ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <vperias...@hortonworks.com>
Subject Re: Review Request 63209: RANGER-1644 changed crypto algorithm to a strong one
Date Thu, 07 Dec 2017 13:41:18 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63209/#review193115
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
Line 65 (original), 78 (patched)
<https://reviews.apache.org/r/63209/#comment271612>

    Patch fails to apply. Could you please check?
    
    ```
    $ git apply --check -v < ~/Downloads/0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch
    Checking patch agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java...
    error: while searching for:
    
            PasswordUtils(String aPassword) {
                String[] crypt_algo_array = null;
                int count = 0;
                if (aPassword != null && aPassword.contains(",")) {
                    count = StringUtils.countMatches(aPassword, ",");
                    crypt_algo_array = aPassword.split(",");
                }
                if (crypt_algo_array != null && crypt_algo_array.length > 1) {
                    CRYPT_ALGO = crypt_algo_array[0];
                    ENCRYPT_KEY = crypt_algo_array[1].toCharArray();
                    SALT = crypt_algo_array[2].getBytes();
                    ITERATION_COUNT = Integer.parseInt(crypt_algo_array[3]);
                    password = crypt_algo_array[4];
                    if (count > 4) {
                        for (int i = 5 ; i<=count ; i++){
                            password = password + "," + crypt_algo_array[i];
                        }
                    }
                } else {
                        CRYPT_ALGO = DEFAULT_CRYPT_ALGO;
                        ENCRYPT_KEY = DEFAULT_ENCRYPT_KEY.toCharArray();
                        SALT = DEFAULT_SALT.getBytes();
                        ITERATION_COUNT = DEFAULT_ITERATION_COUNT;
                        password = aPassword;
                }
                Map<String, String> env = System.getenv();
                String encryptKeyStr = env.get("ENCRYPT_KEY");
                if (encryptKeyStr == null) {
                    encryptKey=ENCRYPT_KEY;
                }else{
                    encryptKey=encryptKeyStr.toCharArray();
                }
                String saltStr = env.get("ENCRYPT_SALT");
                if (saltStr == null) {
                    salt = SALT;
                }else{
                    salt=saltStr.getBytes();
                }
            }
    
        public static String decryptPassword(String aPassword) throws IOException {
            return new PasswordUtils(aPassword).decrypt();
        }
    
        private String decrypt() throws IOException {
            String ret = null;
            try {
                byte[] decodedPassword = Base64.decode(password);
                Cipher engine = Cipher.getInstance(CRYPT_ALGO);
                PBEKeySpec keySpec = new PBEKeySpec(encryptKey);
                SecretKeyFactory skf = SecretKeyFactory.getInstance(CRYPT_ALGO);
                SecretKey key = skf.generateSecret(keySpec);
                engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
                String decrypted = new String(engine.doFinal(decodedPassword));
                int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR);
                if (foundAt > -1) {
                    if (decrypted.length() > foundAt) {
                        ret = decrypted.substring(foundAt+1);
                    }
                    else {
                        ret = "";
                    }
                }
                else {
                    ret = null;
                }
            }
            catch(Throwable t) {
                LOG.error("Unable to decrypt password due to error", t);
                throw new IOException("Unable to decrypt password due to error", t);
            }
            return ret;
        }
    }
    
    error: patch failed: agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java:78
    error: agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java: patch
does not apply
    Checking patch agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java...
    Checking patch security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java...
    error: while searching for:
    import org.apache.poi.ss.usermodel.Workbook;
    import org.codehaus.jettison.json.JSONException;
    
    import com.google.gson.Gson;
    
    @Component
    
    error: patch failed: security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java:183
    error: security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java: patch does
not apply
    Checking patch security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java...
    Hunk #2 succeeded at 45 (offset 1 line).
    Hunk #3 succeeded at 293 (offset 1 line).
    Checking patch security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml...
    Checking patch security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java...
    Hunk #1 succeeded at 2331 (offset 4 lines).
    ```


- Velmurugan Periasamy


On Nov. 3, 2017, 3:59 p.m., Endre Zoltan Kovacs wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63209/
> -----------------------------------------------------------
> 
> (Updated Nov. 3, 2017, 3:59 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1644
>     https://issues.apache.org/jira/browse/RANGER-1644
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> changing outdate hash&crypto algorigthms: MD5&DES => SHA512&AES128
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 58cdd3531

>   agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java 4e135aaa7

>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da650747d 
>   security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java 3dd761a2b

>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03df1

>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 976fd0cb8

> 
> 
> Diff: https://reviews.apache.org/r/63209/diff/4/
> 
> 
> Testing
> -------
> 
> PasswordUtilsTest: added new unit test and updated previous ones
> Added service update test: on service update new service password will be encrypted with
the new algorithm
> 
> 
> Thanks,
> 
> Endre Zoltan Kovacs
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message