You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2014/04/22 23:22:21 UTC

git commit: ACCUMULO-2713 checking for all sensitive and raw output stream for walogs

Repository: accumulo
Updated Branches:
  refs/heads/1.6.0-SNAPSHOT 53136a7b3 -> fbbe472a3


ACCUMULO-2713 checking for all sensitive and raw output stream for walogs


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/fbbe472a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/fbbe472a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/fbbe472a

Branch: refs/heads/1.6.0-SNAPSHOT
Commit: fbbe472a304ac9dd25850f80de65479d3b19e3a6
Parents: 53136a7
Author: John Vines <vi...@apache.org>
Authored: Tue Apr 22 17:20:48 2014 -0400
Committer: John Vines <vi...@apache.org>
Committed: Tue Apr 22 17:22:16 2014 -0400

----------------------------------------------------------------------
 .../accumulo/core/file/rfile/RFileTest.java     | 10 +++++---
 .../core/security/crypto/CryptoTest.java        | 26 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
index 767bb3d..969b179 100644
--- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
@@ -1751,7 +1751,7 @@ public class RFileTest {
   }
 
   @Test
-  public void testCryptoDoesntLeakInstanceSecret() throws IOException {
+  public void testCryptoDoesntLeakSensitive() throws IOException {
     conf = setAndGetAccumuloConfig(CryptoTest.CRYPTO_ON_CONF);
     // test an empty file
 
@@ -1763,10 +1763,12 @@ public class RFileTest {
     byte[] rfBytes = trf.baos.toByteArray();
     
     // If we get here, we have encrypted bytes
-    byte[] toCheck = Property.INSTANCE_SECRET.getKey().getBytes();
-    assertEquals(-1, Bytes.indexOf(rfBytes, toCheck));
+    for (Property prop : Property.values()) {
+      if (prop.isSensitive()) {
+        byte[] toCheck = prop.getKey().getBytes();
+        assertEquals(-1, Bytes.indexOf(rfBytes, toCheck));  }
+    }    
   }
-
   
   @Test
   public void testRootTabletEncryption() throws Exception {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
index 605e43a..fe16c0e 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
@@ -44,11 +44,14 @@ import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.ConfigurationCopy;
+import org.apache.accumulo.core.conf.Property;
 import org.apache.hadoop.conf.Configuration;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
+import com.google.common.primitives.Bytes;
+
 public class CryptoTest {
   
   private static final int MARKER_INT = 0xCADEFEDD;
@@ -102,6 +105,29 @@ public class CryptoTest {
   }
   
   @Test
+  public void testCryptoModuleDoesntLeakSensitive() throws IOException {
+    AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);    
+
+    CryptoModuleParameters params = CryptoModuleFactory.createParamsObjectFromAccumuloConfiguration(conf);
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    params.setPlaintextOutputStream(baos);
+
+    CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
+
+    cryptoModule.getEncryptingOutputStream(params);
+    params.getEncryptedOutputStream().close();
+    
+    // If we get here, we have encrypted bytes
+    byte[] streamBytes = baos.toByteArray();
+    for (Property prop : Property.values()) {
+      if (prop.isSensitive()) {
+        byte[] toCheck = prop.getKey().getBytes();
+        assertEquals(-1, Bytes.indexOf(streamBytes, toCheck));  }
+    }    
+
+  }
+  
+  @Test
   public void testCryptoModuleParamsValidation1() throws IOException {
     AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);