Author: schultz
Date: Sat Jan 5 20:52:28 2019
New Revision: 1850508
URL: http://svn.apache.org/viewvc?rev=1850508&view=rev
Log:
Back-port EncryptInterceptor from Tomcat 9.0.x/trunk.
Added:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
(contents, props changed)
- copied, changed from r1845157,
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptorMBean.java
(props changed)
- copied unchanged from r1845157,
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptorMBean.java
tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
(contents, props changed)
- copied, changed from r1845157,
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/cluster-interceptor.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Jan 5 20:52:28 2019
@@ -1,2 +1,2 @@
/tomcat/tc8.0.x/trunk:1809644
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767636,1767641-1767644,1767903,1767945-1767946,176
8123,1768283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771226,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,
1778061,1778138-1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787662,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,17885
43-1788544,1788548,1788550,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789685,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,17
93980,1794556,1794674,1794684,1794752,1794941-1794942,1795278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799498,1799514-1799515,1799677,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800980-1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038
,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804407,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804856,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808761,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811
122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815778,1815786,1815790,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1817997,1817999-1818001,1818004,1818127,1818179,1818184,1818438,1818711,1818919,1
818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820265,1820272,1820276,1820279,1820281,1820302,1820634,1820701,1820705,1820932,1820981,1820994,1821157,1821167,1821197-1821203,1821225,1821234-1821235,1821251-1821252,1821293,1821328,1821381,1821490,1821708,1821932,1822001,1822016,1822109,1822111,1822116,1822150,1822232,1822524,1822644,1822775,1822945-1822946,1823006-1823007,1823102,1823111,1823150,1823161,1823262,1823306,1823310,1823337,1823481,1823483,1823492,1823495,1823540,1823620,1824154,1824201,1824228,1824254,1824263,1824297,1824301,1824311,1824323,1824357,1824766,1824774,1824892,1824901,1824959,1825054,1825516,1825519,1825713,1825738,1825872,1825909,1825943,1825987,1826048,1826111,1826115,1826209,1826361,1826375,1826688,1826731,1826794,1826812,1826817,1826825,1826867,1826869,1826958,1826975,1826977,1826979,1826985-1826986,1827150,1827203-1827204,182722
3,1827297,1827299,1827363,1827368,1827396,1827408,1827428,1827479,1827491,1827498,1827860,1828016,1828223-1828239,1828253,1828262,1828545,1828551,1828565,1828946,1829082,1829084,1829086,1829276,1829355,1829364,1829366,1829830,1829879,1829915,1829924,1829934,1829990-1829991,1830013,1830051,1830068,1830087,1830325,1830336,1830341,1830367,1830373,1830378,1830549,1830669-1830670,1830764-1830765,1830772,1830802,1830861,1830864,1830989,1830999-1831001,1831251,1831256,1831262,1831333,1831338,1831341-1831342,1831389,1831410,1831439,1831483,1831486,1831556,1831568,1831573,1831691,1831718,1831726,1831763,1831828,1831985,1832017,1832124-1832125,1832127,1832129,1832160,1832163,1832193,1832262,1832455,1832518-1832519,1832525-1832526,1832545,1832554,1832572,1832592,1832596,1832602,1832619,1832665,1832692,1832696,1832704,1832707,1832744,1832843,1832856,1832882,1832925,1832965,1833001,1833016,1833062,1833071,1833737,1833757,1833768-1833770,1833794-1833800,1833825,1833831,1833906,1833915,1833918,183
3982,1833989,1833994,1834001,1834003,1834011,1834020,1834058,1834080,1834195,1834197-1834198,1834354,1834356,1834411,1834542,1834548,1834550,1834559,1834672,1834689,1834703,1834860,1834877,1835085,1835193-1835194,1835229,1835246,1835261,1835263-1835264,1835269-1835271,1835413,1835416,1835421,1835427,1835429,1835431,1835435,1835438,1835458,1835465,1835543,1835622,1835639,1835831,1835844,1836102,1836738,1836949,1837044,1837133,1837156,1837176,1837300,1837510-1837511,1837520,1837523,1837530,1837551,1837554,1837581,1837613,1837637,1837726,1837731,1837734-1837737,1837746,1837786-1837788,1837809-1837810,1837818,1837865,1837871-1837872,1837878,1837895,1838028,1838100,1838104,1838106-1838107,1838155,1838163,1838188,1838243,1838275,1838277,1838279,1838281,1838286,1838400,1838433,1838473,1838492,1838494,1838502,1838925,1838942,1839057,1839237,1839239,1839575,1839604,1839737,1839741,1839752,1839765,1839922,1839955,1839960,1839977,1839983-1839984,1840055,1840059,1840062,1840099,1840264,1840279,
1840535,1840634,1840641,1840653,1840655,1840681,1840706-1840707,1840709,1840712,1840737,1840747,1840759,1840763-1840764,1840812,1840817,1840922,1841069,1841347,1841445,1841746,1841757,1841893,1842203,1842656,1842658-1842659,1842691,1842702,1842706,1842725,1842809,1842816-1842817,1842878,1842950,1843048,1843142,1843314,1843404-1843405,1843428-1843429,1843474,1843536,1843542,1843601,1843630,1843657,1843900,1843991,1844065,1844161-1844162,1844493,1844496-1844497,1844502,1845099,1845210,1845249-1845250,1845338,1845462-1845463,1845465,1845469,1845472,1845489,1845495,1845519,1845573,1845770,1845799,1845893,1845903,1845923,1846236,1846430,1846545,1846551,1846716,1846750,1846753,1846900,1846928,1847015,1847022,1847028,1847097,1847102,1847104,1847472,1847474,1847853,1848046,1848071,1848195,1848240,1848320-1848322,1848330,1848347-1848348,1848415,1848419,1848670,1848675,1848682,1848709,1848795,1848868,1848935,1848959,1848966,1849281,1849310-1849311,1849316,1849473,1850127,1850400,1850403
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409
,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747
404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1
756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
3,1762123,1762168,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763748,1763786,1763798-1763799,1763810,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1766822,1766834,1766840,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767636,1767641-1767644,1767903,1767945-1767946,176
8123,1768283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,1769630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771226,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756,1773813-1773814,1774052,1774102,1774131,1774161,1774164,1774248,1774253,1774257,1774259,1774262,1774267,1774271,1774303,1774340,1774406,1774412,1774426,1774433,1774522-1774523,1774526,1774528-1774529,1774531,1774732-1774736,1774738-1774739,1774741-1774742,1774749,1774755,1774789,1774858,1774867,1775596,1775985-1775986,1776540,1776937,1776954,1777011,1777173,1777189,1777211,1777524,1777546,1777605,1777619,1777647,1777721-1777722,1777967,
1778061,1778138-1778139,1778141-1778150,1778154,1778275-1778276,1778295,1778342,1778348,1778404,1778424,1778426,1778575,1778582,1778600,1778603,1779312,1779370,1779545,1779612,1779622,1779641,1779654,1779708,1779718,1779897,1779899,1779932,1780109,1780120,1780189,1780196,1780488,1780514-1780516,1780601,1780606,1780609-1780610,1780652,1780991,1780995-1780996,1781174,1781569,1781975,1781986,1782116,1782383-1782384,1782566,1782572,1782775,1782779,1782814,1782857,1782868,1782934,1782946-1782947,1782956,1783144-1783147,1783155,1783408,1784182,1784565,1784583,1784657,1784669,1784712,1784723,1784751,1784767,1784806,1784818,1784911,1784926,1784956,1784963,1785032,1785037,1785245,1785271,1785310,1785317,1785643,1785667,1785762,1785774,1785823,1785935,1786051,1786070,1786123-1786124,1786127,1786129,1786341,1786378,1786844,1787200,1787250,1787405,1787662,1787701,1787703,1787938,1787959,1787973,1788223-1788224,1788228,1788232,1788241-1788242,1788248,1788323,1788328,1788455,1788460,1788473,17885
43-1788544,1788548,1788550,1788554,1788558,1788560,1788567,1788569,1788572,1788647,1788732,1788741,1788747,1788753,1788764,1788771,1788834,1788841,1788852,1788860,1788883,1788890,1789051,1789400,1789415,1789442-1789443,1789447,1789453,1789456,1789458,1789461-1789463,1789465-1789467,1789470,1789472,1789474,1789476,1789479-1789480,1789685,1789733,1789735,1789744-1789745,1789937,1789984,1790119,1790180,1790183,1790213,1790376,1790443,1790614,1790983,1790991,1791027-1791028,1791050,1791090,1791095-1791096,1791099,1791101-1791103,1791124,1791129,1791134,1791137,1791298,1791527,1791557,1791970,1792033,1792038,1792055,1792093,1792140,1792460,1792468,1792791,1792957,1793095,1793121,1793123,1793127,1793136,1793139,1793147-1793148,1793266,1793437,1793449,1793460,1793468,1793487,1793498,1793502,1793514,1793682-1793683,1793711-1793712,1793716,1793719,1793736,1793746,1793758,1793771,1793776,1793798,1793802,1793812,1793819,1793844,1793854,1793887,1793891,1793898,1793901-1793902,1793907,1793910,17
93980,1794556,1794674,1794684,1794752,1794941-1794942,1795278,1795289,1795298,1795305,1795813,1795893,1796090,1796275,1796693-1796695,1796729,1796806,1796836,1796873,1796878,1797197,1797338,1797344,1797354-1797355,1797516,1797528,1797532,1797536,1797540,1797543,1797677-1797678,1797692,1797694,1797748,1797828,1798126,1798238,1798280,1798371,1798379,1798384,1798390,1798395,1798419,1798505,1798507,1798509,1798533,1798546,1798561,1798977,1799115,1799126,1799164,1799190,1799194,1799216,1799231,1799250,1799253,1799285,1799368,1799412,1799498,1799514-1799515,1799677,1799701-1799702,1799704,1799709,1799885,1799893,1799895,1799916,1800136-1800138,1800202,1800309,1800390,1800617,1800629,1800791,1800816,1800850,1800864,1800867,1800874,1800885,1800980-1800981,1800984,1800988,1800992,1801195,1801686,1801688,1801709,1801717,1801774,1801778,1802083,1802195,1802204-1802205,1802210,1802225-1802226,1802229,1802403,1802475,1802490,1802788,1802796,1802803,1802820,1802828,1802833,1802836,1803030,1803038
,1803055,1803135,1803165,1803174,1803193,1803205,1803224,1803278,1803281,1803295,1803297,1803446,1803451,1803456,1803459,1803616,1803636,1803828,1803901,1803972,1804040,1804094,1804306,1804407,1804461-1804463,1804501,1804506-1804507,1804754,1804813,1804856,1804888,1804890,1804903-1804908,1804915,1804917,1805523-1805530,1805550,1805612-1805613,1805637,1805645,1805652,1805726,1805752,1805782,1805826,1806307,1806356,1806445,1806736,1806794,1806798,1806801,1806807,1806873,1806966,1806973,1807004,1807093,1807135,1807205-1807206,1807237,1807242,1807251,1807282,1807455,1807686,1807698,1807713,1807715,1807729,1807742,1807747,1807751,1807755,1808116,1808156,1808266,1808433,1808438-1808439,1808466,1808481-1808482,1808695,1808701,1808761,1808766,1809011,1809025,1809141,1809143-1809144,1809146,1809158,1809212,1809214,1809239,1809248,1809263,1809265,1809317,1809434,1809669,1809671,1809674,1809684,1809711,1809828,1809830,1809908-1809909,1809922,1810106,1810110,1810280,1810300,1811031,1811119,1811
122,1811132,1811137,1811139,1811174,1811176,1811198-1811201,1811203-1811206,1811220,1811235,1811246,1811327-1811329,1811350,1811560,1811704,1811837-1811839,1811861,1811932,1812087-1812088,1812092,1812094,1812103,1812107,1812113,1812129,1812134-1812136,1812184,1812315,1812401,1812489,1812513,1812617,1813919,1814192,1814195,1814567,1814825,1814973,1814980,1815066,1815069,1815208,1815215,1815318-1815319,1815325,1815385,1815429,1815441-1815442,1815451,1815459,1815465,1815505,1815615,1815778,1815786,1815790,1815793,1815800,1815802,1815806,1815826,1815829,1815834,1815840,1815903,1815944,1815954,1816076,1816078,1816083,1816087,1816120,1816128,1816140,1816147,1816157,1816338,1816431,1816443,1816538,1816541,1816545,1816549-1816550,1816563,1816570,1816647,1816695-1816704,1816716,1816780,1816887,1817089,1817092,1817096,1817104,1817126,1817136-1817137,1817196,1817223,1817298,1817305,1817495,1817517,1817520,1817965,1817997,1817999-1818001,1818004,1818127,1818179,1818184,1818438,1818711,1818919,1
818976,1819054,1819057,1819061,1819063,1819068,1819070-1819071,1819074,1819077,1819148,1819903,1820003,1820005,1820138,1820153,1820194,1820196-1820197,1820202,1820206,1820222,1820265,1820272,1820276,1820279,1820281,1820302,1820634,1820701,1820705,1820932,1820981,1820994,1821157,1821167,1821197-1821203,1821225,1821234-1821235,1821251-1821252,1821293,1821328,1821381,1821490,1821708,1821932,1822001,1822016,1822109,1822111,1822116,1822150,1822232,1822524,1822644,1822775,1822945-1822946,1823006-1823007,1823102,1823111,1823150,1823161,1823262,1823306,1823310,1823337,1823481,1823483,1823492,1823495,1823540,1823620,1824154,1824201,1824228,1824254,1824263,1824297,1824301,1824311,1824323,1824357,1824766,1824774,1824892,1824901,1824959,1825054,1825516,1825519,1825713,1825738,1825872,1825909,1825943,1825987,1826048,1826111,1826115,1826209,1826361,1826375,1826688,1826731,1826794,1826812,1826817,1826825,1826867,1826869,1826958,1826975,1826977,1826979,1826985-1826986,1827150,1827203-1827204,182722
3,1827297,1827299,1827363,1827368,1827396,1827408,1827428,1827479,1827491,1827498,1827860,1828016,1828223-1828239,1828253,1828262,1828545,1828551,1828565,1828946,1829082,1829084,1829086,1829276,1829355,1829364,1829366,1829830,1829879,1829915,1829924,1829934,1829990-1829991,1830013,1830051,1830068,1830087,1830325,1830336,1830341,1830367,1830373,1830378,1830549,1830669-1830670,1830764-1830765,1830772,1830802,1830861,1830864,1830989,1830999-1831001,1831251,1831256,1831262,1831333,1831338,1831341-1831342,1831389,1831410,1831439,1831483,1831486,1831556,1831568,1831573,1831691,1831718,1831726,1831763,1831828,1831985,1832017,1832124-1832125,1832127,1832129,1832160,1832163,1832193,1832262,1832455,1832518-1832519,1832525-1832526,1832545,1832554,1832572,1832592,1832596,1832602,1832619,1832665,1832692,1832696,1832704,1832707,1832744,1832843,1832856,1832882,1832925,1832965,1833001,1833016,1833062,1833071,1833737,1833757,1833768-1833770,1833794-1833800,1833825,1833831,1833906,1833915,1833918,183
3982,1833989,1833994,1834001,1834003,1834011,1834020,1834058,1834080,1834195,1834197-1834198,1834354,1834356,1834411,1834542,1834548,1834550,1834559,1834672,1834689,1834703,1834860,1834877,1835085,1835193-1835194,1835229,1835246,1835261,1835263-1835264,1835269-1835271,1835413,1835416,1835421,1835427,1835429,1835431,1835435,1835438,1835458,1835465,1835543,1835622,1835639,1835831,1835844,1836102,1836738,1836949,1837044,1837133,1837156,1837176,1837300,1837510-1837511,1837520,1837523,1837530,1837551,1837554,1837581,1837613,1837637,1837726,1837731,1837734-1837737,1837746,1837786-1837788,1837809-1837810,1837818,1837865,1837871-1837872,1837878,1837895,1838028,1838100,1838104,1838106-1838107,1838155,1838163,1838188,1838243,1838275,1838277,1838279,1838281,1838286,1838400,1838433,1838473,1838492,1838494,1838502,1838925,1838942,1839057,1839237,1839239,1839575,1839604,1839737,1839741,1839752,1839765,1839922,1839955,1839960,1839977,1839983-1839984,1840055,1840059,1840062,1840099,1840264,1840279,
1840535,1840634,1840641,1840653,1840655,1840681,1840706-1840707,1840709,1840712,1840737,1840747,1840759,1840763-1840764,1840812,1840817,1840922,1841069,1841347,1841445,1841746,1841757,1841893,1842203,1842656,1842658-1842659,1842691,1842702,1842706,1842725,1842809,1842816-1842817,1842878,1842950,1843048,1843142,1843314,1843404-1843405,1843428-1843429,1843474,1843536,1843542,1843601,1843630,1843657,1843900,1843991,1844065,1844161-1844162,1844493,1844496-1844497,1844502,1845099,1845157-1845163,1845203,1845205,1845210,1845249-1845250,1845257,1845338,1845462-1845463,1845465,1845469,1845472,1845489,1845495,1845519,1845573,1845770,1845799,1845893,1845903,1845923,1846058,1846236,1846430,1846545,1846551,1846716,1846750,1846753,1846900,1846928,1847015,1847022,1847028,1847041,1847097,1847102,1847104,1847107,1847118,1847123,1847144,1847153,1847318,1847320,1847323,1847326,1847412,1847414-1847417,1847472,1847474,1847504,1847853-1847854,1848046,1848071,1848195,1848240,1848320-1848322,1848330,18483
47-1848348,1848415,1848419,1848670,1848675,1848682,1848709,1848795,1848868,1848935,1848959,1848966,1849281,1849310-1849311,1849316,1849473,1850127,1850400,1850403,1850506
Copied:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
(from r1845157,
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java)
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java?p2=tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java&p1=tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java&r1=1845157&r2=1850508&rev=1850508&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
Sat Jan 5 20:52:28 2019
@@ -17,16 +17,21 @@
package org.apache.catalina.tribes.group.interceptors;
import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.concurrent.ConcurrentLinkedQueue;
-import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.catalina.tribes.Channel;
import org.apache.catalina.tribes.ChannelException;
+import org.apache.catalina.tribes.ChannelInterceptor;
import org.apache.catalina.tribes.ChannelMessage;
import org.apache.catalina.tribes.Member;
import org.apache.catalina.tribes.group.ChannelInterceptorBase;
@@ -35,7 +40,7 @@ import org.apache.catalina.tribes.io.XBy
import org.apache.catalina.tribes.util.StringManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.buf.HexUtils;
+
/**
* Adds encryption using a pre-shared key.
@@ -58,20 +63,24 @@ public class EncryptInterceptor extends
private String providerName;
private String encryptionAlgorithm = DEFAULT_ENCRYPTION_ALGORITHM;
private byte[] encryptionKeyBytes;
+ private String encryptionKeyString;
+
- private Cipher encryptionCipher;
- private Cipher decryptionCipher;
+ private BaseEncryptionManager encryptionManager;
public EncryptInterceptor() {
}
@Override
public void start(int svc) throws ChannelException {
+ validateChannelChain();
+
if(Channel.SND_TX_SEQ == (svc & Channel.SND_TX_SEQ)) {
try {
- initCiphers();
+ encryptionManager =
createEncryptionManager(getEncryptionAlgorithm(),
+ getEncryptionKeyInternal(),
+ getProviderName());
} catch (GeneralSecurityException gse) {
- log.fatal(sm.getString("encryptInterceptor.init.failed"));
throw new
ChannelException(sm.getString("encryptInterceptor.init.failed"), gse);
}
}
@@ -79,6 +88,25 @@ public class EncryptInterceptor extends
super.start(svc);
}
+ private void validateChannelChain() throws ChannelException {
+ ChannelInterceptor interceptor = getPrevious();
+ while(null != interceptor) {
+ if(interceptor instanceof TcpFailureDetector)
+ throw new
ChannelConfigException(sm.getString("encryptInterceptor.tcpFailureDetector.ordering"));
+
+ interceptor = interceptor.getPrevious();
+ }
+ }
+
+ @Override
+ public void stop(int svc) throws ChannelException {
+ if(Channel.SND_TX_SEQ == (svc & Channel.SND_TX_SEQ)) {
+ encryptionManager.shutdown();
+ }
+
+ super.stop(svc);
+ }
+
@Override
public void sendMessage(Member[] destination, ChannelMessage msg,
InterceptorPayload payload)
throws ChannelException {
@@ -86,23 +114,20 @@ public class EncryptInterceptor extends
byte[] data = msg.getMessage().getBytes();
// See #encrypt(byte[]) for an explanation of the return value
- byte[][] bytes = encrypt(data);
+ byte[][] bytes = encryptionManager.encrypt(data);
XByteBuffer xbb = msg.getMessage();
// Completely replace the message
- xbb.setLength(0);
+ xbb.clear();
xbb.append(bytes[0], 0, bytes[0].length);
xbb.append(bytes[1], 0, bytes[1].length);
super.sendMessage(destination, msg, payload);
- } catch (IllegalBlockSizeException ibse) {
- log.error(sm.getString("encryptInterceptor.encrypt.failed"));
- throw new ChannelException(ibse);
- } catch (BadPaddingException bpe) {
+ } catch (GeneralSecurityException gse) {
log.error(sm.getString("encryptInterceptor.encrypt.failed"));
- throw new ChannelException(bpe);
+ throw new ChannelException(gse);
}
}
@@ -111,40 +136,32 @@ public class EncryptInterceptor extends
try {
byte[] data = msg.getMessage().getBytes();
- data = decrypt(data);
-
- // Remove the decrypted IV/nonce block from the front of the
message
- int blockSize = getDecryptionCipher().getBlockSize();
- int trimmedSize = data.length - blockSize;
- if(trimmedSize < 0) {
-
log.error(sm.getString("encryptInterceptor.decrypt.error.short-message"));
- throw new
IllegalStateException(sm.getString("encryptInterceptor.decrypt.error.short-message"));
- }
+ data = encryptionManager.decrypt(data);
XByteBuffer xbb = msg.getMessage();
// Completely replace the message with the decrypted one
- xbb.setLength(0);
- xbb.append(data, blockSize, data.length - blockSize);
+ xbb.clear();
+ xbb.append(data, 0, data.length);
super.messageReceived(msg);
- } catch (IllegalBlockSizeException ibse) {
- log.error(sm.getString("encryptInterceptor.decrypt.failed"), ibse);
- } catch (BadPaddingException bpe) {
- log.error(sm.getString("encryptInterceptor.decrypt.failed"), bpe);
+ } catch (GeneralSecurityException gse) {
+ log.error(sm.getString("encryptInterceptor.decrypt.failed"), gse);
}
}
/**
* Sets the encryption algorithm to be used for encrypting and decrypting
* channel messages. You must specify the
<code>algorithm/mode/padding</code>.
- * Information on what standard algorithm names are, please see
- * {@link
https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html}.
+ * Information on standard algorithm names may be found in the
+ * <a
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html";>Java
+ * documentation</a>.
*
* Default is <code>AES/CBC/PKCS5Padding</code>.
*
* @param algorithm The algorithm to use.
*/
+ @Override
public void setEncryptionAlgorithm(String algorithm) {
if(null == getEncryptionAlgorithm())
throw new
IllegalStateException(sm.getString("encryptInterceptor.algorithm.required"));
@@ -165,6 +182,7 @@ public class EncryptInterceptor extends
*
* @return The algorithm being used, including the algorithm mode and
padding.
*/
+ @Override
public String getEncryptionAlgorithm() {
return encryptionAlgorithm;
}
@@ -175,11 +193,13 @@ public class EncryptInterceptor extends
*
* @param key The encryption key.
*/
+ @Override
public void setEncryptionKey(byte[] key) {
- if(null == key)
- key = null;
- else
+ if (null == key) {
+ encryptionKeyBytes = null;
+ } else {
encryptionKeyBytes = key.clone();
+ }
}
/**
@@ -188,13 +208,15 @@ public class EncryptInterceptor extends
* will be shown as "ab". The length of the string in characters will
* be twice the length of the key in bytes.
*
- * @return The encryption key.
+ * @param keyBytes The encryption key.
*/
public void setEncryptionKey(String keyBytes) {
- if(null == keyBytes)
+ this.encryptionKeyString = keyBytes;
+ if (null == keyBytes) {
setEncryptionKey((byte[])null);
- else
- setEncryptionKey(HexUtils.fromHexString(keyBytes.trim()));
+ } else {
+ setEncryptionKey(fromHexString(keyBytes.trim()));
+ }
}
/**
@@ -202,6 +224,7 @@ public class EncryptInterceptor extends
*
* @return The encryption key.
*/
+ @Override
public byte[] getEncryptionKey() {
byte[] key = getEncryptionKeyInternal();
@@ -215,6 +238,14 @@ public class EncryptInterceptor extends
return encryptionKeyBytes;
}
+ public String getEncryptionKeyString() {
+ return encryptionKeyString;
+ }
+
+ public void setEncryptionKeyString(String encryptionKeyString) {
+ setEncryptionKey(encryptionKeyString);
+ }
+
/**
* Sets the JCA provider name used for cryptographic activities.
*
@@ -222,6 +253,7 @@ public class EncryptInterceptor extends
*
* @param provider The name of the JCA provider.
*/
+ @Override
public void setProviderName(String provider) {
providerName = provider;
}
@@ -233,124 +265,375 @@ public class EncryptInterceptor extends
*
* @return The name of the JCA provider.
*/
+ @Override
public String getProviderName() {
return providerName;
}
- private void initCiphers() throws GeneralSecurityException {
- if(null == getEncryptionKey())
- throw new
IllegalStateException(sm.getString("encryptInterceptor.key.required"));
+ // Copied from org.apache.tomcat.util.buf.HexUtils
- String algorithm = getEncryptionAlgorithm();
+ private static final int[] DEC = {
+ 00, 01, 02, 03, 04, 05, 06, 07, 8, 9, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15,
+ };
- String mode = getAlgorithmMode(algorithm);
- if(!"CBC".equalsIgnoreCase(mode))
- throw new
IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.requires-cbc-mode",
mode));
+ private static int getDec(int index) {
+ // Fast for correct values, slower for incorrect ones
+ try {
+ return DEC[index - '0'];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return -1;
+ }
+ }
- Cipher cipher;
- String providerName = getProviderName();
- if(null == providerName) {
- cipher = Cipher.getInstance(algorithm);
- } else {
- cipher = Cipher.getInstance(algorithm, getProviderName());
+ private static byte[] fromHexString(String input) {
+ if (input == null) {
+ return null;
}
- byte[] iv = new byte[cipher.getBlockSize()];
+ if ((input.length() & 1) == 1) {
+ // Odd number of characters
+ throw new
IllegalArgumentException(sm.getString("hexUtils.fromHex.oddDigits"));
+ }
- // Always use a random IV For cipher setup.
- // The recipient doesn't need the (matching) IV because we will always
- // pre-pad messages with the IV as a nonce.
- new SecureRandom().nextBytes(iv);
+ char[] inputChars = input.toCharArray();
+ byte[] result = new byte[input.length() >> 1];
+ for (int i = 0; i < result.length; i++) {
+ int upperNibble = getDec(inputChars[2*i]);
+ int lowerNibble = getDec(inputChars[2*i + 1]);
+ if (upperNibble < 0 || lowerNibble < 0) {
+ // Non hex character
+ throw new
IllegalArgumentException(sm.getString("hexUtils.fromHex.nonHex"));
+ }
+ result[i] = (byte) ((upperNibble << 4) + lowerNibble);
+ }
+ return result;
+ }
- IvParameterSpec IV = new IvParameterSpec(iv);
+ private static BaseEncryptionManager createEncryptionManager(String
algorithm,
+ byte[] encryptionKey, String providerName)
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
NoSuchProviderException {
+ if(null == encryptionKey)
+ throw new
IllegalStateException(sm.getString("encryptInterceptor.key.required"));
+
+ String algorithmName;
+ String algorithmMode;
- // If this is a cipher transform of the form ALGO/MODE/PAD,
+ // We need to break-apart the algorithm name e.g. AES/CBC/PKCS5Padding
// take just the algorithm part.
int pos = algorithm.indexOf('/');
- String bareAlgorithm;
if(pos >= 0) {
- bareAlgorithm = algorithm.substring(0, pos);
+ algorithmName = algorithm.substring(0, pos);
+ int pos2 = algorithm.indexOf('/', pos+1);
+
+ if(pos2 >= 0) {
+ algorithmMode = algorithm.substring(pos + 1, pos2);
+ } else {
+ algorithmMode = "CBC";
+ }
} else {
- bareAlgorithm = algorithm;
+ algorithmName = algorithm;
+ algorithmMode = "CBC";
}
- SecretKeySpec encryptionKey = new SecretKeySpec(getEncryptionKey(),
bareAlgorithm);
+ if("GCM".equalsIgnoreCase(algorithmMode))
+ return new GCMEncryptionManager(algorithm, new
SecretKeySpec(encryptionKey, algorithmName), providerName);
+ else if("CBC".equalsIgnoreCase(algorithmMode)
+ || "OFB".equalsIgnoreCase(algorithmMode)
+ || "CFB".equalsIgnoreCase(algorithmMode))
+ return new BaseEncryptionManager(algorithm,
+ new SecretKeySpec(encryptionKey, algorithmName),
+ providerName);
+// else if("ECB".equalsIgnoreCase(algorithmMode)) {
+ // Note: ECB is not an appropriate mode for secure communications.
+// return new ECBEncryptionManager(algorithm, new
SecretKeySpec(encryptionKey, algorithmName), providerName);
+ else
+ throw new
IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.unsupported-mode",
algorithmMode));
+ }
- cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, IV);
+ private static class BaseEncryptionManager {
+ /**
+ * The fully-specified algorithm e.g. AES/CBC/PKCS5Padding.
+ */
+ private final String algorithm;
+
+ /**
+ * The block size of the cipher.
+ */
+ private final int blockSize;
+
+ /**
+ * The cryptographic provider name.
+ */
+ private final String providerName;
+
+ /**
+ * The secret key to use for encryption and decryption operations.
+ */
+ private final SecretKeySpec secretKey;
+
+ /**
+ * A pool of Cipher objects. Ciphers are expensive to create, but not
+ * to re-initialize, so we use a pool of them which grows as necessary.
+ */
+ private final ConcurrentLinkedQueue<Cipher> cipherPool;
+
+ /**
+ * A pool of SecureRandom objects. Each encrypt operation requires
access
+ * to a source of randomness. SecureRandom is thread-safe, but sharing
a
+ * single instance will likely be a bottleneck.
+ */
+ private final ConcurrentLinkedQueue<SecureRandom> randomPool;
+
+ public BaseEncryptionManager(String algorithm, SecretKeySpec
secretKey, String providerName)
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
NoSuchProviderException {
+ this.algorithm = algorithm;
+ this.providerName = providerName;
+ this.secretKey = secretKey;
+
+ cipherPool = new ConcurrentLinkedQueue<>();
+ Cipher cipher = createCipher();
+ blockSize = cipher.getBlockSize();
+ cipherPool.offer(cipher);
+ randomPool = new ConcurrentLinkedQueue<>();
+ }
- encryptionCipher = cipher;
+ public void shutdown() {
+ // Individual Cipher and SecureRandom objects need no explicit
teardown
+ cipherPool.clear();
+ randomPool.clear();
+ }
- if(null == providerName) {
- cipher = Cipher.getInstance(algorithm);
- } else {
- cipher = Cipher.getInstance(algorithm, getProviderName());
+ private String getAlgorithm() {
+ return algorithm;
}
- cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new
IvParameterSpec(iv));
+ private SecretKeySpec getSecretKey() {
+ return secretKey;
+ }
- decryptionCipher = cipher;
- }
+ /**
+ * Gets the size, in bytes, of the initialization vector for the
+ * cipher being used. The IV size is often, but not always, the block
+ * size for the cipher.
+ *
+ * @return The size of the initialization vector for this algorithm.
+ */
+ protected int getIVSize() {
+ return blockSize;
+ }
- private Cipher getEncryptionCipher() {
- return encryptionCipher;
- }
+ private String getProviderName() {
+ return providerName;
+ }
- private Cipher getDecryptionCipher() {
- return decryptionCipher;
- }
+ private Cipher createCipher()
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
NoSuchProviderException {
+ String providerName = getProviderName();
+
+ if(null == providerName) {
+ return Cipher.getInstance(getAlgorithm());
+ } else {
+ return Cipher.getInstance(getAlgorithm(), providerName);
+ }
+ }
- private static String getAlgorithmMode(String algorithm) {
- int start = algorithm.indexOf('/');
- if(start < 0)
- throw new
IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
- int end = algorithm.indexOf('/', start + 1);
- if(start < 0)
- throw new
IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
+ private Cipher getCipher() throws GeneralSecurityException {
+ Cipher cipher = cipherPool.poll();
+
+ if(null == cipher) {
+ cipher = createCipher();
+ }
+
+ return cipher;
+ }
+
+ private void returnCipher(Cipher cipher) {
+ cipherPool.offer(cipher);
+ }
+
+ private SecureRandom getRandom() {
+ SecureRandom random = randomPool.poll();
+
+ if(null == random) {
+ random = new SecureRandom();
+ }
+
+ return random;
+ }
+
+ private void returnRandom(SecureRandom random) {
+ randomPool.offer(random);
+ }
+
+ /**
+ * Encrypts the input <code>bytes</code> into two separate byte arrays:
+ * one for the random initialization vector (IV) used for this message,
+ * and the second one containing the actual encrypted payload.
+ *
+ * This method returns a pair of byte arrays instead of a single
+ * concatenated one to reduce the number of byte buffers created
+ * and copied during the whole operation -- including message
re-building.
+ *
+ * @param bytes The data to encrypt.
+ *
+ * @return The IV in [0] and the encrypted data in [1].
+ *
+ * @throws GeneralSecurityException If the input data cannot be
encrypted.
+ */
+ private byte[][] encrypt(byte[] bytes) throws GeneralSecurityException
{
+ Cipher cipher = null;
+
+ // Always use a random IV For cipher setup.
+ // The recipient doesn't need the (matching) IV because we will
always
+ // pre-pad messages with the IV as a nonce.
+ byte[] iv = generateIVBytes();
+
+ try {
+ cipher = getCipher();
+ cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(),
generateIV(iv, 0, getIVSize()));
+
+ // Prepend the IV to the beginning of the encrypted data
+ byte[][] data = new byte[2][];
+ data[0] = iv;
+ data[1] = cipher.doFinal(bytes);
+
+ return data;
+ } finally {
+ if(null != cipher)
+ returnCipher(cipher);
+ }
+ }
+
+ /**
+ * Decrypts the input <code>bytes</code>.
+ *
+ * @param bytes The data to decrypt.
+ *
+ * @return The decrypted data.
+ *
+ * @throws GeneralSecurityException If the input data cannot be
decrypted.
+ */
+ private byte[] decrypt(byte[] bytes) throws GeneralSecurityException {
+ Cipher cipher = null;
+
+ int ivSize = getIVSize();
+ AlgorithmParameterSpec IV = generateIV(bytes, 0, ivSize);
+
+ try {
+ cipher = getCipher();
+
+ cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), IV);
+
+ // Decrypt remainder of the message.
+ return cipher.doFinal(bytes, ivSize, bytes.length - ivSize);
+ } finally {
+ if(null != cipher)
+ returnCipher(cipher);
+ }
+ }
+
+ protected byte[] generateIVBytes() {
+ byte[] ivBytes = new byte[getIVSize()];
- return algorithm.substring(start + 1, end);
+ SecureRandom random = null;
+
+ try {
+ random = getRandom();
+
+ // Always use a random IV For cipher setup.
+ // The recipient doesn't need the (matching) IV because we
will always
+ // pre-pad messages with the IV as a nonce.
+ random.nextBytes(ivBytes);
+
+ return ivBytes;
+ } finally {
+ if(null != random)
+ returnRandom(random);
+ }
+ }
+
+ protected AlgorithmParameterSpec generateIV(byte[] ivBytes, int
offset, int length) {
+ return new IvParameterSpec(ivBytes, offset, length);
+ }
}
/**
- * Encrypts the input <code>bytes</code> into two separate byte arrays:
- * one for the initial block (which will be the encrypted random IV)
- * and the second one containing the actual encrypted payload.
- *
- * This method returns a pair of byte arrays instead of a single
- * concatenated one to reduce the number of byte buffers created
- * and copied during the whole operation -- including message re-building.
+ * Implements an EncryptionManager for using GCM block cipher modes.
*
- * @param bytes The data to encrypt.
- *
- * @return The encrypted IV block in [0] and the encrypted data in [1].
- *
- * @throws GeneralSecurityException If there is a problem performing the
encryption.
+ * GCM works a little differently than some of the other block cipher modes
+ * supported by EncryptInterceptor. First of all, it requires a different
+ * kind of AlgorithmParameterSpec object to be used, and second, it
+ * requires a slightly different initialization vector and something called
+ * an "authentication tag".
+ *
+ * The choice of IV length can be somewhat arbitrary, but there is
consensus
+ * that 96-bit (12-byte) IVs for GCM are the best trade-off between
security
+ * and performance. For other block cipher modes, IV length is the same as
+ * the block size.
+ *
+ * The "authentication tag" is a computed authentication value based upon
+ * the message and the encryption process. GCM defines these tags as the
+ * number of bits to use for the authentication tag, and it's clear that
+ * the highest number of bits supported 128-bit provide the best security.
*/
- private byte[][] encrypt(byte[] bytes) throws IllegalBlockSizeException,
BadPaddingException {
- Cipher cipher = getEncryptionCipher();
+ private static class GCMEncryptionManager extends BaseEncryptionManager
+ {
+ public GCMEncryptionManager(String algorithm, SecretKeySpec secretKey,
String providerName)
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
NoSuchProviderException {
+ super(algorithm, secretKey, providerName);
+ }
- // Adding the IV to the beginning of the encrypted data
- byte[] iv = cipher.getIV();
+ @Override
+ protected int getIVSize() {
+ return 12; // See class javadoc for explanation of this magic
number (12)
+ }
- byte[][] data = new byte[2][];
- data[0] = cipher.update(iv, 0, iv.length);
- data[1] = cipher.doFinal(bytes);
+ @Override
+ protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset,
int length) {
+ // See class javadoc for explanation of this magic number (128)
+ return new GCMParameterSpec(128, bytes, offset, length);
+ }
+ }
- return data;
+ @SuppressWarnings("unused")
+ private static class ECBEncryptionManager extends BaseEncryptionManager
+ {
+ public ECBEncryptionManager(String algorithm, SecretKeySpec secretKey,
String providerName)
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
NoSuchProviderException {
+ super(algorithm, secretKey, providerName);
+ }
+
+ private static final byte[] EMPTY_IV = new byte[0];
+
+ @Override
+ protected int getIVSize() {
+ return 0;
+ }
+
+ @Override
+ protected byte[] generateIVBytes() {
+ return EMPTY_IV;
+ }
+
+ @Override
+ protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset,
int length) {
+ return null;
+ }
}
- /**
- * Decrypts the input <code>bytes</code>.
- *
- * @param bytes The data to decrypt.
- *
- * @return The decrypted data.
- *
- * @throws GeneralSecurityException If there is a problem performing the
decryption.
- */
- private byte[] decrypt(byte[] bytes) throws IllegalBlockSizeException,
BadPaddingException {
- return getDecryptionCipher().doFinal(bytes);
+ static class ChannelConfigException
+ extends ChannelException
+ {
+ private static final long serialVersionUID = 1L;
+
+ public ChannelConfigException(String message) {
+ super(message);
+ }
}
}
Propchange:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptorMBean.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties?rev=1850508&r1=1850507&r2=1850508&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
(original)
+++
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
Sat Jan 5 20:52:28 2019
@@ -15,6 +15,14 @@
domainFilterInterceptor.message.refused=Received message from cluster[{0}] was
refused.
domainFilterInterceptor.member.refused=Member was refused to join cluster[{0}]
+encryptInterceptor.algorithm.required=Encryption algorithm is required,
fully-specified e.g. AES/CBC/PKCS5Padding
+encryptInterceptor.algorithm.unsupported-mode=EncryptInterceptor does not
support block cipher mode [{0}]
+encryptInterceptor.decrypt.error.short-message=Failed to decrypt message:
premature end-of-message
+encryptInterceptor.decrypt.failed=Failed to decrypt message
+encryptInterceptor.encrypt.failed=Failed to encrypt message
+encryptInterceptor.init.failed=Failed to initialize EncryptInterceptor
+encryptInterceptor.key.required=Encryption key is required
+encryptInterceptor.tcpFailureDetector.ordering=EncryptInterceptor must be
upstream of TcpFailureDetector. Please re-order EncryptInterceptor to be listed
before TcpFailureDetector in your channel interceptor pipeline.
fragmentationInterceptor.heartbeat.failed=Unable to perform heartbeat clean up
in the frag interceptor
fragmentationInterceptor.fragments.missing=Fragments are missing.
gzipInterceptor.compress.failed=Unable to compress byte contents
@@ -60,4 +68,4 @@ throughputInterceptor.report=ThroughputI
\n\tRx Speed:{8} MB/sec (since 1st msg)\
\n\tReceived:{9} MB]\n
twoPhaseCommitInterceptor.originalMessage.missing=Received a confirmation, but
original message is missing. Id:[{0}]
-twoPhaseCommitInterceptor.heartbeat.failed=Unable to perform heartbeat on the
TwoPhaseCommit interceptor.
\ No newline at end of file
+twoPhaseCommitInterceptor.heartbeat.failed=Unable to perform heartbeat on the
TwoPhaseCommit interceptor.
Copied:
tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
(from r1845157,
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java)
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java?p2=tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java&p1=tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java&r1=1845157&r2=1850508&rev=1850508&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
(original)
+++
tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
Sat Jan 5 20:52:28 2019
@@ -1,8 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.catalina.tribes.group.interceptors;
-import static org.junit.Assert.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.hamcrest.core.IsEqual;
+import org.hamcrest.core.IsNot;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.FixMethodOrder;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
-import java.nio.charset.StandardCharsets;
import org.apache.catalina.tribes.Channel;
import org.apache.catalina.tribes.ChannelException;
import org.apache.catalina.tribes.ChannelInterceptor;
@@ -12,9 +42,6 @@ import org.apache.catalina.tribes.group.
import org.apache.catalina.tribes.group.InterceptorPayload;
import org.apache.catalina.tribes.io.ChannelData;
import org.apache.catalina.tribes.io.XByteBuffer;
-import org.apache.tomcat.util.buf.HexUtils;
-import org.junit.Before;
-import org.junit.Test;
/**
* Tests the EncryptInterceptor.
@@ -23,14 +50,26 @@ import org.junit.Test;
* though the interceptor actually operates on byte arrays. This is done
* for readability for the tests and their outputs.
*/
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class TestEncryptInterceptor {
- private static final String encryptionKey128 =
HexUtils.toHexString("cafebabedeadbeef".getBytes(StandardCharsets.UTF_8));
- private static final String encryptionKey192 =
HexUtils.toHexString("cafebabedeadbeefbeefcafe".getBytes(StandardCharsets.UTF_8));
- private static final String encryptionKey256 =
HexUtils.toHexString("cafebabedeadbeefcafebabedeadbeef".getBytes(StandardCharsets.UTF_8));
+ private static final String MESSAGE_FILE = "message.bin";
+
+ private static final String encryptionKey128 =
"cafebabedeadbeefbeefcafecafebabe";
+ private static final String encryptionKey192 =
"cafebabedeadbeefbeefcafecafebabedeadbeefbeefcafe";
+ private static final String encryptionKey256 =
"cafebabedeadbeefcafebabedeadbeefcafebabedeadbeefcafebabedeadbeef";
EncryptInterceptor src;
EncryptInterceptor dest;
+
+ @AfterClass
+ public static void cleanup() {
+ File f = new File(MESSAGE_FILE);
+ if (f.isFile()) {
+ Assert.assertTrue(f.delete());
+ }
+ }
+
@Before
public void setup() {
src = new EncryptInterceptor();
@@ -50,9 +89,37 @@ public class TestEncryptInterceptor {
String testInput = "The quick brown fox jumps over the lazy dog.";
- assertEquals("Basic roundtrip failed",
+ Assert.assertEquals("Basic roundtrip failed",
+ testInput,
+ roundTrip(testInput, src, dest));
+ }
+
+ @Test
+ public void testMultipleMessages() throws Exception {
+ src.start(Channel.SND_TX_SEQ);
+ dest.start(Channel.SND_TX_SEQ);
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ Assert.assertEquals("Basic roundtrip failed",
testInput,
roundTrip(testInput, src, dest));
+
+ Assert.assertEquals("Second roundtrip failed",
+ testInput,
+ roundTrip(testInput, src, dest));
+
+ Assert.assertEquals("Third roundtrip failed",
+ testInput,
+ roundTrip(testInput, src, dest));
+
+ Assert.assertEquals("Fourth roundtrip failed",
+ testInput,
+ roundTrip(testInput, src, dest));
+
+ Assert.assertEquals("Fifth roundtrip failed",
+ testInput,
+ roundTrip(testInput, src, dest));
}
@Test
@@ -62,19 +129,32 @@ public class TestEncryptInterceptor {
String testInput = "x";
- assertEquals("Tiny payload roundtrip failed",
+ Assert.assertEquals("Tiny payload roundtrip failed",
testInput,
roundTrip(testInput, src, dest));
}
@Test
+ public void testLargePayload() throws Exception {
+ src.start(Channel.SND_TX_SEQ);
+ dest.start(Channel.SND_TX_SEQ);
+
+ byte[] bytes = new byte[1024*1024];
+
+ Assert.assertArrayEquals("Huge payload roundtrip failed",
+ bytes,
+ roundTrip(bytes, src, dest));
+ }
+
+ @Test
+ @Ignore("Too big for default settings. Breaks Gump, Eclipse, ...")
public void testHugePayload() throws Exception {
src.start(Channel.SND_TX_SEQ);
dest.start(Channel.SND_TX_SEQ);
- byte[] bytes = new byte[1073741824]; // 1MiB, all zeros
+ byte[] bytes = new byte[1024*1024*1024];
- assertArrayEquals("Tiny payload roundtrip failed",
+ Assert.assertArrayEquals("Huge payload roundtrip failed",
bytes,
roundTrip(bytes, src, dest));
}
@@ -88,7 +168,7 @@ public class TestEncryptInterceptor {
String testInput = "The quick brown fox jumps over the lazy dog.";
- assertEquals("Failed to set custom provider name",
+ Assert.assertEquals("Failed to set custom provider name",
testInput,
roundTrip(testInput, src, dest));
}
@@ -102,7 +182,7 @@ public class TestEncryptInterceptor {
String testInput = "The quick brown fox jumps over the lazy dog.";
- assertEquals("Failed to set custom provider name",
+ Assert.assertEquals("Failed to set custom provider name",
testInput,
roundTrip(testInput, src, dest));
}
@@ -116,7 +196,7 @@ public class TestEncryptInterceptor {
String testInput = "The quick brown fox jumps over the lazy dog.";
- assertEquals("Failed to set custom provider name",
+ Assert.assertEquals("Failed to set custom provider name",
testInput,
roundTrip(testInput, src, dest));
}
@@ -129,7 +209,7 @@ public class TestEncryptInterceptor {
bytes = roundTrip(bytes, src, dest);
- return new
String(((ValueCaptureInterceptor)dest.getPrevious()).getValue(), "UTF-8");
+ return new String(bytes, "UTF-8");
}
/**
@@ -143,6 +223,229 @@ public class TestEncryptInterceptor {
return ((ValueCaptureInterceptor)dest.getPrevious()).getValue();
}
+ @Test
+ @Ignore("ECB mode isn't implemented because it's insecure")
+ public void testECB() throws Exception {
+ src.setEncryptionAlgorithm("AES/ECB/PKCS5Padding");
+ src.start(Channel.SND_TX_SEQ);
+ dest.setEncryptionAlgorithm("AES/ECB/PKCS5Padding");
+ dest.start(Channel.SND_TX_SEQ);
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ Assert.assertEquals("Failed in ECB mode",
+ testInput,
+ roundTrip(testInput, src, dest));
+ }
+
+ @Test
+ public void testOFB() throws Exception {
+ src.setEncryptionAlgorithm("AES/OFB/PKCS5Padding");
+ src.start(Channel.SND_TX_SEQ);
+ dest.setEncryptionAlgorithm("AES/OFB/PKCS5Padding");
+ dest.start(Channel.SND_TX_SEQ);
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ Assert.assertEquals("Failed in OFB mode",
+ testInput,
+ roundTrip(testInput, src, dest));
+ }
+
+ @Test
+ public void testCFB() throws Exception {
+ src.setEncryptionAlgorithm("AES/CFB/PKCS5Padding");
+ src.start(Channel.SND_TX_SEQ);
+ dest.setEncryptionAlgorithm("AES/CFB/PKCS5Padding");
+ dest.start(Channel.SND_TX_SEQ);
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ Assert.assertEquals("Failed in CFB mode",
+ testInput,
+ roundTrip(testInput, src, dest));
+ }
+
+ @Test
+ public void testGCM() throws Exception {
+ src.setEncryptionAlgorithm("AES/GCM/PKCS5Padding");
+ src.start(Channel.SND_TX_SEQ);
+ dest.setEncryptionAlgorithm("AES/GCM/PKCS5Padding");
+ dest.start(Channel.SND_TX_SEQ);
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ Assert.assertEquals("Failed in GCM mode",
+ testInput,
+ roundTrip(testInput, src, dest));
+ }
+
+ @Test
+ public void testIllegalECB() throws Exception {
+ try {
+ src.setEncryptionAlgorithm("AES/ECB/PKCS5Padding");
+ src.start(Channel.SND_TX_SEQ);
+
+ // start() should trigger IllegalArgumentException
+ Assert.fail("ECB mode is not being refused");
+ } catch (IllegalArgumentException iae) {
+ // Expected
+ }
+ }
+
+ @Test
+ public void testViaFile() throws Exception {
+ src.start(Channel.SND_TX_SEQ);
+ src.setNext(new ValueCaptureInterceptor());
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ ChannelData msg = new ChannelData(false);
+ msg.setMessage(new XByteBuffer(testInput.getBytes("UTF-8"), false));
+ src.sendMessage(null, msg, null);
+
+ byte[] bytes = ((ValueCaptureInterceptor)src.getNext()).getValue();
+
+ try (FileOutputStream out = new FileOutputStream(MESSAGE_FILE)) {
+ out.write(bytes);
+ }
+
+ dest.start(Channel.SND_TX_SEQ);
+
+ bytes = new byte[8192];
+ int read;
+
+ try (FileInputStream in = new FileInputStream(MESSAGE_FILE)) {
+ read = in.read(bytes);
+ }
+
+ msg = new ChannelData(false);
+ XByteBuffer xbb = new XByteBuffer(read, false);
+ xbb.append(bytes, 0, read);
+ msg.setMessage(xbb);
+
+ dest.messageReceived(msg);
+ }
+
+ @Test
+ public void testMessageUniqueness() throws Exception {
+ src.start(Channel.SND_TX_SEQ);
+ src.setNext(new ValueCaptureInterceptor());
+
+ String testInput = "The quick brown fox jumps over the lazy dog.";
+
+ ChannelData msg = new ChannelData(false);
+ msg.setMessage(new XByteBuffer(testInput.getBytes("UTF-8"), false));
+ src.sendMessage(null, msg, null);
+
+ byte[] cipherText1 =
((ValueCaptureInterceptor)src.getNext()).getValue();
+
+ msg.setMessage(new XByteBuffer(testInput.getBytes("UTF-8"), false));
+ src.sendMessage(null, msg, null);
+
+ byte[] cipherText2 =
((ValueCaptureInterceptor)src.getNext()).getValue();
+
+ Assert.assertThat("Two identical cleartexts encrypt to the same
ciphertext",
+ cipherText1, IsNot.not(IsEqual.equalTo(cipherText2)));
+ }
+
+ @Test
+ public void testPickup() throws Exception {
+ File file = new File(MESSAGE_FILE);
+ if(!file.exists()) {
+ System.err.println("File message.bin does not exist. Skipping
test.");
+ return;
+ }
+
+ dest.start(Channel.SND_TX_SEQ);
+
+ byte[] bytes = new byte[8192];
+ int read;
+
+ try (FileInputStream in = new FileInputStream(file)) {
+ read = in.read(bytes);
+ }
+
+ ChannelData msg = new ChannelData(false);
+ XByteBuffer xbb = new XByteBuffer(read, false);
+ xbb.append(bytes, 0, read);
+ msg.setMessage(xbb);
+
+ dest.messageReceived(msg);
+ }
+
+ /*
+ * This test isn't guaranteed to catch any multithreaded issues, but it
+ * gives a good exercise.
+ */
+ @Test
+ public void testMultithreaded() throws Exception {
+ String inputValue = "A test string to fight over.";
+ final byte[] bytes = inputValue.getBytes("UTF-8");
+ int numThreads = 100;
+ final int messagesPerThread = 10;
+
+ dest.setPrevious(new ValuesCaptureInterceptor());
+
+ src.start(Channel.SND_TX_SEQ);
+ dest.start(Channel.SND_TX_SEQ);
+
+ Runnable job = new Runnable() {
+ @Override
+ public void run() {
+ try {
+ ChannelData msg = new ChannelData(false);
+ XByteBuffer xbb = new XByteBuffer(1024, false);
+ xbb.append(bytes, 0, bytes.length);
+ msg.setMessage(xbb);
+
+ for(int i=0; i<messagesPerThread; ++i)
+ src.sendMessage(null, msg, null);
+ } catch (ChannelException e) {
+ Assert.fail("Encountered exception sending messages: " +
e.getMessage());
+ }
+ }
+ };
+
+ Thread[] threads = new Thread[numThreads];
+ for(int i=0; i<numThreads; ++i) {
+ threads[i] = new Thread(job);
+ threads[i].setName("Message-Thread-" + i);
+ }
+
+ for(int i=0; i<numThreads; ++i)
+ threads[i].start();
+
+ for(int i=0; i<numThreads; ++i)
+ threads[i].join();
+
+ // Check all received messages to make sure they are not corrupted
+ Collection<byte[]> messages =
((ValuesCaptureInterceptor)dest.getPrevious()).getValues();
+
+ Assert.assertEquals("Did not receive all expected messages",
+ numThreads * messagesPerThread, messages.size());
+
+ for(byte[] message : messages)
+ Assert.assertArrayEquals("Message is corrupted", message, bytes);
+ }
+
+ @Test
+ public void testTcpFailureDetectorDetection() {
+ src.setPrevious(new TcpFailureDetector());
+
+ try {
+ src.start(Channel.SND_TX_SEQ);
+ Assert.fail("EncryptInterceptor should detect TcpFailureDetector
and throw an error");
+ } catch (EncryptInterceptor.ChannelConfigException cce) {
+ // Expected behavior
+ } catch (AssertionError ae) {
+ // This is the junit assertion being thrown
+ throw ae;
+ } catch (Throwable t) {
+ Assert.fail("EncryptionInterceptor should throw
ChannelConfigException, not " + t.getClass().getName());
+ }
+ }
+
/**
* Interceptor that delivers directly to a destination.
*/
@@ -188,4 +491,33 @@ public class TestEncryptInterceptor {
return value;
}
}
+
+ /**
+ * Interceptor that simply captures all messages sent to or received by it.
+ */
+ private static class ValuesCaptureInterceptor
+ extends ChannelInterceptorBase
+ {
+ private ArrayList<byte[]> messages = new ArrayList<>();
+
+ @Override
+ public void sendMessage(Member[] destination, ChannelMessage msg,
InterceptorPayload payload)
+ throws ChannelException {
+ synchronized(messages) {
+ messages.add(msg.getMessage().getBytes());
+ }
+ }
+
+ @Override
+ public void messageReceived(ChannelMessage msg) {
+ synchronized(messages) {
+ messages.add(msg.getMessage().getBytes());
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public Collection<byte[]> getValues() {
+ return (Collection<byte[]>)messages.clone();
+ }
+ }
}
Propchange:
tomcat/tc8.5.x/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1850508&r1=1850507&r2=1850508&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Sat Jan 5 20:52:28 2019
@@ -214,6 +214,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Tribes">
+ <changelog>
+ <add>
+ Add EncryptInterceptor to the portfolio of available clustering
+ interceptors. This adds symmetric encryption of session data
+ to Tomcat clustering regardless of the type of cluster manager
+ or membership being used. (schultz)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<fix>
Modified: tomcat/tc8.5.x/trunk/webapps/docs/config/cluster-interceptor.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/config/cluster-interceptor.xml?rev=1850508&r1=1850507&r2=1850508&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/config/cluster-interceptor.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/config/cluster-interceptor.xml Sat Jan 5
20:52:28 2019
@@ -36,7 +36,7 @@
<section name="Introduction">
<p>
Apache Tribes supports an interceptor architecture to intercept both
messages and membership notifications.
- This architecture allows decoupling of logic and opens the way for some very
kewl feature add ons.
+ This architecture allows decoupling of logic and opens the way for some very
useful feature add ons.
</p>
</section>
@@ -54,6 +54,7 @@
<li><code>org.apache.catalina.tribes.group.interceptors.FragmentationInterceptor</code></li>
<li><code>org.apache.catalina.tribes.group.interceptors.GzipInterceptor</code></li>
<li><code>org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor</code></li>
+
<li><code>org.apache.catalina.tribes.group.interceptors.EncryptInterceptor</code></li>
</ul>
</section>
@@ -196,6 +197,44 @@
</attribute>
</attributes>
</subsection>
+ <subsection
name="org.apache.catalina.tribes.group.interceptors.EncryptInterceptor
Attributes">
+ <p>
+ The EncryptInterceptor adds encryption to the channel messages carrying
+ session data between nodes. Added in Tomcat 9.0.13.
+ </p>
+ <p>
+ If using the <code>TcpFailureDetector</code>, the
<code>EncryptInterceptor</code>
+ <i>must</i> be inserted into the interceptor chain <i>before</i> the
+ <code>TcpFailureDetector</code>. This is becuase when validating cluster
+ members, <code>TcpFailureDetector</code> writes channel data directly
+ to the other members without using the remainder of the interceptor chain,
+ but on the receiving side, the message still goes through the chain (in
reverse).
+ Because of this asymmetry, the <code>EncryptInterceptor</code> must
execute
+ <i>before</i> the <code>TcpFailureDetector</code> on the sender and
<i>after</i>
+ it on the receiver, otherwise message corruption will occur.
+ </p>
+ <attributes>
+ <attribute name="encryptionAlgorithm" required="false">
+ The encryption algorithm to be used, including the mode and padding.
Please see
+ <a
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html";>https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html</a>
+ for the standard JCA names that can be used.
+
+ The <i>mode</i> is currently required to be <code>CBC</code>.
+
+ The length of the key will specify the flavor of the encryption
algorithm
+ to be used, if applicable (e.g. AES-128 versus AES-256).
+
+ The default algorithm is <code>AES/CBC/PKCS5Padding</code>.
+ </attribute>
+ <attribute name="encryptionKey" required="true">
+ The key to be used with the encryption algorithm.
+
+ The key should be specified as hex-encoded bytes of the appropriate
+ length for the algorithm (e.g. 16 bytes / 32 characters / 128 bits for
+ AES-128, 32 bytes / 64 characters / 256 bits for AES-256, etc.).
+ </attribute>
+ </attributes>
+ </subsection>
</section>
<section name="Nested Components">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
