Updated Branches: refs/heads/trunk fb2ec005a -> b9f36d12f
FLUME-1546. File channel encryption: trim() passwords and warn user if he doesn't have JCE policy file (Mike Percy via Hari Shreedharan) Project: http://git-wip-us.apache.org/repos/asf/flume/repo Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/b9f36d12 Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/b9f36d12 Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/b9f36d12 Branch: refs/heads/trunk Commit: b9f36d12f57d7cd3ba8294b63002a3f40d40601b Parents: fb2ec00 Author: Hari Shreedharan <[email protected]> Authored: Fri Sep 7 22:13:13 2012 -0700 Committer: Hari Shreedharan <[email protected]> Committed: Fri Sep 7 22:13:13 2012 -0700 ---------------------------------------------------------------------- .../file/encryption/AESCTRNoPaddingProvider.java | 19 ++++++++++++++- .../file/encryption/JCEFileKeyProvider.java | 12 ++++---- 2 files changed, 24 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flume/blob/b9f36d12/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java index b77e10c..d0a84fe 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/AESCTRNoPaddingProvider.java @@ -20,6 +20,8 @@ package org.apache.flume.channel.file.encryption; import java.nio.ByteBuffer; import java.security.Key; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.crypto.Cipher; @@ -111,13 +113,28 @@ public class AESCTRNoPaddingProvider extends CipherProvider { throw Throwables.propagate(e); } } + private static Cipher getCipher(Key key, int mode, byte[] parameters) { try { Cipher cipher = Cipher.getInstance(TYPE); cipher.init(mode, key, new IvParameterSpec(parameters)); return cipher; } catch (Exception e) { - LOG.error("Unable to instaniate " + TYPE, e); + String msg = "Unable to load key using transformation: " + TYPE; + if (e instanceof InvalidKeyException) { + try { + int maxAllowedLen = Cipher.getMaxAllowedKeyLength(TYPE); + if (maxAllowedLen < 256) { + msg += "; Warning: Maximum allowed key length = " + maxAllowedLen + + " with the available JCE security policy files. Have you" + + " installed the JCE unlimited strength jurisdiction policy" + + " files?"; + } + } catch (NoSuchAlgorithmException ex) { + msg += "; Unable to find specified algorithm?"; + } + } + LOG.error(msg, e); throw Throwables.propagate(e); } } http://git-wip-us.apache.org/repos/asf/flume/blob/b9f36d12/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java index fff78e0..f814993 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java @@ -49,7 +49,7 @@ public class JCEFileKeyProvider extends KeyProvider { try { ks = KeyStore.getInstance("jceks"); keyStorePassword = Files.toString(keyStorePasswordFile, Charsets.UTF_8) - .toCharArray(); + .trim().toCharArray(); ks.load(new FileInputStream(keyStoreFile), keyStorePassword); } catch(Exception ex) { throw Throwables.propagate(ex); @@ -62,7 +62,7 @@ public class JCEFileKeyProvider extends KeyProvider { char[] keyPassword = keyStorePassword; if(aliasPasswordFileMap.containsKey(alias)) { keyPassword = Files.toString(aliasPasswordFileMap.get(alias), - Charsets.UTF_8).toCharArray(); + Charsets.UTF_8).trim().toCharArray(); } Key key = ks.getKey(alias, keyPassword); return key; @@ -100,10 +100,10 @@ public class JCEFileKeyProvider extends KeyProvider { } } } - File keyStoreFile = new File(keyStoreFileName.trim()); - File keyStorePasswordFile = new File(keyStorePasswordFileName.trim()); - return new JCEFileKeyProvider(keyStoreFile, keyStorePasswordFile, - aliasPasswordFileMap); + File keyStoreFile = new File(keyStoreFileName.trim()); + File keyStorePasswordFile = new File(keyStorePasswordFileName.trim()); + return new JCEFileKeyProvider(keyStoreFile, keyStorePasswordFile, + aliasPasswordFileMap); } } }
