Author: schultz
Date: Sat Jan 5 20:03:49 2019
New Revision: 1850506
URL: http://svn.apache.org/viewvc?rev=1850506&view=rev
Log:
Document that EncryptInterceptor must be upstream of TcpFailureDetector.
Check on channel-start that these interceptors are in the appropriate order.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
tomcat/trunk/webapps/docs/config/cluster-interceptor.xml
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java?rev=1850506&r1=1850505&r2=1850506&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
Sat Jan 5 20:03:49 2019
@@ -31,6 +31,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.apache.catalina.tribes.Channel;
import org.apache.catalina.tribes.ChannelException;
+import org.apache.catalina.tribes.ChannelInterceptor;
import org.apache.catalina.tribes.ChannelMessage;
import org.apache.catalina.tribes.Member;
import org.apache.catalina.tribes.group.ChannelInterceptorBase;
@@ -72,6 +73,8 @@ public class EncryptInterceptor extends
@Override
public void start(int svc) throws ChannelException {
+ validateChannelChain();
+
if(Channel.SND_TX_SEQ == (svc & Channel.SND_TX_SEQ)) {
try {
encryptionManager =
createEncryptionManager(getEncryptionAlgorithm(),
@@ -85,6 +88,16 @@ public class EncryptInterceptor extends
super.start(svc);
}
+ private void validateChannelChain() throws ChannelException {
+ ChannelInterceptor interceptor = getPrevious();
+ while(null != interceptor) {
+ if(interceptor instanceof TcpFailureDetector)
+ throw new
ChannelConfigException(sm.getString("encryptInterceptor.tcpFailureDetector.ordering"));
+
+ interceptor = interceptor.getPrevious();
+ }
+ }
+
@Override
public void stop(int svc) throws ChannelException {
if(Channel.SND_TX_SEQ == (svc & Channel.SND_TX_SEQ)) {
@@ -613,4 +626,14 @@ public class EncryptInterceptor extends
return null;
}
}
+
+ static class ChannelConfigException
+ extends ChannelException
+ {
+ private static final long serialVersionUID = 1L;
+
+ public ChannelConfigException(String message) {
+ super(message);
+ }
+ }
}
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties?rev=1850506&r1=1850505&r2=1850506&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
[UTF-8] (original)
+++
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
[UTF-8] Sat Jan 5 20:03:49 2019
@@ -23,6 +23,7 @@ encryptInterceptor.decrypt.failed=Failed
encryptInterceptor.encrypt.failed=Failed to encrypt message
encryptInterceptor.init.failed=Failed to initialize EncryptInterceptor
encryptInterceptor.key.required=Encryption key is required
+encryptInterceptor.tcpFailureDetector.ordering=EncryptInterceptor must be
upstream of TcpFailureDetector. Please re-order EncryptInterceptor to be listed
before TcpFailureDetector in your channel interceptor pipeline.
fragmentationInterceptor.fragments.missing=Fragments are missing.
fragmentationInterceptor.heartbeat.failed=Unable to perform heartbeat clean up
in the frag interceptor
Modified:
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java?rev=1850506&r1=1850505&r2=1850506&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
(original)
+++
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
Sat Jan 5 20:03:49 2019
@@ -224,7 +224,7 @@ public class TestEncryptInterceptor {
}
@Test
- @Ignore("ECB mode isn't because it's insecure")
+ @Ignore("ECB mode isn't implemented because it's insecure")
public void testECB() throws Exception {
src.setEncryptionAlgorithm("AES/ECB/PKCS5Padding");
src.start(Channel.SND_TX_SEQ);
@@ -429,6 +429,23 @@ public class TestEncryptInterceptor {
Assert.assertArrayEquals("Message is corrupted", message, bytes);
}
+ @Test
+ public void testTcpFailureDetectorDetection() {
+ src.setPrevious(new TcpFailureDetector());
+
+ try {
+ src.start(Channel.SND_TX_SEQ);
+ Assert.fail("EncryptInterceptor should detect TcpFailureDetector
and throw an error");
+ } catch (EncryptInterceptor.ChannelConfigException cce) {
+ // Expected behavior
+ } catch (AssertionError ae) {
+ // This is the junit assertion being thrown
+ throw ae;
+ } catch (Throwable t) {
+ Assert.fail("EncryptionInterceptor should throw
ChannelConfigException, not " + t.getClass().getName());
+ }
+ }
+
/**
* Interceptor that delivers directly to a destination.
*/
Modified: tomcat/trunk/webapps/docs/config/cluster-interceptor.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cluster-interceptor.xml?rev=1850506&r1=1850505&r2=1850506&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cluster-interceptor.xml (original)
+++ tomcat/trunk/webapps/docs/config/cluster-interceptor.xml Sat Jan 5
20:03:49 2019
@@ -202,6 +202,17 @@
The EncryptInterceptor adds encryption to the channel messages carrying
session data between nodes. Added in Tomcat 9.0.13.
</p>
+ <p>
+ If using the <code>TcpFailureDetector</code>, the
<code>EncryptInterceptor</code>
+ <i>must</i> be inserted into the interceptor chain <i>before</i> the
+ <code>TcpFailureDetector</code>. This is becuase when validating cluster
+ members, <code>TcpFailureDetector</code> writes channel data directly
+ to the other members without using the remainder of the interceptor chain,
+ but on the receiving side, the message still goes through the chain (in
reverse).
+ Because of this asymmetry, the <code>EncryptInterceptor</code> must
execute
+ <i>before</i> the <code>TcpFailureDetector</code> on the sender and
<i>after</i>
+ it on the receiver, otherwise message corruption will occur.
+ </p>
<attributes>
<attribute name="encryptionAlgorithm" required="false">
The encryption algorithm to be used, including the mode and padding.
Please see
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
