You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Sunitha Kambhampati <ks...@gmail.com> on 2005/05/11 19:40:59 UTC
[PATCH] Derby 236 BootPassword gets written out in plain text in
sane mode and in our test environment.
This patch fixes Derby 236
http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
written out in plain text in sane mode and in our test environment.
Changes include
1. remove sanity debug code in RawStore to not write bootpassword in plain text into the service.properties
2. currently the test harness does not seem to pass on the encryption related properties to the MultiTest and with change in #1, encryption wont be used for stress.multi. So changes made to RunTest to pass on the encryption, testEncryptionAlgorithm values to the MultiTest harness. Also changed mtTestCase to recognize the encryption properties and modify the database url to use for the MultiTest.
-- ran derbyall on jdk142 with no failures
-- verified that encryption run for stress.multi was running ok, by adding keepfiles=true to encryptionAll.properties and checking the service.properties for all the databases created as part of this encryptionAll testrun.
svn stat
M java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
M java\engine\org\apache\derby\impl\store\raw\RawStore.java
A java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
M java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
A java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
M java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
Can someone please review it and if it looks ok, can a committer please commit it.
Thanks,
Sunitha.
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Suresh Thalamati <su...@gmail.com>.
Sunitha Kambhampati wrote:
> Sunitha Kambhampati wrote:
>
>> Suresh Thalamati wrote:
>>
>>> - Why is password hard coded in the test harness code, is it not
>>> possible to specify it as test property ? for eg on the db URL itself.
>>> + String encryptUrl =
>>> "dataEncryption=true;bootPassword=Thursday";
>>>
>> Well, I didnt particularly like to hardcode it this way, but I looked
>> at the rest of the test harness ( see encryptionProtocol in RunTest
>> and the bootPassword is hardcoded to Thursday) and I followed the
>> same approach for MultiTest.
>>
>> This issue about reading the bootPassword as a property (ie
>> testDataEncryption) seems to be an improvement to the test harness
>> and I think it is not related to this fix in general which was why I
>> chose not to make changes to the test harness.
>>
>> But if you feel strongly otherwise please let me know.
>>
>>
> If you agree, I will file a jira entry for this.
>
> Thanks,
> Sunitha.
>
>
Thanks for the explanation, please file a jira entry. Hard coding
passwords in the harness code will make it difficult to
to add a new test cases with different password lengths ..etc.
-suresh
-suresht
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Sunitha Kambhampati <ks...@gmail.com>.
Sunitha Kambhampati wrote:
> Suresh Thalamati wrote:
>
>> - Why is password hard coded in the test harness code, is it not
>> possible to specify it as test property ? for eg on the db URL itself.
>> + String encryptUrl =
>> "dataEncryption=true;bootPassword=Thursday";
>>
> Well, I didnt particularly like to hardcode it this way, but I looked
> at the rest of the test harness ( see encryptionProtocol in RunTest
> and the bootPassword is hardcoded to Thursday) and I followed the same
> approach for MultiTest.
>
> This issue about reading the bootPassword as a property (ie
> testDataEncryption) seems to be an improvement to the test harness and
> I think it is not related to this fix in general which was why I chose
> not to make changes to the test harness.
>
> But if you feel strongly otherwise please let me know.
>
>
If you agree, I will file a jira entry for this.
Thanks,
Sunitha.
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Sunitha Kambhampati <ks...@gmail.com>.
Suresh Thalamati wrote:
> - Why is password hard coded in the test harness code, is it not
> possible to specify it as test property ? for eg on the db URL itself.
> + String encryptUrl =
> "dataEncryption=true;bootPassword=Thursday";
>
Well, I didnt particularly like to hardcode it this way, but I looked at
the rest of the test harness ( see encryptionProtocol in RunTest and
the bootPassword is hardcoded to Thursday) and I followed the same
approach for MultiTest.
This issue about reading the bootPassword as a property (ie
testDataEncryption) seems to be an improvement to the test harness and I
think it is not related to this fix in general which was why I chose not
to make changes to the test harness.
But if you feel strongly otherwise please let me know.
Thanks,
Sunitha.
>
> Mike Matrigali wrote:
>
>> I'll look into committing this one. If anyone else is reviewing it
>> let me know.
>>
>> Sunitha Kambhampati wrote:
>>
>>
>>
>>> This patch fixes Derby 236
>>> http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
>>> written out in plain text in sane mode and in our test environment.
>>>
>>> Changes include
>>>
>>> 1. remove sanity debug code in RawStore to not write bootpassword in
>>> plain text into the service.properties 2. currently the test harness
>>> does not seem to pass on the encryption related properties to the
>>> MultiTest and with change in #1, encryption wont be used for
>>> stress.multi. So changes made to RunTest to pass on the encryption,
>>> testEncryptionAlgorithm values to the MultiTest harness. Also changed
>>> mtTestCase to recognize the encryption properties and modify the
>>> database url to use for the MultiTest.
>>> -- ran derbyall on jdk142 with no failures
>>> -- verified that encryption run for stress.multi was running ok, by
>>> adding keepfiles=true to encryptionAll.properties and checking the
>>> service.properties for all the databases created as part of this
>>> encryptionAll testrun.
>>>
>>> svn stat
>>> M java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
>>> M java\engine\org\apache\derby\impl\store\raw\RawStore.java
>>> A
>>> java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
>>>
>>>
>>> M
>>> java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
>>> A
>>> java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
>>>
>>>
>>> M
>>> java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
>>>
>>>
>>> Can someone please review it and if it looks ok, can a committer please
>>> commit it.
>>> Thanks, Sunitha.
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>> ===================================================================
>>> --- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>> (revision 169429)
>>> +++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>> (working copy)
>>> @@ -156,6 +156,20 @@
>>> p.setProperty("ij.password","PWD");
>>> }
>>> }
>>> + // this is a special case for the MultiTest.
>>> + // check and alter url if there are any encryption
>>> related properties
>>> + // that need to be set on the url + if
>>> (("true").equalsIgnoreCase(p.getProperty("encryption"))) + {
>>> + String encryptUrl =
>>> "dataEncryption=true;bootPassword=Thursday";
>>> + String dbUrl = p.getProperty("database");
>>> + String encryptionAlgorithm =
>>> p.getProperty("encryptionAlgorithm");
>>> + if (encryptionAlgorithm != null)
>>> + p.setProperty("database",dbUrl + ";"+encryptUrl
>>> +";"+encryptionAlgorithm);
>>> + else
>>> + p.setProperty("database",dbUrl + ";"+encryptUrl);
>>> + }
>>> + System.setProperties(p);
>>> }
>>> // set input stream
>>> Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>> ===================================================================
>>> --- java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>> (revision 169429)
>>> +++ java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>> (working copy)
>>> @@ -175,27 +175,6 @@
>>> String dataEncryption =
>>> properties.getProperty(Attribute.DATA_ENCRYPTION);
>>> databaseEncrypted =
>>> Boolean.valueOf(dataEncryption).booleanValue();
>>>
>>> -
>>> - if (SanityManager.DEBUG)
>>> - {
>>> - if (!databaseEncrypted)
>>> - {
>>> - // check for system property if running under
>>> sanity - this
>>> - // gives more test coverage for those that that
>>> hard code
>>> - // connection URL in the test or somehow go
>>> thru the test
>>> - // harness in a strange way.
>>> - String testEncryption =
>>> -
>>> PropertyUtil.getSystemProperty("testDataEncryption");
>>> -
>>> - if (testEncryption != null)
>>> - {
>>> - properties.put(Attribute.DATA_ENCRYPTION,
>>> "true");
>>> - properties.put(Attribute.BOOT_PASSWORD,
>>> testEncryption);
>>> - databaseEncrypted = true;
>>> - }
>>> - }
>>> - }
>>> -
>>> if (databaseEncrypted)
>>> {
>>> cipherFactory =
>>> Index:
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>>
>>> ===================================================================
>>> ---
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>> (revision 0)
>>> +++
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>> (revision 0)
>>> @@ -0,0 +1,74 @@
>>> +/*
>>> + + Derby - Class
>>> org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
>>> + + Copyright 2002, 2005 The Apache Software Foundation or its
>>> licensors, as applicable.
>>> + + Licensed under the Apache License, Version 2.0 (the "License");
>>> + you may not use this file except in compliance with the License.
>>> + You may obtain a copy of the License at
>>> + + http://www.apache.org/licenses/LICENSE-2.0
>>> + + Unless required by applicable law or agreed to in writing, software
>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> + See the License for the specific language governing permissions and
>>> + limitations under the License.
>>> + + */
>>> +
>>> +package org.apache.derbyTesting.functionTests.tests.store;
>>> +
>>> +import java.sql.Connection;
>>> +import java.sql.Statement;
>>> +import java.sql.PreparedStatement;
>>> +import java.sql.DriverManager;
>>> +import java.util.Properties;
>>> +import java.io.*;
>>> +
>>> +/**
>>> + * check if bootpassword is not written out in plain text into
>>> service.properties
>>> + * for an encrypted database run within the test harness.
>>> + * In future encryption related testcases can be added to this test
>>> + */
>>> +public class EncryptionTest {
>>> + public static void main(String[] args) {
>>> + Connection conn = null;
>>> + try {
>>> + // use the ij utility to read the property file and
>>> + // make the initial connection.
>>> + org.apache.derby.tools.ij.getPropertyArg(args);
>>> + conn = org.apache.derby.tools.ij.startJBMS();
>>> +
>>> + // Test 1
>>> + // Derby 236 - boot password should not be written out
>>> + // into service.properties
>>> + String derbyHome =
>>> System.getProperty("derby.system.home");
>>> +
>>> + // read in the properties in the service.properties
>>> file of the db
>>> + Properties serviceProperties = new Properties();
>>> + File f = new File(derbyHome +
>>> "/wombat/service.properties");
>>> + serviceProperties.load(new
>>> FileInputStream(f.getAbsolutePath()));
>>> + if (serviceProperties.getProperty("bootPassword") == null)
>>> + report("TEST PASSED");
>>> + else
>>> + report("FAIL -- bootPassword should not be written
>>> out into service.properties");
>>> + + conn.close();
>>> + } catch (Throwable e) {
>>> + report("FAIL -- unexpected exception: " + e);
>>> + e.printStackTrace();
>>> + }
>>> +
>>> + }
>>> +
>>> + /**
>>> + * print message
>>> + * @param msg to print out + */
>>> + public static void report(String msg) {
>>> + System.out.println(msg);
>>> + }
>>> +
>>> +}
>>>
>>> Property changes on:
>>> java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>>
>>> ___________________________________________________________________
>>> Name: svn:eol-style
>>> + native
>>>
>>> Index:
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>> ===================================================================
>>> ---
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>> (revision 169429)
>>> +++
>>> java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>> (working copy)
>>> @@ -2021,13 +2021,24 @@
>>> jvm.setFlags(jvmflags);
>>> }
>>> - jvm.setD(jvmProps);
>>> if (testType.equals("multi"))
>>> {
>>> if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
>>> jvm.setMx(64*1024*1024); // -mx64m
>>> + + // MultiTest is special case, so pass on
>>> properties
>>> + // related to encryption to MultiTest
>>> + jvmProps.addElement("encryption="+encryption);
>>> + Properties props = new Properties();
>>> + // parse and get only the special properties that are
>>> needed for the url + SpecialFlags.parse(testSpecialProps,
>>> props, new Properties());
>>> + String encryptionAlgorithm =
>>> props.getProperty("testEncryptionAlgorithm");
>>> + if(encryptionAlgorithm != null)
>>> + jvmProps.addElement("encryptionAlgorithm=\""+
>>> Attribute.CRYPTO_ALGORITHM +
>>> +"="+encryptionAlgorithm+"\"");
>>> }
>>> + jvm.setD(jvmProps);
>>> Vector v = jvm.getCommandLine();
>>> if ( ij.startsWith("ij") )
>>> Index:
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>>
>>> ===================================================================
>>> ---
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>> (revision 0)
>>> +++
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>> (revision 0)
>>> @@ -0,0 +1 @@
>>> +TEST PASSED
>>>
>>> Property changes on:
>>> java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>>
>>> ___________________________________________________________________
>>> Name: svn:eol-style
>>> + native
>>>
>>> Index:
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
>>>
>>> ===================================================================
>>> ---
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
>>> (revision 169429)
>>> +++
>>> java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
>>> (working copy)
>>> @@ -1,2 +1,3 @@
>>> -unit/T_Cipher.unit
>>> -store/encryptDatabase.sql
>>> +unit/T_Cipher.unit
>>> +store/encryptDatabase.sql
>>> +store/EncryptionTest.java
>>>
>>
>>
>>
>>
>
>
>
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Suresh Thalamati <su...@gmail.com>.
- Why is password hard coded in the test harness code, is it not possible to
specify it as test property ? for eg on the db URL itself.
+ String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
Thanks
-suresht
Mike Matrigali wrote:
>I'll look into committing this one. If anyone else is reviewing it
>let me know.
>
>Sunitha Kambhampati wrote:
>
>
>
>>This patch fixes Derby 236
>>http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
>>written out in plain text in sane mode and in our test environment.
>>
>>Changes include
>>
>>1. remove sanity debug code in RawStore to not write bootpassword in
>>plain text into the service.properties 2. currently the test harness
>>does not seem to pass on the encryption related properties to the
>>MultiTest and with change in #1, encryption wont be used for
>>stress.multi. So changes made to RunTest to pass on the encryption,
>>testEncryptionAlgorithm values to the MultiTest harness. Also changed
>>mtTestCase to recognize the encryption properties and modify the
>>database url to use for the MultiTest.
>>-- ran derbyall on jdk142 with no failures
>>-- verified that encryption run for stress.multi was running ok, by
>>adding keepfiles=true to encryptionAll.properties and checking the
>>service.properties for all the databases created as part of this
>>encryptionAll testrun.
>>
>>svn stat
>>M java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
>>M java\engine\org\apache\derby\impl\store\raw\RawStore.java
>>A
>>java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
>>
>>M
>>java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
>>A
>>java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
>>
>>M
>>java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
>>
>>Can someone please review it and if it looks ok, can a committer please
>>commit it.
>>Thanks, Sunitha.
>>
>>
>>------------------------------------------------------------------------
>>
>>Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
>>===================================================================
>>--- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (revision 169429)
>>+++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (working copy)
>>@@ -156,6 +156,20 @@
>> p.setProperty("ij.password","PWD");
>> }
>> }
>>+ // this is a special case for the MultiTest.
>>+ // check and alter url if there are any encryption related properties
>>+ // that need to be set on the url
>>+ if (("true").equalsIgnoreCase(p.getProperty("encryption")))
>>+ {
>>+ String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
>>+ String dbUrl = p.getProperty("database");
>>+ String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
>>+ if (encryptionAlgorithm != null)
>>+ p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
>>+ else
>>+ p.setProperty("database",dbUrl + ";"+encryptUrl);
>>+ }
>>+
>> System.setProperties(p);
>> }
>> // set input stream
>>Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
>>===================================================================
>>--- java/engine/org/apache/derby/impl/store/raw/RawStore.java (revision 169429)
>>+++ java/engine/org/apache/derby/impl/store/raw/RawStore.java (working copy)
>>@@ -175,27 +175,6 @@
>> String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
>> databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();
>>
>>-
>>- if (SanityManager.DEBUG)
>>- {
>>- if (!databaseEncrypted)
>>- {
>>- // check for system property if running under sanity - this
>>- // gives more test coverage for those that that hard code
>>- // connection URL in the test or somehow go thru the test
>>- // harness in a strange way.
>>- String testEncryption =
>>- PropertyUtil.getSystemProperty("testDataEncryption");
>>-
>>- if (testEncryption != null)
>>- {
>>- properties.put(Attribute.DATA_ENCRYPTION, "true");
>>- properties.put(Attribute.BOOT_PASSWORD, testEncryption);
>>- databaseEncrypted = true;
>>- }
>>- }
>>- }
>>-
>> if (databaseEncrypted)
>> {
>> cipherFactory =
>>Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
>>+++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
>>@@ -0,0 +1,74 @@
>>+/*
>>+
>>+ Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
>>+
>>+ Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
>>+
>>+ Licensed under the Apache License, Version 2.0 (the "License");
>>+ you may not use this file except in compliance with the License.
>>+ You may obtain a copy of the License at
>>+
>>+ http://www.apache.org/licenses/LICENSE-2.0
>>+
>>+ Unless required by applicable law or agreed to in writing, software
>>+ distributed under the License is distributed on an "AS IS" BASIS,
>>+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>+ See the License for the specific language governing permissions and
>>+ limitations under the License.
>>+
>>+ */
>>+
>>+package org.apache.derbyTesting.functionTests.tests.store;
>>+
>>+import java.sql.Connection;
>>+import java.sql.Statement;
>>+import java.sql.PreparedStatement;
>>+import java.sql.DriverManager;
>>+import java.util.Properties;
>>+import java.io.*;
>>+
>>+/**
>>+ * check if bootpassword is not written out in plain text into service.properties
>>+ * for an encrypted database run within the test harness.
>>+ * In future encryption related testcases can be added to this test
>>+ */
>>+public class EncryptionTest {
>>+ public static void main(String[] args) {
>>+ Connection conn = null;
>>+ try {
>>+ // use the ij utility to read the property file and
>>+ // make the initial connection.
>>+ org.apache.derby.tools.ij.getPropertyArg(args);
>>+ conn = org.apache.derby.tools.ij.startJBMS();
>>+
>>+ // Test 1
>>+ // Derby 236 - boot password should not be written out
>>+ // into service.properties
>>+ String derbyHome = System.getProperty("derby.system.home");
>>+
>>+ // read in the properties in the service.properties file of the db
>>+ Properties serviceProperties = new Properties();
>>+ File f = new File(derbyHome + "/wombat/service.properties");
>>+ serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
>>+ if (serviceProperties.getProperty("bootPassword") == null)
>>+ report("TEST PASSED");
>>+ else
>>+ report("FAIL -- bootPassword should not be written out into service.properties");
>>+
>>+ conn.close();
>>+ } catch (Throwable e) {
>>+ report("FAIL -- unexpected exception: " + e);
>>+ e.printStackTrace();
>>+ }
>>+
>>+ }
>>+
>>+ /**
>>+ * print message
>>+ * @param msg to print out
>>+ */
>>+ public static void report(String msg) {
>>+ System.out.println(msg);
>>+ }
>>+
>>+}
>>
>>Property changes on: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
>>___________________________________________________________________
>>Name: svn:eol-style
>> + native
>>
>>Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (revision 169429)
>>+++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (working copy)
>>@@ -2021,13 +2021,24 @@
>> jvm.setFlags(jvmflags);
>> }
>>
>>- jvm.setD(jvmProps);
>>
>> if (testType.equals("multi"))
>> {
>> if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
>> jvm.setMx(64*1024*1024); // -mx64m
>>+
>>+ // MultiTest is special case, so pass on properties
>>+ // related to encryption to MultiTest
>>+ jvmProps.addElement("encryption="+encryption);
>>+ Properties props = new Properties();
>>+ // parse and get only the special properties that are needed for the url
>>+ SpecialFlags.parse(testSpecialProps, props, new Properties());
>>+ String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
>>+ if(encryptionAlgorithm != null)
>>+ jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM
>>+ +"="+encryptionAlgorithm+"\"");
>> }
>>+ jvm.setD(jvmProps);
>>
>> Vector v = jvm.getCommandLine();
>> if ( ij.startsWith("ij") )
>>Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
>>+++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
>>@@ -0,0 +1 @@
>>+TEST PASSED
>>
>>Property changes on: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
>>___________________________________________________________________
>>Name: svn:eol-style
>> + native
>>
>>Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
>>===================================================================
>>--- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (revision 169429)
>>+++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (working copy)
>>@@ -1,2 +1,3 @@
>>-unit/T_Cipher.unit
>>-store/encryptDatabase.sql
>>+unit/T_Cipher.unit
>>+store/encryptDatabase.sql
>>+store/EncryptionTest.java
>>
>>
>
>
>
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Mike Matrigali <mi...@sbcglobal.net>.
I'll look into committing this one. If anyone else is reviewing it
let me know.
Sunitha Kambhampati wrote:
> This patch fixes Derby 236
> http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
> written out in plain text in sane mode and in our test environment.
>
> Changes include
>
> 1. remove sanity debug code in RawStore to not write bootpassword in
> plain text into the service.properties 2. currently the test harness
> does not seem to pass on the encryption related properties to the
> MultiTest and with change in #1, encryption wont be used for
> stress.multi. So changes made to RunTest to pass on the encryption,
> testEncryptionAlgorithm values to the MultiTest harness. Also changed
> mtTestCase to recognize the encryption properties and modify the
> database url to use for the MultiTest.
> -- ran derbyall on jdk142 with no failures
> -- verified that encryption run for stress.multi was running ok, by
> adding keepfiles=true to encryptionAll.properties and checking the
> service.properties for all the databases created as part of this
> encryptionAll testrun.
>
> svn stat
> M java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
> M java\engine\org\apache\derby\impl\store\raw\RawStore.java
> A
> java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
>
> M
> java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
> A
> java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
>
> M
> java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
>
> Can someone please review it and if it looks ok, can a committer please
> commit it.
> Thanks, Sunitha.
>
>
> ------------------------------------------------------------------------
>
> Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
> ===================================================================
> --- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (revision 169429)
> +++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (working copy)
> @@ -156,6 +156,20 @@
> p.setProperty("ij.password","PWD");
> }
> }
> + // this is a special case for the MultiTest.
> + // check and alter url if there are any encryption related properties
> + // that need to be set on the url
> + if (("true").equalsIgnoreCase(p.getProperty("encryption")))
> + {
> + String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
> + String dbUrl = p.getProperty("database");
> + String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
> + if (encryptionAlgorithm != null)
> + p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
> + else
> + p.setProperty("database",dbUrl + ";"+encryptUrl);
> + }
> +
> System.setProperties(p);
> }
> // set input stream
> Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
> ===================================================================
> --- java/engine/org/apache/derby/impl/store/raw/RawStore.java (revision 169429)
> +++ java/engine/org/apache/derby/impl/store/raw/RawStore.java (working copy)
> @@ -175,27 +175,6 @@
> String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
> databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();
>
> -
> - if (SanityManager.DEBUG)
> - {
> - if (!databaseEncrypted)
> - {
> - // check for system property if running under sanity - this
> - // gives more test coverage for those that that hard code
> - // connection URL in the test or somehow go thru the test
> - // harness in a strange way.
> - String testEncryption =
> - PropertyUtil.getSystemProperty("testDataEncryption");
> -
> - if (testEncryption != null)
> - {
> - properties.put(Attribute.DATA_ENCRYPTION, "true");
> - properties.put(Attribute.BOOT_PASSWORD, testEncryption);
> - databaseEncrypted = true;
> - }
> - }
> - }
> -
> if (databaseEncrypted)
> {
> cipherFactory =
> Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
> +++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
> @@ -0,0 +1,74 @@
> +/*
> +
> + Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
> +
> + Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
> +
> + Licensed under the Apache License, Version 2.0 (the "License");
> + you may not use this file except in compliance with the License.
> + You may obtain a copy of the License at
> +
> + http://www.apache.org/licenses/LICENSE-2.0
> +
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + See the License for the specific language governing permissions and
> + limitations under the License.
> +
> + */
> +
> +package org.apache.derbyTesting.functionTests.tests.store;
> +
> +import java.sql.Connection;
> +import java.sql.Statement;
> +import java.sql.PreparedStatement;
> +import java.sql.DriverManager;
> +import java.util.Properties;
> +import java.io.*;
> +
> +/**
> + * check if bootpassword is not written out in plain text into service.properties
> + * for an encrypted database run within the test harness.
> + * In future encryption related testcases can be added to this test
> + */
> +public class EncryptionTest {
> + public static void main(String[] args) {
> + Connection conn = null;
> + try {
> + // use the ij utility to read the property file and
> + // make the initial connection.
> + org.apache.derby.tools.ij.getPropertyArg(args);
> + conn = org.apache.derby.tools.ij.startJBMS();
> +
> + // Test 1
> + // Derby 236 - boot password should not be written out
> + // into service.properties
> + String derbyHome = System.getProperty("derby.system.home");
> +
> + // read in the properties in the service.properties file of the db
> + Properties serviceProperties = new Properties();
> + File f = new File(derbyHome + "/wombat/service.properties");
> + serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
> + if (serviceProperties.getProperty("bootPassword") == null)
> + report("TEST PASSED");
> + else
> + report("FAIL -- bootPassword should not be written out into service.properties");
> +
> + conn.close();
> + } catch (Throwable e) {
> + report("FAIL -- unexpected exception: " + e);
> + e.printStackTrace();
> + }
> +
> + }
> +
> + /**
> + * print message
> + * @param msg to print out
> + */
> + public static void report(String msg) {
> + System.out.println(msg);
> + }
> +
> +}
>
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ___________________________________________________________________
> Name: svn:eol-style
> + native
>
> Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (revision 169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (working copy)
> @@ -2021,13 +2021,24 @@
> jvm.setFlags(jvmflags);
> }
>
> - jvm.setD(jvmProps);
>
> if (testType.equals("multi"))
> {
> if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
> jvm.setMx(64*1024*1024); // -mx64m
> +
> + // MultiTest is special case, so pass on properties
> + // related to encryption to MultiTest
> + jvmProps.addElement("encryption="+encryption);
> + Properties props = new Properties();
> + // parse and get only the special properties that are needed for the url
> + SpecialFlags.parse(testSpecialProps, props, new Properties());
> + String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
> + if(encryptionAlgorithm != null)
> + jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM
> + +"="+encryptionAlgorithm+"\"");
> }
> + jvm.setD(jvmProps);
>
> Vector v = jvm.getCommandLine();
> if ( ij.startsWith("ij") )
> Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
> +++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
> @@ -0,0 +1 @@
> +TEST PASSED
>
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ___________________________________________________________________
> Name: svn:eol-style
> + native
>
> Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (revision 169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (working copy)
> @@ -1,2 +1,3 @@
> -unit/T_Cipher.unit
> -store/encryptDatabase.sql
> +unit/T_Cipher.unit
> +store/encryptDatabase.sql
> +store/EncryptionTest.java
Re: [PATCH] Derby 236 BootPassword gets written out in plain text
in sane mode and in our test environment.
Posted by Mike Matrigali <mi...@sbcglobal.net>.
I committed this patch with svn 169913
Sunitha Kambhampati wrote:
> This patch fixes Derby 236
> http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
> written out in plain text in sane mode and in our test environment.
>
> Changes include
>
> 1. remove sanity debug code in RawStore to not write bootpassword in
> plain text into the service.properties 2. currently the test harness
> does not seem to pass on the encryption related properties to the
> MultiTest and with change in #1, encryption wont be used for
> stress.multi. So changes made to RunTest to pass on the encryption,
> testEncryptionAlgorithm values to the MultiTest harness. Also changed
> mtTestCase to recognize the encryption properties and modify the
> database url to use for the MultiTest.
> -- ran derbyall on jdk142 with no failures
> -- verified that encryption run for stress.multi was running ok, by
> adding keepfiles=true to encryptionAll.properties and checking the
> service.properties for all the databases created as part of this
> encryptionAll testrun.
>
> svn stat
> M java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
> M java\engine\org\apache\derby\impl\store\raw\RawStore.java
> A
> java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java
>
> M
> java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
> A
> java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out
>
> M
> java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall
>
> Can someone please review it and if it looks ok, can a committer please
> commit it.
> Thanks, Sunitha.
>
>
> ------------------------------------------------------------------------
>
> Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
> ===================================================================
> --- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (revision 169429)
> +++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java (working copy)
> @@ -156,6 +156,20 @@
> p.setProperty("ij.password","PWD");
> }
> }
> + // this is a special case for the MultiTest.
> + // check and alter url if there are any encryption related properties
> + // that need to be set on the url
> + if (("true").equalsIgnoreCase(p.getProperty("encryption")))
> + {
> + String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
> + String dbUrl = p.getProperty("database");
> + String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
> + if (encryptionAlgorithm != null)
> + p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
> + else
> + p.setProperty("database",dbUrl + ";"+encryptUrl);
> + }
> +
> System.setProperties(p);
> }
> // set input stream
> Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
> ===================================================================
> --- java/engine/org/apache/derby/impl/store/raw/RawStore.java (revision 169429)
> +++ java/engine/org/apache/derby/impl/store/raw/RawStore.java (working copy)
> @@ -175,27 +175,6 @@
> String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
> databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();
>
> -
> - if (SanityManager.DEBUG)
> - {
> - if (!databaseEncrypted)
> - {
> - // check for system property if running under sanity - this
> - // gives more test coverage for those that that hard code
> - // connection URL in the test or somehow go thru the test
> - // harness in a strange way.
> - String testEncryption =
> - PropertyUtil.getSystemProperty("testDataEncryption");
> -
> - if (testEncryption != null)
> - {
> - properties.put(Attribute.DATA_ENCRYPTION, "true");
> - properties.put(Attribute.BOOT_PASSWORD, testEncryption);
> - databaseEncrypted = true;
> - }
> - }
> - }
> -
> if (databaseEncrypted)
> {
> cipherFactory =
> Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
> +++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java (revision 0)
> @@ -0,0 +1,74 @@
> +/*
> +
> + Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
> +
> + Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
> +
> + Licensed under the Apache License, Version 2.0 (the "License");
> + you may not use this file except in compliance with the License.
> + You may obtain a copy of the License at
> +
> + http://www.apache.org/licenses/LICENSE-2.0
> +
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + See the License for the specific language governing permissions and
> + limitations under the License.
> +
> + */
> +
> +package org.apache.derbyTesting.functionTests.tests.store;
> +
> +import java.sql.Connection;
> +import java.sql.Statement;
> +import java.sql.PreparedStatement;
> +import java.sql.DriverManager;
> +import java.util.Properties;
> +import java.io.*;
> +
> +/**
> + * check if bootpassword is not written out in plain text into service.properties
> + * for an encrypted database run within the test harness.
> + * In future encryption related testcases can be added to this test
> + */
> +public class EncryptionTest {
> + public static void main(String[] args) {
> + Connection conn = null;
> + try {
> + // use the ij utility to read the property file and
> + // make the initial connection.
> + org.apache.derby.tools.ij.getPropertyArg(args);
> + conn = org.apache.derby.tools.ij.startJBMS();
> +
> + // Test 1
> + // Derby 236 - boot password should not be written out
> + // into service.properties
> + String derbyHome = System.getProperty("derby.system.home");
> +
> + // read in the properties in the service.properties file of the db
> + Properties serviceProperties = new Properties();
> + File f = new File(derbyHome + "/wombat/service.properties");
> + serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
> + if (serviceProperties.getProperty("bootPassword") == null)
> + report("TEST PASSED");
> + else
> + report("FAIL -- bootPassword should not be written out into service.properties");
> +
> + conn.close();
> + } catch (Throwable e) {
> + report("FAIL -- unexpected exception: " + e);
> + e.printStackTrace();
> + }
> +
> + }
> +
> + /**
> + * print message
> + * @param msg to print out
> + */
> + public static void report(String msg) {
> + System.out.println(msg);
> + }
> +
> +}
>
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
> ___________________________________________________________________
> Name: svn:eol-style
> + native
>
> Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (revision 169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java (working copy)
> @@ -2021,13 +2021,24 @@
> jvm.setFlags(jvmflags);
> }
>
> - jvm.setD(jvmProps);
>
> if (testType.equals("multi"))
> {
> if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
> jvm.setMx(64*1024*1024); // -mx64m
> +
> + // MultiTest is special case, so pass on properties
> + // related to encryption to MultiTest
> + jvmProps.addElement("encryption="+encryption);
> + Properties props = new Properties();
> + // parse and get only the special properties that are needed for the url
> + SpecialFlags.parse(testSpecialProps, props, new Properties());
> + String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
> + if(encryptionAlgorithm != null)
> + jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM
> + +"="+encryptionAlgorithm+"\"");
> }
> + jvm.setD(jvmProps);
>
> Vector v = jvm.getCommandLine();
> if ( ij.startsWith("ij") )
> Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
> +++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out (revision 0)
> @@ -0,0 +1 @@
> +TEST PASSED
>
> Property changes on: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
> ___________________________________________________________________
> Name: svn:eol-style
> + native
>
> Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
> ===================================================================
> --- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (revision 169429)
> +++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall (working copy)
> @@ -1,2 +1,3 @@
> -unit/T_Cipher.unit
> -store/encryptDatabase.sql
> +unit/T_Cipher.unit
> +store/encryptDatabase.sql
> +store/EncryptionTest.java