Repository: accumulo Updated Branches: refs/heads/master 99baad37e -> 0fca7dca7
ACCUMULO-2713 fixing Michael Allen's patch and adding test Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/6138a80f Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/6138a80f Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/6138a80f Branch: refs/heads/master Commit: 6138a80f0b3252abbb1ac65e5c267f5ff7514ff6 Parents: 5678e51 Author: John Vines <vi...@apache.org> Authored: Tue Apr 22 12:30:28 2014 -0400 Committer: John Vines <vi...@apache.org> Committed: Tue Apr 22 12:30:28 2014 -0400 ---------------------------------------------------------------------- .../security/crypto/CryptoModuleFactory.java | 1 + .../accumulo/core/file/rfile/RFileTest.java | 21 ++++++++++++++++++++ 2 files changed, 22 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/6138a80f/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java index 649bfc8..4d04125 100644 --- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java +++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java @@ -258,6 +258,7 @@ public class CryptoModuleFactory { // Get all the options from the configuration Map<String,String> cryptoOpts = conf.getAllPropertiesWithPrefix(Property.CRYPTO_PREFIX); cryptoOpts.putAll(conf.getAllPropertiesWithPrefix(Property.INSTANCE_PREFIX)); + cryptoOpts.remove(Property.INSTANCE_SECRET.getKey()); cryptoOpts.put(Property.CRYPTO_BLOCK_STREAM_SIZE.getKey(), Integer.toString((int) conf.getMemoryInBytes(Property.CRYPTO_BLOCK_STREAM_SIZE))); return fillParamsObjectFromStringMap(params, cryptoOpts); http://git-wip-us.apache.org/repos/asf/accumulo/blob/6138a80f/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java index ccbefb2..767bb3d 100644 --- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java +++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java @@ -40,6 +40,7 @@ import java.util.Set; import org.apache.accumulo.core.Constants; import org.apache.accumulo.core.conf.AccumuloConfiguration; import org.apache.accumulo.core.conf.ConfigurationCopy; +import org.apache.accumulo.core.conf.Property; import org.apache.accumulo.core.data.ArrayByteSequence; import org.apache.accumulo.core.data.ByteSequence; import org.apache.accumulo.core.data.Key; @@ -71,6 +72,8 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; +import com.google.common.primitives.Bytes; + public class RFileTest { private static final Collection<ByteSequence> EMPTY_COL_FAMS = new ArrayList<ByteSequence>(); @@ -1748,6 +1751,24 @@ public class RFileTest { } @Test + public void testCryptoDoesntLeakInstanceSecret() throws IOException { + conf = setAndGetAccumuloConfig(CryptoTest.CRYPTO_ON_CONF); + // test an empty file + + TestRFile trf = new TestRFile(conf); + + trf.openWriter(); + trf.closeWriter(); + + byte[] rfBytes = trf.baos.toByteArray(); + + // If we get here, we have encrypted bytes + byte[] toCheck = Property.INSTANCE_SECRET.getKey().getBytes(); + assertEquals(-1, Bytes.indexOf(rfBytes, toCheck)); + } + + + @Test public void testRootTabletEncryption() throws Exception { // This tests that the normal set of operations used to populate a root tablet
