db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunitha Kambhampati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-1373) Encrypted databases cannot be booted using the jar subprotocol (and possibly also using http/https/classpath)
Date Fri, 14 Jul 2006 18:52:14 GMT
     [ http://issues.apache.org/jira/browse/DERBY-1373?page=all ]

Sunitha Kambhampati updated DERBY-1373:

    Attachment: derby1373.diff.txt

Mathias wrote:
"I had a look to the suggestion Suresh made.This is a change I do not have time to implement
as it would mean revalidate all other cases which are currently working. "

So I followed up on Suresh's suggestion and am attaching a patch 'derby1373.diff.txt' and
'derby1373.stat.txt' for review.

This patch makes the following changes:
1) Instead of using RandomAccessFile, the verifyKey.dat is read as a InputStream. 

2)   Add a new test (encryptionKey_jar.sql) for booting encrypted database using encryptionKey
via classpath, and jar subprotocol. 
Please note, as already mentioned in an earlier comment - There are existing test (encryptionKey.sql)
that test cases for encryptionKey.

The test will fail without the code change, and will pass with  the code changes.

svn stat
M      java\engine\org\apache\derby\impl\services\jce\JCECipherFactory.java
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\copyfiles.ant
A      java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_jar.sql
A      java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_jar_app.properties
A      java\testing\org\apache\derbyTesting\functionTests\master\encryptionKey_jar.out
M      java\testing\org\apache\derbyTesting\functionTests\suites\encryptionAll.runall

I ran derbyall on ibm142 on linux ok. I made one small change to a comment in the test after
that. I have run the test again and it passed ok.

Can someone please review this patch.  

Thanks to Mathias for finding the problem, reporting it, providing a fix and for the good
discussion that followed on this issue.  If you have the time, it would be nice if you can
verify if this works for you.


> Encrypted databases cannot be booted using the jar subprotocol (and possibly also using
> -------------------------------------------------------------------------------------------------------------
>                 Key: DERBY-1373
>                 URL: http://issues.apache.org/jira/browse/DERBY-1373
>             Project: Derby
>          Issue Type: Bug
>          Components: Store
>    Affects Versions:
>         Environment: Environment does not matter.
>            Reporter: Mathias Herberts
>         Assigned To: Mathias Herberts
>             Fix For:
>         Attachments: derby1373.diff.txt, derby1373.stat.txt, encryptedJar.patch, InputStreamFile.java-patch,
> An encrypted database cannot be booted when using the jar subprotocol.
> The problem lies in the method run from JCECipherFactory. The call to getRandomAccessFile
returns null when the verifyKeyFile is an instance of InputStreamFile and the key verification
therefore fails.
> The implementation of getRandomAccessFile for InputStreamFile states that its code cannot
be reached which is untrue.
> The provided patch does two things, it provides a new class InputStreamRandomAccessFile
in package org.apache.derby.impl.io. This class provides simple implementations of readInt
and readFully so the key verification process succeeds. A quick scan of the derby source tree
showed no problem or possible impact of this simple implementation.
> The second thing the patch does is to modify org/apache/derby/impl/io/InputStreamFile.java
so the getRandomAccessFile creates an instance of InputStreamRandomAccessFile instead of returning
> This patch has been tested against trunk 410361. It solves the problem at least under
the jar subprotocol.
> The patch has not been tested against http/https/classpath.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message