You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2010/03/31 23:06:13 UTC
svn commit: r929715 - in /db/derby/code/trunk/java:
engine/org/apache/derby/iapi/reference/Property.java
engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
Author: kahatlen
Date: Wed Mar 31 21:06:13 2010
New Revision: 929715
URL: http://svn.apache.org/viewvc?rev=929715&view=rev
Log:
DERBY-4602, DERBY-4483: Use SHA-1 for BUILTIN authentication if SHA-256 isn't supported
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?rev=929715&r1=929714&r2=929715&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Wed Mar 31 21:06:13 2010
@@ -725,6 +725,14 @@ public interface Property {
public static final String AUTHENTICATION_BUILTIN_ALGORITHM_DEFAULT =
"SHA-256";
+ /**
+ * Alternative default value for derby.authentication.builtin.algorithm if
+ * {@link #AUTHENTICATION_BUILTIN_ALGORITHM_DEFAULT} is not available at
+ * database creation time.
+ */
+ public static final String AUTHENTICATION_BUILTIN_ALGORITHM_FALLBACK =
+ "SHA-1";
+
/*
** Log
*/
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?rev=929715&r1=929714&r2=929715&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Wed Mar 31 21:06:13 2010
@@ -158,6 +158,8 @@ import java.util.LinkedList;
import java.util.Enumeration;
import java.io.InputStream;
import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.sql.Types;
@@ -765,7 +767,7 @@ public final class DataDictionaryImpl
// in the database for BUILTIN authentication.
bootingTC.setProperty(
Property.AUTHENTICATION_BUILTIN_ALGORITHM,
- Property.AUTHENTICATION_BUILTIN_ALGORITHM_DEFAULT,
+ findDefaultBuiltinAlgorithm(),
false);
} else {
// Get the ids for non-core tables
@@ -830,6 +832,24 @@ public final class DataDictionaryImpl
booting = false;
}
+ /**
+ * Find the default message digest algorithm to use for BUILTIN
+ * authentication on this database.
+ *
+ * @return the name of the algorithm to use as the default
+ */
+ private String findDefaultBuiltinAlgorithm() {
+ try {
+ // First check for the preferred default, and return it if present
+ MessageDigest.getInstance(
+ Property.AUTHENTICATION_BUILTIN_ALGORITHM_DEFAULT);
+ return Property.AUTHENTICATION_BUILTIN_ALGORITHM_DEFAULT;
+ } catch (NoSuchAlgorithmException nsae) {
+ // Couldn't find the preferred algorithm, so use the fallback
+ return Property.AUTHENTICATION_BUILTIN_ALGORITHM_FALLBACK;
+ }
+ }
+
private CacheManager getPermissionsCache() throws StandardException
{
if( permissionsCache == null)
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java?rev=929715&r1=929714&r2=929715&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java Wed Mar 31 21:06:13 2010
@@ -22,6 +22,8 @@
package org.apache.derbyTesting.functionTests.tests.jdbcapi;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.PreparedStatement;
@@ -1105,8 +1107,25 @@ public class AuthenticationTest extends
* hash authentication scheme enabled.
*/
public void testDefaultHashAlgorithm() throws SQLException {
- // SHA-256 should be the default hash algorithm now
- assertEquals("SHA-256", getDatabaseProperty(BUILTIN_ALGO_PROP));
+ // SHA-256 should be the default hash algorithm now, if it's supported
+ // on the platform. Otherwise, we fall back to SHA-1.
+ String expected = supportsAlgorithm("SHA-256") ? "SHA-256" : "SHA-1";
+ assertEquals(expected, getDatabaseProperty(BUILTIN_ALGO_PROP));
+ }
+
+ /**
+ * Check if a message digest algorithm is supported on this platform.
+ *
+ * @param algorithm the algorithm to check
+ * @return true if the algorithm is supported, false otherwise
+ */
+ private boolean supportsAlgorithm(String algorithm) {
+ try {
+ MessageDigest.getInstance(algorithm);
+ return true;
+ } catch (NoSuchAlgorithmException nsae) {
+ return false;
+ }
}
/**
@@ -1119,6 +1138,12 @@ public class AuthenticationTest extends
String[] algorithms = { null, "MD5", "SHA-1", "SHA-256", "SHA-512" };
for (int i = 0; i < algorithms.length; i++) {
String algo = algorithms[i];
+
+ if (algo != null && !supportsAlgorithm(algo)) {
+ // DERBY-4602: Skip algorithms not supported on this platform
+ continue;
+ }
+
setDatabaseProperty(BUILTIN_ALGO_PROP, algo);
for (int j = 0; j < USERS.length; j++) {