logging-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgo...@apache.org
Subject svn commit: r1459132 - in /logging/log4j/log4j2/trunk: core/src/main/java/org/apache/logging/log4j/core/config/plugins/ core/src/main/java/org/apache/logging/log4j/core/helpers/ flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/ flume-ng/s...
Date Thu, 21 Mar 2013 02:17:25 GMT
Author: rgoers
Date: Thu Mar 21 02:17:25 2013
New Revision: 1459132

URL: http://svn.apache.org/r1459132
Log:
LOG4J2-178 - Do not encrypt in unit tests to avoid failures when the java enhanced security
jars are not installed. Make secret key provider a plugin

Added:
    logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
    logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/
    logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
Modified:
    logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
    logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
    logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml
    logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml
    logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml

Modified: logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
(original)
+++ logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
Thu Mar 21 02:17:25 2013
@@ -155,9 +155,11 @@ public class PluginManager {
                 LOGGER.warn("Plugin preloads not available");
             }
         }
-        if (plugins.size() == 0) {
+        if (plugins == null || plugins.size() == 0) {
             if (pkgs == null) {
-                PACKAGES.add(LOG4J_PACKAGES);
+                if (!PACKAGES.contains(LOG4J_PACKAGES)) {
+                    PACKAGES.add(LOG4J_PACKAGES);
+                }
             } else {
                 final String[] names = pkgs.split(",");
                 for (final String name : names) {

Added: logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java?rev=1459132&view=auto
==============================================================================
--- logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
(added)
+++ logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
Thu Mar 21 02:17:25 2013
@@ -0,0 +1,11 @@
+package org.apache.logging.log4j.core.helpers;
+
+import javax.crypto.SecretKey;
+
+/**
+ *
+ */
+public interface SecretKeyProvider {
+
+    SecretKey getSecretKey();
+}

Modified: logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
(original)
+++ logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
Thu Mar 21 02:17:25 2013
@@ -29,7 +29,10 @@ import org.apache.flume.event.SimpleEven
 import org.apache.logging.log4j.LoggingException;
 import org.apache.logging.log4j.core.appender.ManagerFactory;
 import org.apache.logging.log4j.core.config.Property;
+import org.apache.logging.log4j.core.config.plugins.PluginManager;
+import org.apache.logging.log4j.core.config.plugins.PluginType;
 import org.apache.logging.log4j.core.helpers.FileUtils;
+import org.apache.logging.log4j.core.helpers.SecretKeyProvider;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -58,7 +61,7 @@ import java.util.zip.GZIPOutputStream;
  */
 public class FlumePersistentManager extends FlumeAvroManager {
 
-    public static final String PASSWORD = "password";
+    public static final String KEY_PROVIDER = "keyProvider";
 
     private static final Charset UTF8 = Charset.forName("UTF-8");
 
@@ -232,7 +235,6 @@ public class FlumePersistentManager exte
          */
         public FlumePersistentManager createManager(final String name, final FactoryData
data) {
             SecretKey secretKey = null;
-            byte[] salt;
 
             Database database;
 
@@ -261,37 +263,44 @@ public class FlumePersistentManager exte
             }
 
             try {
-                if (properties.containsKey(PASSWORD)) {
-                    String password = properties.get(PASSWORD);
-                    salt = new byte[20];
-                    File saltFile = new File(data.dataDir + "/salt.dat");
-                    boolean needSalt = true;
-                    if (saltFile.exists()) {
-                        FileInputStream fis = new FileInputStream(saltFile);
-                        if (fis.read(salt) == 20) {
-                            needSalt = false;
-                        }
-                        fis.close();
+                String key = null;
+                for (Map.Entry<String, String> entry : properties.entrySet()) {
+                    if (entry.getKey().equalsIgnoreCase(KEY_PROVIDER)) {
+                        key = entry.getValue();
                     }
-                    if (needSalt) {
-                        Random r = new SecureRandom();
-                        r.nextBytes(salt);
-                        FileOutputStream fos = new FileOutputStream(saltFile);
-                        fos.write(salt);
-                        fos.close();
+                }
+                if (key != null) {
+                    final PluginManager manager = new PluginManager("KeyProvider", SecretKeyProvider.class);
+                    manager.collectPlugins();
+                    final Map<String, PluginType> plugins = manager.getPlugins();
+                    if (plugins != null) {
+                        boolean found = false;
+                        for (Map.Entry<String, PluginType> entry : plugins.entrySet())
{
+                            if (entry.getKey().equalsIgnoreCase(key)) {
+                                found = true;
+                                Class cl = entry.getValue().getPluginClass();
+                                try {
+                                    SecretKeyProvider provider = (SecretKeyProvider) cl.newInstance();
+                                    secretKey = provider.getSecretKey();
+                                } catch (Exception ex) {
+                                    LOGGER.error("Unable to create SecretKeyProvider {},
encryption will be disabled",
+                                        cl.getName());
+                                }
+                                break;
+                            }
+                        }
+                        if (!found) {
+                            LOGGER.error("Unable to locate SecretKey provider {}, encryption
will be disabled", key);
+                        }
+                    } else {
+                        LOGGER.error("Unable to locate SecretKey provider {}, encryption
will be disabled", key);
                     }
-                    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
-                    KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 256);
-                    SecretKey tmp = factory.generateSecret(spec);
-                    secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
                 }
-                return new FlumePersistentManager(name, data.name, data.agents, data.batchSize,
data.reconnectionDelay,
-                    database, secretKey);
             } catch (Exception ex) {
                 LOGGER.warn("Error setting up encryption - encryption will be disabled",
ex);
-
             }
-            return null;
+            return new FlumePersistentManager(name, data.name, data.agents, data.batchSize,
data.reconnectionDelay,
+                database, secretKey);
         }
     }
 

Added: logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java?rev=1459132&view=auto
==============================================================================
--- logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
(added)
+++ logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
Thu Mar 21 02:17:25 2013
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache license, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the license for the specific language governing permissions and
+ * limitations under the license.
+ */
+package org.apache.logging.log4j.flume.test;
+
+import org.apache.logging.log4j.core.config.plugins.Plugin;
+import org.apache.logging.log4j.core.helpers.SecretKeyProvider;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.FileOutputStream;
+import java.security.SecureRandom;
+import java.security.spec.KeySpec;
+import java.util.Random;
+
+/**
+ *
+ */
+@Plugin(name = "FlumeKeyProvider", type = "KeyProvider", elementType = "SecretKeyProvider",
printObject = true)
+public class FlumeKeyProvider implements SecretKeyProvider {
+
+    private static final byte[] key = new byte[] {-7, -21, -118, -25, -79, 73, 72, -64, 0,
127, -93, -13, -38,
+        3, -73, -31, -2, -74, 3, 28, 113, -55, -105, 9, -103, 97, -5, -54, 88, -110, 97,
-4};
+
+    public SecretKey getSecretKey() {
+        return new SecretKeySpec(key, "AES");
+    }
+}

Modified: logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml (original)
+++ logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml Thu Mar 21 02:17:25
2013
@@ -1,11 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<configuration status="info" name="MyApp" packages="">
+<configuration status="info" name="MyApp" packages="org.apache.logging.log4j.flume.test">
   <appenders>
     <Flume name="eventLogger" suppressExceptions="false" compress="true" type="persistent"
dataDir="target/persistent">
       <Agent host="localhost" port="${sys:primaryPort}"/>
       <Agent host="localhost" port="${sys:alternatePort}"/>
       <RFC5424Layout enterpriseNumber="18060" includeMDC="true" appName="MyApp"/>
-      <Property name="password">Test123!!</Property>
+      <!-- Uncomment to enable encryption
+      <Property name="keyProvider">FlumeKeyProvider</Property> -->
     </Flume>
     <Console name="STDOUT">
       <PatternLayout pattern="%d %t - [%p] %c %m%n"/>

Modified: logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml (original)
+++ logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml Thu Mar 21 02:17:25 2013
@@ -484,8 +484,7 @@
                 elements will result in an error.</p>
                 <p>When used to configure in Persistent mode the valid properties are:
                   <ol>
-                  <li>"password" to specfify that
-                the data should be encrypted when written to disk.</li>
+                  <li>"keyProvider" to specify the name of the plugin to provide the
secret key for encryption.</li>
                 </ol></p>
               </td>
             </tr>
@@ -542,7 +541,7 @@
       <Agent host="192.168.10.101" port="8800"/>
       <Agent host="192.168.10.102" port="8800"/>
       <RFC5424Layout enterpriseNumber="18060" includeMDC="true" appName="MyApp"/>
-      <Property name="password">Test123!!</Property>
+      <Property name="keyProvider">MySecretProvider</Property>
     </Flume>
   </appenders>
   <loggers>

Modified: logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml
URL: http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml (original)
+++ logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml Thu Mar 21 02:17:25 2013
@@ -89,6 +89,13 @@
             RollingFileAppender to construct the name of the file to log to.
           </p>
         </subsection>
+        <a name="KeyProviders"/>
+        <subsection name="KeyProviders">
+          Some components within Log4j may provide the ability to perform data encryption.
These components require
+          a secret key to perform the encryption. Applications may provide the key by creating
a class that
+          implements the <a href="../log4j-core/apidocs/org/apache/logging/log4j/core/helpers/SecretKeyProvider.html">SecretKeyProvider</a>
+          interface.
+        </subsection>
         <a name="Lookups"/>
         <subsection name="Lookups">
           <p>



Mime
View raw message