You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by mm...@apache.org on 2018/11/08 18:41:12 UTC
[accumulo] branch master updated: Added additional crypto unit
tests (#756)
This is an automated email from the ASF dual-hosted git repository.
mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git
The following commit(s) were added to refs/heads/master by this push:
new 95214d4 Added additional crypto unit tests (#756)
95214d4 is described below
commit 95214d4255e96a40601c3162a6f79cb956e1df5a
Author: Nick Felts <31...@users.noreply.github.com>
AuthorDate: Thu Nov 8 13:41:07 2018 -0500
Added additional crypto unit tests (#756)
* Test for missing KEK uri file
* Test for empty KEK uri file
* Test for unwrapping with an incorrect KEK
* Added IllegalArgumentException to catch in AESKeyUtils.loadKekFromUri to provide more useful error message
---
.../core/security/crypto/impl/AESKeyUtils.java | 2 +-
.../apache/accumulo/core/file/rfile/RFileTest.java | 2 +-
.../accumulo/core/security/crypto/CryptoTest.java | 43 +++++++++++++++++++---
3 files changed, 40 insertions(+), 7 deletions(-)
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
index 6e6c838..16eb8e4 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
@@ -83,7 +83,7 @@ public class AESKeyUtils {
try {
uri = new URI(keyId);
key = new SecretKeySpec(Files.readAllBytes(Paths.get(uri.getPath())), "AES");
- } catch (URISyntaxException | IOException e) {
+ } catch (URISyntaxException | IOException | IllegalArgumentException e) {
throw new CryptoException("Unable to load key encryption key.", e);
}
diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
index 8917469..c51d091 100644
--- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
@@ -128,7 +128,7 @@ public class RFileTest {
@BeforeClass
public static void setupCryptoKeyFile() throws Exception {
- CryptoTest.setupKeyFile();
+ CryptoTest.setupKeyFiles();
}
static class SeekableByteArrayInputStream extends ByteArrayInputStream
diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
index 3c05df7..23d788f 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
@@ -62,6 +62,7 @@ import org.apache.accumulo.core.security.crypto.streams.NoFlushOutputStream;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment.Scope;
import org.apache.accumulo.core.spi.crypto.CryptoService;
+import org.apache.accumulo.core.spi.crypto.CryptoService.CryptoException;
import org.apache.accumulo.core.spi.crypto.FileDecrypter;
import org.apache.accumulo.core.spi.crypto.FileEncrypter;
import org.apache.accumulo.core.util.CachedConfiguration;
@@ -87,17 +88,20 @@ public class CryptoTest {
public static final String CRYPTO_OFF_CONF = "OFF";
public static final String keyPath = System.getProperty("user.dir")
+ "/target/CryptoTest-testkeyfile";
+ public static final String emptyKeyPath = System.getProperty("user.dir")
+ + "/target/CryptoTest-emptykeyfile";
@Rule
public ExpectedException exception = ExpectedException.none();
@BeforeClass
- public static void setupKeyFile() throws Exception {
+ public static void setupKeyFiles() throws Exception {
FileSystem fs = FileSystem.getLocal(CachedConfiguration.getInstance());
Path aesPath = new Path(keyPath);
try (FSDataOutputStream out = fs.create(aesPath)) {
out.writeUTF("sixteenbytekey"); // 14 + 2 from writeUTF
}
+ FSDataOutputStream out = fs.create(new Path(emptyKeyPath));
}
@Test
@@ -278,8 +282,8 @@ public class CryptoTest {
@SuppressFBWarnings(value = "CIPHER_INTEGRITY", justification = "CBC is being tested")
@Test
- public void testKeyManagerGeneratesKey() throws NoSuchAlgorithmException, NoSuchProviderException,
- NoSuchPaddingException, InvalidKeyException {
+ public void testAESKeyUtilsGeneratesKey() throws NoSuchAlgorithmException,
+ NoSuchProviderException, NoSuchPaddingException, InvalidKeyException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
java.security.Key key;
key = AESKeyUtils.generateKey(sr, 16);
@@ -294,7 +298,7 @@ public class CryptoTest {
}
@Test
- public void testKeyManagerWrapAndUnwrap()
+ public void testAESKeyUtilsWrapAndUnwrap()
throws NoSuchAlgorithmException, NoSuchProviderException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
java.security.Key kek = AESKeyUtils.generateKey(sr, 16);
@@ -306,7 +310,22 @@ public class CryptoTest {
}
@Test
- public void testKeyManagerLoadKekFromUri() throws IOException {
+ public void testAESKeyUtilsFailUnwrapWithWrongKEK()
+ throws NoSuchAlgorithmException, NoSuchProviderException {
+ SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
+ java.security.Key kek = AESKeyUtils.generateKey(sr, 16);
+ java.security.Key fek = AESKeyUtils.generateKey(sr, 16);
+ byte[] wrongBytes = kek.getEncoded();
+ wrongBytes[0]++;
+ java.security.Key wrongKek = new SecretKeySpec(wrongBytes, "AES");
+
+ byte[] wrapped = AESKeyUtils.wrapKey(fek, kek);
+ exception.expect(CryptoException.class);
+ java.security.Key unwrapped = AESKeyUtils.unwrapKey(wrapped, wrongKek);
+ }
+
+ @Test
+ public void testAESKeyUtilsLoadKekFromUri() throws IOException {
SecretKeySpec fileKey = AESKeyUtils.loadKekFromUri(keyPath);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
@@ -315,6 +334,20 @@ public class CryptoTest {
assertEquals(fileKey, handKey);
}
+ @Test
+ public void testAESKeyUtilsLoadKekFromUriInvalidUri() {
+ exception.expect(CryptoException.class);
+ SecretKeySpec fileKey = AESKeyUtils.loadKekFromUri(
+ System.getProperty("user.dir") + "/target/CryptoTest-testkeyfile-doesnt-exist");
+ }
+
+ @Test
+ public void testAESKeyUtilsLoadKekFromEmptyFile() {
+ exception.expect(CryptoException.class);
+ SecretKeySpec fileKey = AESKeyUtils.loadKekFromUri(emptyKeyPath);
+
+ }
+
private ArrayList<Key> testData() {
ArrayList<Key> keys = new ArrayList<>();
keys.add(new Key("a", "cf", "cq"));