flume-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hshreedha...@apache.org
Subject git commit: FLUME-1546. File channel encryption: trim() passwords and warn user if he doesn't have JCE policy file
Date Sat, 08 Sep 2012 05:14:48 GMT
Updated Branches:
  refs/heads/flume-1.3.0 975231474 -> 54fd3e682


FLUME-1546. File channel encryption: trim() passwords and warn user if he doesn't have JCE
policy file

(Mike Percy via Hari Shreedharan)


Project: http://git-wip-us.apache.org/repos/asf/flume/repo
Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/54fd3e68
Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/54fd3e68
Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/54fd3e68

Branch: refs/heads/flume-1.3.0
Commit: 54fd3e682c80d1cbadd5243c2afd0c20fc55eac5
Parents: 9752314
Author: Hari Shreedharan <harishreedharan@gmail.com>
Authored: Fri Sep 7 22:13:13 2012 -0700
Committer: Hari Shreedharan <harishreedharan@gmail.com>
Committed: Fri Sep 7 22:14:12 2012 -0700

----------------------------------------------------------------------
 .../file/encryption/AESCTRNoPaddingProvider.java   |   19 ++++++++++++++-
 .../file/encryption/JCEFileKeyProvider.java        |   12 ++++----
 2 files changed, 24 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flume/blob/54fd3e68/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java
----------------------------------------------------------------------
diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java
b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java
index b77e10c..d0a84fe 100644
--- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java
+++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java
@@ -20,6 +20,8 @@ package org.apache.flume.channel.file.encryption;
 
 import java.nio.ByteBuffer;
 import java.security.Key;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
@@ -111,13 +113,28 @@ public class AESCTRNoPaddingProvider extends CipherProvider {
       throw Throwables.propagate(e);
     }
   }
+
   private static Cipher getCipher(Key key, int mode, byte[] parameters) {
     try {
       Cipher cipher = Cipher.getInstance(TYPE);
       cipher.init(mode, key, new IvParameterSpec(parameters));
       return cipher;
     } catch (Exception e) {
-      LOG.error("Unable to instaniate " + TYPE, e);
+      String msg = "Unable to load key using transformation: " + TYPE;
+      if (e instanceof InvalidKeyException) {
+        try {
+          int maxAllowedLen = Cipher.getMaxAllowedKeyLength(TYPE);
+          if (maxAllowedLen < 256) {
+            msg += "; Warning: Maximum allowed key length = " + maxAllowedLen
+                + " with the available JCE security policy files. Have you"
+                + " installed the JCE unlimited strength jurisdiction policy"
+                + " files?";
+          }
+        } catch (NoSuchAlgorithmException ex) {
+          msg += "; Unable to find specified algorithm?";
+        }
+      }
+      LOG.error(msg, e);
       throw Throwables.propagate(e);
     }
   }

http://git-wip-us.apache.org/repos/asf/flume/blob/54fd3e68/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
----------------------------------------------------------------------
diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
index fff78e0..f814993 100644
--- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
+++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java
@@ -49,7 +49,7 @@ public class JCEFileKeyProvider extends KeyProvider {
     try {
       ks = KeyStore.getInstance("jceks");
       keyStorePassword = Files.toString(keyStorePasswordFile, Charsets.UTF_8)
-          .toCharArray();
+          .trim().toCharArray();
       ks.load(new FileInputStream(keyStoreFile), keyStorePassword);
     } catch(Exception ex) {
       throw Throwables.propagate(ex);
@@ -62,7 +62,7 @@ public class JCEFileKeyProvider extends KeyProvider {
       char[] keyPassword = keyStorePassword;
       if(aliasPasswordFileMap.containsKey(alias)) {
         keyPassword = Files.toString(aliasPasswordFileMap.get(alias),
-            Charsets.UTF_8).toCharArray();
+            Charsets.UTF_8).trim().toCharArray();
       }
       Key key = ks.getKey(alias, keyPassword);
       return key;
@@ -100,10 +100,10 @@ public class JCEFileKeyProvider extends KeyProvider {
           }
         }
       }
-     File keyStoreFile = new File(keyStoreFileName.trim());
-     File keyStorePasswordFile = new File(keyStorePasswordFileName.trim());
-     return new JCEFileKeyProvider(keyStoreFile, keyStorePasswordFile,
-         aliasPasswordFileMap);
+      File keyStoreFile = new File(keyStoreFileName.trim());
+      File keyStorePasswordFile = new File(keyStorePasswordFileName.trim());
+      return new JCEFileKeyProvider(keyStoreFile, keyStorePasswordFile,
+          aliasPasswordFileMap);
     }
   }
 }


Mime
View raw message