You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2009/08/04 15:24:28 UTC
svn commit: r800774 - in /db/derby/code/branches/10.5/java:
engine/org/apache/derby/impl/services/jce/JCECipherFactory.java
testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java
Author: rhillegas
Date: Tue Aug 4 13:24:27 2009
New Revision: 800774
URL: http://svn.apache.org/viewvc?rev=800774&view=rev
Log:
DERBY-3710: Port 800773 from trunk to 10.5 branch.
Modified:
db/derby/code/branches/10.5/java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java
db/derby/code/branches/10.5/java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java
Modified: db/derby/code/branches/10.5/java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.5/java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java?rev=800774&r1=800773&r2=800774&view=diff
==============================================================================
--- db/derby/code/branches/10.5/java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java (original)
+++ db/derby/code/branches/10.5/java/engine/org/apache/derby/impl/services/jce/JCECipherFactory.java Tue Aug 4 13:24:27 2009
@@ -187,7 +187,7 @@
@exception StandardException Standard Derby error policy
*/
- private String encryptKey(byte[] secretKey, byte[] bootPassword)
+ private EncryptedKeyResult encryptKey(byte[] secretKey, byte[] bootPassword)
throws StandardException
{
// In case of AES, care needs to be taken to allow for 16 bytes muck as well
@@ -215,7 +215,9 @@
// encrypt the secretKey using the key generated of muck from boot password and the generated IV
tmpCipherProvider.encrypt(secretKey, 0, secretKey.length, result, 0);
- return org.apache.derby.iapi.util.StringUtil.toHexString(result, 0, result.length);
+ String hexOutput = org.apache.derby.iapi.util.StringUtil.toHexString(result, 0, result.length);
+
+ return new EncryptedKeyResult( hexOutput, secretKey );
}
@@ -749,11 +751,12 @@
}
private String saveSecretKey(byte[] secretKey, byte[] bootPassword) throws StandardException {
- String encryptedKey = encryptKey(secretKey, bootPassword);
+ EncryptedKeyResult ekr = encryptKey(secretKey, bootPassword);
+ String encryptedKey = ekr.hexOutput;
// make a verification key out of the message digest of
// the generated key
- int verifyKey = digest(secretKey);
+ int verifyKey = digest(ekr.paddedInputKey);
return encryptedKey.concat("-" + verifyKey);
@@ -1021,4 +1024,17 @@
}
}
+ // tuple for returning results from encryptKey()
+ private static final class EncryptedKeyResult
+ {
+ public String hexOutput;
+ public byte[] paddedInputKey;
+
+ public EncryptedKeyResult( String hexOutput, byte[] paddedInputKey )
+ {
+ this.hexOutput = hexOutput;
+ this.paddedInputKey = paddedInputKey;
+ }
+ }
+
}
Modified: db/derby/code/branches/10.5/java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.5/java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java?rev=800774&r1=800773&r2=800774&view=diff
==============================================================================
--- db/derby/code/branches/10.5/java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java (original)
+++ db/derby/code/branches/10.5/java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionAESTest.java Tue Aug 4 13:24:27 2009
@@ -1,6 +1,6 @@
/*
*
- * Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionKeyTest
+ * Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionAESTest
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
@@ -219,11 +219,7 @@
validateDBContents(con);
// Shutdown the database.
con.close();
- // bug DERBY-3710 - with encryptionKeyLength=192,
- // we cannot connect after a shutdown. Works fine with 128 and 256.
- // the if is to workaround DERBY-3710, can be removed when it's fixed.
- if (!encryptionKeyLength.equals("192"))
- shutdown(dbName);
+ shutdown(dbName);
// Reconnect using correct key length.
con = getConnection(dbName, encryptionAlgorithm, attributes);
validateDBContents(con);
@@ -232,10 +228,7 @@
con = getDriverManagerConnection(dbName, encryptionAlgorithm, attributes);
validateDBContents(con);
con.close();
- // Shutdown the database.
- // the if is to workaround DERBY-3710
- if (!encryptionKeyLength.equals("192"))
- shutdown(dbName);
+ shutdown(dbName);
String[] keyLengths = {"128", "192", "256", "512"};
for (int i=0 ; i < keyLengths.length ; i++) {
if (!encryptionKeyLength.equals(keyLengths[i])){
@@ -247,15 +240,29 @@
encryptionKeyLength, attributes);
}
}
- // workaround DERBY-3710; otherwise the db was shutdown
- // in the method runMismatchKeyLength.
- if (encryptionKeyLength.equals("192"))
- {
- attributes = new String[]
- {("encryptionKeyLength=" + encryptionKeyLength),
- "bootPassword=Thursday"};
- shutdown(dbName);
- }
+
+ // now try re-encrypting with a different boot password
+ attributes = new String[]
+ {
+ ("encryptionKeyLength=" + encryptionKeyLength),
+ "bootPassword=Thursday",
+ "newBootPassword=Saturday"
+ };
+ con = getDriverManagerConnection(dbName, encryptionAlgorithm, attributes);
+ validateDBContents(con);
+ con.close();
+ shutdown(dbName);
+
+ // reconnect to make sure we don't have another variant of DERBY-3710
+ attributes = new String[]
+ {
+ ("encryptionKeyLength=" + encryptionKeyLength),
+ "bootPassword=Saturday"
+ };
+ con = getDriverManagerConnection(dbName, encryptionAlgorithm, attributes);
+ validateDBContents(con);
+ con.close();
+ shutdown(dbName);
}
/**
@@ -267,14 +274,12 @@
Connection con = null;
// try connecting
// all combinations work - (if unrestricted policy jars are
- // in place) except with length 192 if we've done a shutdown.
+ // in place)
try {
con = getConnection(dbName, encryptionAlgorithm, attributes );
validateDBContents(con);
con.close();
- // workaround DERBY-3710
- if (!encryptionKeyLength.equals("192"))
- shutdown(dbName);
+ shutdown(dbName);
} catch (SQLException e) {
e.printStackTrace();
con.close();