You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by hi...@apache.org on 2016/06/03 21:59:05 UTC
incubator-geode git commit: GEODE-1372 added test for different algo.
Fixed issue for algo without size
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-1372 105301940 -> 7737c85d7
GEODE-1372 added test for different algo. Fixed issue for algo without size
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/7737c85d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/7737c85d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/7737c85d
Branch: refs/heads/feature/GEODE-1372
Commit: 7737c85d7d878690a1a7c2680fbd95c0c6c55ff1
Parents: 1053019
Author: Hitesh Khamesra <hi...@yahoo.com>
Authored: Fri Jun 3 14:57:37 2016 -0700
Committer: Hitesh Khamesra <hi...@yahoo.com>
Committed: Fri Jun 3 14:57:37 2016 -0700
----------------------------------------------------------------------
.../membership/gms/messenger/GMSEncrypt.java | 24 ++--
.../gms/membership/GMSJoinLeaveJUnitTest.java | 1 +
.../gms/messenger/GMSEncryptJUnitTest.java | 109 ++++++++++++++-----
3 files changed, 95 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7737c85d/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
index c9133b0..b831d44 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
@@ -84,7 +84,7 @@ public class GMSEncrypt implements Cloneable {
protected byte[] getClusterSecretKey() {
return this.clusterEncryptor.secretBytes;
}
-
+
protected synchronized void initClusterSecretKey() throws Exception {
if(this.clusterEncryptor == null) {
this.clusterEncryptor = new ClusterEncryptor(this);
@@ -96,7 +96,7 @@ public class GMSEncrypt implements Cloneable {
//TODO we are reseeting here, in case there is some race
this.clusterEncryptor = new ClusterEncryptor(secretBytes);
}
-
+
protected GMSEncrypt() {
initEncryptors();
}
@@ -230,7 +230,7 @@ public class GMSEncrypt implements Cloneable {
private Map<InternalDistributedMember, PeerEncryptor> getPeerEncryptorMap() {
int h = Math.abs(Thread.currentThread().getName().hashCode() % numberOfPeerEncryptorCopies);
- ConcurrentHashMap m = copyOfPeerEncryptors[h];
+ ConcurrentHashMap<InternalDistributedMember, PeerEncryptor> m = copyOfPeerEncryptors[h];
if(m == null) {
synchronized (copyOfPeerEncryptors) {
@@ -417,10 +417,9 @@ public class GMSEncrypt implements Cloneable {
int blocksize = getBlockSize(dhSKAlgo);
if (keysize == -1 || blocksize == -1) {
- // TODO how should we do here, should we just throw runtime exception?
- /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
- * encrypt = Cipher.getInstance(dhSKAlgo);
- * encrypt.init(Cipher.ENCRYPT_MODE, sKey); */
+ SecretKeySpec sks = new SecretKeySpec(secretBytes, dhSKAlgo);
+ encrypt = Cipher.getInstance(dhSKAlgo);
+ encrypt.init(Cipher.ENCRYPT_MODE, sks);
} else {
String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
@@ -469,10 +468,9 @@ public class GMSEncrypt implements Cloneable {
int blocksize = getBlockSize(dhSKAlgo);
if (keysize == -1 || blocksize == -1) {
- // TODO: how to do here, should we just throw runtime exception?
- /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
- * decrypt = Cipher.getInstance(dhSKAlgo);
- * decrypt.init(Cipher.DECRYPT_MODE, sKey); */
+ SecretKeySpec sks = new SecretKeySpec(secretBytes, dhSKAlgo);
+ decrypt = Cipher.getInstance(dhSKAlgo);
+ decrypt.init(Cipher.DECRYPT_MODE, sks);
} else {
String algoStr = getDhAlgoStr(dhSKAlgo);
@@ -494,7 +492,7 @@ public class GMSEncrypt implements Cloneable {
int blocksize = getBlockSize(dhSKAlgo);
if (keysize == -1 || blocksize == -1) {
- SecretKey sKey = ka.generateSecret(dhSKAlgo);
+ SecretKey sKey = ka.generateSecret(dhSKAlgo);
return sKey.getEncoded();
} else {
return ka.generateSecret();
@@ -532,7 +530,7 @@ public class GMSEncrypt implements Cloneable {
public ClusterEncryptor(byte[] sb) {
this.secretBytes = sb;
}
-
+
public synchronized byte[] encryptBytes(byte[] data) throws Exception {
String algo = dhSKAlgo;
return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo));
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7737c85d/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
index 0d3b9fc..29c24b8 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
@@ -101,6 +101,7 @@ public class GMSJoinLeaveJUnitTest {
mockDistConfig = mock(DistributionConfig.class);
when(mockDistConfig.getEnableNetworkPartitionDetection()).thenReturn(enableNetworkPartition);
when(mockDistConfig.getLocators()).thenReturn("localhost[8888]");
+ when(mockDistConfig.getSecurityClientDHAlgo()).thenReturn("");
mockConfig = mock(ServiceConfig.class);
when(mockDistConfig.getStartLocator()).thenReturn("localhost[12345]");
when(mockConfig.getDistributionConfig()).thenReturn(mockDistConfig);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7737c85d/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
index 5d4086c..9e43623 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
@@ -46,9 +46,13 @@ public class GMSEncryptJUnitTest {
NetView netView;
- private void initMocks() throws Exception {
+ private void initMocks() throws Exception{
+ initMocks("AES:128");
+ }
+
+ private void initMocks(String algo) throws Exception {
Properties nonDefault = new Properties();
- nonDefault.put(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, "AES:128");
+ nonDefault.put(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, algo);
DistributionConfigImpl config = new DistributionConfigImpl(nonDefault);
RemoteTransportConfig tconfig = new RemoteTransportConfig(config,
DistributionManager.NORMAL_DM_TYPE);
@@ -73,45 +77,51 @@ public class GMSEncryptJUnitTest {
}
+ String[] algos = new String[]{"AES",
+ "Blowfish",
+ "DES",
+ "DESede"};
@Test
public void testOneMemberCanDecryptAnothersMessage() throws Exception{
- initMocks();
+ for (String algo : algos) {
+ initMocks(algo);
- GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender
- GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the receiver
+ GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender
+ GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the receiver
- // establish the public keys for the sender and receiver
- netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
- netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
+ // establish the public keys for the sender and receiver
+ netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
+ netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
- gmsEncrypt1.installView(netView, mockMembers[1]);
- gmsEncrypt2.installView(netView, mockMembers[2]);
+ gmsEncrypt1.installView(netView, mockMembers[1]);
+ gmsEncrypt2.installView(netView, mockMembers[2]);
- // sender encrypts a message, so use receiver's public key
- String ch = "Hello world";
- byte[] challenge = ch.getBytes();
- byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge, mockMembers[2]);
+ // sender encrypts a message, so use receiver's public key
+ String ch = "Hello world";
+ byte[] challenge = ch.getBytes();
+ byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge, mockMembers[2]);
- // receiver decrypts the message using the sender's public key
- byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge, mockMembers[1]);
+ // receiver decrypts the message using the sender's public key
+ byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge, mockMembers[1]);
- // now send a response
- String response = "Hello yourself!";
- byte[] responseBytes = response.getBytes();
- byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]);
+ // now send a response
+ String response = "Hello yourself!";
+ byte[] responseBytes = response.getBytes();
+ byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]);
- // receiver decodes the response
- byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse, mockMembers[2]);
+ // receiver decodes the response
+ byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse, mockMembers[2]);
- Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
+ Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
- Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
+ Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
- Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
+ Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
- Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
+ Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
+ }
}
@Test
@@ -247,6 +257,53 @@ public class GMSEncryptJUnitTest {
}
@Test
+ public void testForClusterSecretKeyFromOtherMember() throws Exception{
+ for (String algo : algos) {
+ initMocks(algo);
+
+ final GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender
+ Thread.currentThread().sleep(100);
+ gmsEncrypt1.initClusterSecretKey();
+ final GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the sender
+
+ // establish the public keys for the sender and receiver
+ netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
+ netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
+
+ gmsEncrypt1.installView(netView, mockMembers[1]);
+
+ byte[] secretBytes = gmsEncrypt1.getClusterSecretKey();
+ gmsEncrypt2.addClusterKey(secretBytes);
+
+ gmsEncrypt2.installView(netView, mockMembers[1]);
+
+ // sender encrypts a message, so use receiver's public key
+ String ch = "Hello world";
+ byte[] challenge = ch.getBytes();
+ byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge);
+
+ // receiver decrypts the message using the sender's public key
+ byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge);
+
+ // now send a response
+ String response = "Hello yourself!";
+ byte[] responseBytes = response.getBytes();
+ byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes);
+
+ // receiver decodes the response
+ byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse);
+
+ Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
+
+ Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
+
+ Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
+
+ Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
+ }
+ }
+
+ @Test
public void testForClusterSecretKeyFromOtherMemberMultipleThreads() throws Exception{
initMocks();