db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunitha Kambhampati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-1373) Encrypted databases cannot be booted using the jar subprotocol (and possibly also using http/https/classpath)
Date Fri, 14 Jul 2006 18:52:14 GMT
     [ http://issues.apache.org/jira/browse/DERBY-1373?page=all ]

Sunitha Kambhampati updated DERBY-1373:
---------------------------------------

    Attachment: derby1373.diff.txt
                derby1373.stat.txt

Mathias wrote:
"I had a look to the suggestion Suresh made.This is a change I do not have time to implement
as it would mean revalidate all other cases which are currently working. "

So I followed up on Suresh's suggestion and am attaching a patch 'derby1373.diff.txt' and
'derby1373.stat.txt' for review.

This patch makes the following changes:
1) Instead of using RandomAccessFile, the verifyKey.dat is read as a InputStream. 

2)   Add a new test (encryptionKey_jar.sql) for booting encrypted database using encryptionKey
via classpath, and jar subprotocol. 
Please note, as already mentioned in an earlier comment - There are existing test (encryptionKey.sql)
that test cases for encryptionKey.

The test will fail without the code change, and will pass with  the code changes.

svn stat
M      java\engine\org\apache\derby\impl\services\jce\JCECipherFactory.java
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\copyfiles.ant
A      java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_jar.sql
A      java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_jar_app.properties
A      java\testing\org\apache\derbyTesting\functionTests\master\encryptionKey_jar.out
M      java\testing\org\apache\derbyTesting\functionTests\suites\encryptionAll.runall

I ran derbyall on ibm142 on linux ok. I made one small change to a comment in the test after
that. I have run the test again and it passed ok.

Can someone please review this patch.  

Thanks to Mathias for finding the problem, reporting it, providing a fix and for the good
discussion that followed on this issue.  If you have the time, it would be nice if you can
verify if this works for you.

Thanks,
Sunitha.


> Encrypted databases cannot be booted using the jar subprotocol (and possibly also using
http/https/classpath)
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1373
>                 URL: http://issues.apache.org/jira/browse/DERBY-1373
>             Project: Derby
>          Issue Type: Bug
>          Components: Store
>    Affects Versions: 10.1.2.4
>         Environment: Environment does not matter.
>            Reporter: Mathias Herberts
>         Assigned To: Mathias Herberts
>             Fix For: 10.2.0.0
>
>         Attachments: derby1373.diff.txt, derby1373.stat.txt, encryptedJar.patch, InputStreamFile.java-patch,
InputStreamRandomAccessFile.java
>
>
> An encrypted database cannot be booted when using the jar subprotocol.
> The problem lies in the method run from JCECipherFactory. The call to getRandomAccessFile
returns null when the verifyKeyFile is an instance of InputStreamFile and the key verification
therefore fails.
> The implementation of getRandomAccessFile for InputStreamFile states that its code cannot
be reached which is untrue.
> The provided patch does two things, it provides a new class InputStreamRandomAccessFile
in package org.apache.derby.impl.io. This class provides simple implementations of readInt
and readFully so the key verification process succeeds. A quick scan of the derby source tree
showed no problem or possible impact of this simple implementation.
> The second thing the patch does is to modify org/apache/derby/impl/io/InputStreamFile.java
so the getRandomAccessFile creates an instance of InputStreamRandomAccessFile instead of returning
null.
> This patch has been tested against trunk 410361. It solves the problem at least under
the jar subprotocol.
> The patch has not been tested against http/https/classpath.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message