You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2014/04/22 23:22:21 UTC
git commit: ACCUMULO-2713 checking for all sensitive and raw output
stream for walogs
Repository: accumulo
Updated Branches:
refs/heads/1.6.0-SNAPSHOT 53136a7b3 -> fbbe472a3
ACCUMULO-2713 checking for all sensitive and raw output stream for walogs
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/fbbe472a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/fbbe472a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/fbbe472a
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: fbbe472a304ac9dd25850f80de65479d3b19e3a6
Parents: 53136a7
Author: John Vines <vi...@apache.org>
Authored: Tue Apr 22 17:20:48 2014 -0400
Committer: John Vines <vi...@apache.org>
Committed: Tue Apr 22 17:22:16 2014 -0400
----------------------------------------------------------------------
.../accumulo/core/file/rfile/RFileTest.java | 10 +++++---
.../core/security/crypto/CryptoTest.java | 26 ++++++++++++++++++++
2 files changed, 32 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
index 767bb3d..969b179 100644
--- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
@@ -1751,7 +1751,7 @@ public class RFileTest {
}
@Test
- public void testCryptoDoesntLeakInstanceSecret() throws IOException {
+ public void testCryptoDoesntLeakSensitive() throws IOException {
conf = setAndGetAccumuloConfig(CryptoTest.CRYPTO_ON_CONF);
// test an empty file
@@ -1763,10 +1763,12 @@ public class RFileTest {
byte[] rfBytes = trf.baos.toByteArray();
// If we get here, we have encrypted bytes
- byte[] toCheck = Property.INSTANCE_SECRET.getKey().getBytes();
- assertEquals(-1, Bytes.indexOf(rfBytes, toCheck));
+ for (Property prop : Property.values()) {
+ if (prop.isSensitive()) {
+ byte[] toCheck = prop.getKey().getBytes();
+ assertEquals(-1, Bytes.indexOf(rfBytes, toCheck)); }
+ }
}
-
@Test
public void testRootTabletEncryption() throws Exception {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/fbbe472a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
index 605e43a..fe16c0e 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
@@ -44,11 +44,14 @@ import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.ConfigurationCopy;
+import org.apache.accumulo.core.conf.Property;
import org.apache.hadoop.conf.Configuration;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
+import com.google.common.primitives.Bytes;
+
public class CryptoTest {
private static final int MARKER_INT = 0xCADEFEDD;
@@ -102,6 +105,29 @@ public class CryptoTest {
}
@Test
+ public void testCryptoModuleDoesntLeakSensitive() throws IOException {
+ AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);
+
+ CryptoModuleParameters params = CryptoModuleFactory.createParamsObjectFromAccumuloConfiguration(conf);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ params.setPlaintextOutputStream(baos);
+
+ CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
+
+ cryptoModule.getEncryptingOutputStream(params);
+ params.getEncryptedOutputStream().close();
+
+ // If we get here, we have encrypted bytes
+ byte[] streamBytes = baos.toByteArray();
+ for (Property prop : Property.values()) {
+ if (prop.isSensitive()) {
+ byte[] toCheck = prop.getKey().getBytes();
+ assertEquals(-1, Bytes.indexOf(streamBytes, toCheck)); }
+ }
+
+ }
+
+ @Test
public void testCryptoModuleParamsValidation1() throws IOException {
AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);