password hard coded in the test harness code, is it not 
> possible to specify it as test property ? for eg on the db URL itself.
> +               String encryptUrl = 
> "dataEncryption=true;bootPassword=Thursday";
>
Well, I didnt particularly like to hardcode it this way, but I looked at 
the rest of  the test harness ( see encryptionProtocol  in RunTest and 
the bootPassword is hardcoded to Thursday) and I followed the same 
approach for MultiTest.

This issue about reading the bootPassword as a property  (ie 
testDataEncryption) seems to be an improvement to the test harness and I 
think it is not related to this fix in general which was why I chose not 
to make changes to the test harness.

But if you feel strongly otherwise please let me know.

Thanks,
Sunitha.

>
> Mike Matrigali wrote:
>
>> I'll look into committing this one.  If anyone else is reviewing it
>> let me know.
>>
>> Sunitha Kambhampati wrote:
>>
>>  
>>
>>> This patch fixes Derby 236 
>>> http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
>>> written out in plain text in sane mode and in our test environment.
>>>
>>> Changes include
>>>
>>> 1. remove sanity debug code in RawStore to not write bootpassword in
>>> plain text into the service.properties 2. currently the test harness
>>> does not seem to pass on the encryption related properties to the
>>> MultiTest and with change in #1, encryption wont be used for
>>> stress.multi. So changes made to  RunTest to pass on the encryption,
>>> testEncryptionAlgorithm values to the MultiTest harness. Also changed
>>> mtTestCase to recognize the encryption properties and modify the
>>> database url to use for the MultiTest.
>>> -- ran derbyall on jdk142 with no failures
>>> -- verified that encryption run for stress.multi was running ok, by
>>> adding keepfiles=true to encryptionAll.properties and checking the
>>> service.properties for all the databases created as part of this
>>> encryptionAll testrun.
>>>
>>> svn stat
>>> M      java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
>>> M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
>>> A     
>>> java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java

>>>
>>>
>>> M     
>>> java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
>>> A     
>>> java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out

>>>
>>>
>>> M     
>>> java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall 
>>>
>>>
>>> Can someone please review it and if it looks ok, can a committer please
>>> commit it.
>>> Thanks, Sunitha.
>>>
>>>
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>> ===================================================================
>>> --- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java    
>>> (revision 169429)
>>> +++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java    
>>> (working copy)
>>> @@ -156,6 +156,20 @@
>>>                         p.setProperty("ij.password","PWD");
>>>                     }
>>>             }
>>> +            // this is a special case for the MultiTest.
>>> +            // check and alter url if there are any encryption 
>>> related properties
>>> +            // that need to be set on the url +            if 
>>> (("true").equalsIgnoreCase(p.getProperty("encryption"))) +            {
>>> +               String encryptUrl = 
>>> "dataEncryption=true;bootPassword=Thursday";
>>> +               String dbUrl = p.getProperty("database");
>>> +               String encryptionAlgorithm = 
>>> p.getProperty("encryptionAlgorithm");
>>> +               if (encryptionAlgorithm != null)
>>> +                   p.setProperty("database",dbUrl + ";"+encryptUrl 
>>> +";"+encryptionAlgorithm);
>>> +               else
>>> +                   p.setProperty("database",dbUrl + ";"+encryptUrl);
>>> +            }
>>> +                        System.setProperties(p);
>>>         }
>>>         // set input stream
>>> Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>> ===================================================================
>>> --- java/engine/org/apache/derby/impl/store/raw/RawStore.java    
>>> (revision 169429)
>>> +++ java/engine/org/apache/derby/impl/store/raw/RawStore.java    
>>> (working copy)
>>> @@ -175,27 +175,6 @@
>>>             String dataEncryption = 
>>> properties.getProperty(Attribute.DATA_ENCRYPTION);
>>>             databaseEncrypted = 
>>> Boolean.valueOf(dataEncryption).booleanValue();
>>>
>>> -
>>> -            if (SanityManager.DEBUG)
>>> -            {
>>> -                if (!databaseEncrypted)
>>> -                {
>>> -                    // check for system property if running under 
>>> sanity - this
>>> -                    // gives more test coverage for those that that 
>>> hard code
>>> -                    // connection URL in the test or somehow go 
>>> thru the test
>>> -                    // harness in a strange way.
>>> -                    String testEncryption =
>>> -                        
>>> PropertyUtil.getSystemProperty("testDataEncryption");
>>> -
>>> -                    if (testEncryption != null)
>>> -                    {
>>> -                        properties.put(Attribute.DATA_ENCRYPTION, 
>>> "true");
>>> -                        properties.put(Attribute.BOOT_PASSWORD, 
>>> testEncryption);
>>> -                        databaseEncrypted = true;
>>> -                    }
>>> -                }
>>> -            }
>>> -
>>>             if (databaseEncrypted)
>>>             {
>>>                     cipherFactory =
>>> Index: 
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java

>>>
>>> ===================================================================
>>> --- 
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
   
>>> (revision 0)
>>> +++ 
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
   
>>> (revision 0)
>>> @@ -0,0 +1,74 @@
>>> +/*
>>> + + Derby - Class 
>>> org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
>>> + + Copyright 2002, 2005 The Apache Software Foundation or its 
>>> licensors, as applicable.
>>> + + Licensed under the Apache License, Version 2.0 (the "License");
>>> + you may not use this file except in compliance with the License.
>>> + You may obtain a copy of the License at
>>> + + http://www.apache.org/licenses/LICENSE-2.0
>>> + + Unless required by applicable law or agreed to in writing, software
>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
>>> implied.
>>> + See the License for the specific language governing permissions and
>>> + limitations under the License.
>>> + + */
>>> +
>>> +package org.apache.derbyTesting.functionTests.tests.store;
>>> +
>>> +import java.sql.Connection;
>>> +import java.sql.Statement;
>>> +import java.sql.PreparedStatement;
>>> +import java.sql.DriverManager;
>>> +import java.util.Properties;
>>> +import java.io.*;
>>> +
>>> +/**
>>> + * check if bootpassword is not written out in plain text into 
>>> service.properties
>>> + * for an encrypted database run within the test harness.
>>> + * In future encryption related testcases can be added to this test
>>> + */
>>> +public class EncryptionTest {
>>> +    public static void main(String[] args) {
>>> +        Connection conn = null;
>>> +        try {
>>> +            // use the ij utility to read the property file and
>>> +            // make the initial connection.
>>> +            org.apache.derby.tools.ij.getPropertyArg(args);
>>> +            conn = org.apache.derby.tools.ij.startJBMS();
>>> +
>>> +            // Test 1
>>> +            // Derby 236 - boot password should not be written out
>>> +            // into service.properties
>>> +            String derbyHome = 
>>> System.getProperty("derby.system.home");
>>> +
>>> +            // read in the properties in the service.properties 
>>> file of the db
>>> +            Properties serviceProperties = new Properties();
>>> +            File f = new File(derbyHome + 
>>> "/wombat/service.properties");
>>> +            serviceProperties.load(new 
>>> FileInputStream(f.getAbsolutePath()));
>>> +            if (serviceProperties.getProperty("bootPassword") == null)
>>> +                report("TEST PASSED");
>>> +            else
>>> +                report("FAIL -- bootPassword should not be written 
>>> out into service.properties");
>>> +            +            conn.close();
>>> +        } catch (Throwable e) {
>>> +            report("FAIL -- unexpected exception: " + e);
>>> +            e.printStackTrace();
>>> +        }
>>> +
>>> +    }
>>> +
>>> +    /**
>>> +     * print message
>>> +     * @param msg to print out +     */
>>> +    public static void report(String msg) {
>>> +        System.out.println(msg);
>>> +    }
>>> +
>>> +}
>>>
>>> Property changes on: 
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java

>>>
>>> ___________________________________________________________________
>>> Name: svn:eol-style
>>>   + native
>>>
>>> Index: 
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>> ===================================================================
>>> --- 
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java    
>>> (revision 169429)
>>> +++ 
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java    
>>> (working copy)
>>> @@ -2021,13 +2021,24 @@
>>>             jvm.setFlags(jvmflags);
>>>         }
>>>         -        jvm.setD(jvmProps);
>>>                 if (testType.equals("multi"))
>>>         {
>>>             if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1)
)
>>>                 jvm.setMx(64*1024*1024); // -mx64m
>>> +            +            // MultiTest is special case, so pass on 
>>> properties
>>> +            // related to encryption to MultiTest
>>> +            jvmProps.addElement("encryption="+encryption);
>>> +            Properties props = new Properties();
>>> +            // parse and get only the special properties that are 
>>> needed for the url +            SpecialFlags.parse(testSpecialProps, 
>>> props, new Properties());
>>> +            String encryptionAlgorithm = 
>>> props.getProperty("testEncryptionAlgorithm");
>>> +            if(encryptionAlgorithm != null)
>>> +                jvmProps.addElement("encryptionAlgorithm=\""+ 
>>> Attribute.CRYPTO_ALGORITHM +                        
>>> +"="+encryptionAlgorithm+"\"");
>>>         }
>>> +        jvm.setD(jvmProps);
>>>                     Vector v = jvm.getCommandLine();
>>>         if ( ij.startsWith("ij") )
>>> Index: 
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out

>>>
>>> ===================================================================
>>> --- 
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
   
>>> (revision 0)
>>> +++ 
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
   
>>> (revision 0)
>>> @@ -0,0 +1 @@
>>> +TEST PASSED
>>>
>>> Property changes on: 
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out

>>>
>>> ___________________________________________________________________
>>> Name: svn:eol-style
>>>   + native
>>>
>>> Index: 
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall 
>>>
>>> ===================================================================
>>> --- 
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall 
  
>>> (revision 169429)
>>> +++ 
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall 
  
>>> (working copy)
>>> @@ -1,2 +1,3 @@
>>> -unit/T_Cipher.unit
>>> -store/encryptDatabase.sql
>>> +unit/T_Cipher.unit
>>> +store/encryptDatabase.sql
>>> +store/EncryptionTest.java
>>>   
>>
>>
>>  
>>
>
>
>


Mime
View raw message