Updated Branches: refs/heads/flume-1.3.0 cb418c9bb -> abf5f2392
FLUME-1575. FileChannel Encryption should disallow a null key. (Brock Noland via Mike Percy) Project: http://git-wip-us.apache.org/repos/asf/flume/repo Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/abf5f239 Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/abf5f239 Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/abf5f239 Branch: refs/heads/flume-1.3.0 Commit: abf5f2392531b281752a3366db52f70dc771efae Parents: cb418c9 Author: Mike Percy <[email protected]> Authored: Thu Sep 13 13:45:55 2012 -0700 Committer: Mike Percy <[email protected]> Committed: Thu Sep 13 13:52:10 2012 -0700 ---------------------------------------------------------------------- .../org/apache/flume/channel/file/FileChannel.java | 13 ++++++++++++- .../channel/file/encryption/CipherProvider.java | 6 ++++-- .../file/encryption/JCEFileKeyProvider.java | 6 ++++-- .../flume/channel/file/encryption/KeyProvider.java | 3 +++ 4 files changed, 23 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flume/blob/abf5f239/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java index 66f7536..0312cfe 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/FileChannel.java @@ -83,6 +83,7 @@ public class FileChannel extends BasicChannelSemantics { private File[] dataDirs; private Log log; private volatile boolean open; + private volatile Throwable startupError; private Semaphore queueRemaining; private final ThreadLocal<FileBackedTransaction> transactions = new ThreadLocal<FileBackedTransaction>(); @@ -274,6 +275,7 @@ public class FileChannel extends BasicChannelSemantics { + channelNameDescriptor); } catch (Throwable t) { open = false; + startupError = t; LOG.error("Failed to start the file channel " + channelNameDescriptor, t); if (t instanceof Error) { throw (Error) t; @@ -290,6 +292,7 @@ public class FileChannel extends BasicChannelSemantics { @Override public synchronized void stop() { LOG.info("Stopping {}...", this); + startupError = null; int size = getDepth(); close(); if (!open) { @@ -307,7 +310,15 @@ public class FileChannel extends BasicChannelSemantics { @Override protected BasicTransactionSemantics createTransaction() { - Preconditions.checkState(open, "Channel closed " + channelNameDescriptor); + if(!open) { + String msg = "Channel closed " + channelNameDescriptor; + if(startupError != null) { + msg += ". Due to " + startupError.getClass().getName() + ": " + + startupError.getMessage(); + throw new IllegalStateException(msg, startupError); + } + throw new IllegalStateException(msg); + } FileBackedTransaction trans = transactions.get(); if(trans != null && !trans.isClosed()) { Preconditions.checkState(false, http://git-wip-us.apache.org/repos/asf/flume/blob/abf5f239/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/CipherProvider.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/CipherProvider.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/CipherProvider.java index 3b8d6c3..2c71bc9 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/CipherProvider.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/CipherProvider.java @@ -20,6 +20,8 @@ package org.apache.flume.channel.file.encryption; import java.security.Key; +import com.google.common.base.Preconditions; + public abstract class CipherProvider { public abstract Encryptor.Builder<?> newEncryptorBuilder(); @@ -35,7 +37,7 @@ public abstract class CipherProvider { public static abstract class Builder<T extends Encryptor> { protected Key key; public Builder<T> setKey(Key key) { - this.key = key; + this.key = Preconditions.checkNotNull(key, "key cannot be null"); return this; } public abstract T build(); @@ -52,7 +54,7 @@ public abstract class CipherProvider { protected byte[] parameters; protected Key key; public Builder<T> setKey(Key key) { - this.key = key; + this.key = Preconditions.checkNotNull(key, "key cannot be null"); return this; } public Builder<T> setParameters(byte[] parameters) { http://git-wip-us.apache.org/repos/asf/flume/blob/abf5f239/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java index 4c53df4..f961ef9 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/JCEFileKeyProvider.java @@ -72,11 +72,13 @@ public class JCEFileKeyProvider extends KeyProvider { passwordFile = keyPasswordFile.getAbsolutePath(); } Key key = ks.getKey(alias, keyPassword); + if(key == null) { + throw new IllegalStateException("KeyStore returned null for " + alias); + } return key; } catch (Exception e) { String msg = e.getClass().getName() + ": " + e.getMessage() + ". " + - "Key = " + alias + ", passwordFile = " + passwordFile +": " + - e.getMessage(); + "Key = " + alias + ", passwordFile = " + passwordFile; throw new RuntimeException(msg, e); } } http://git-wip-us.apache.org/repos/asf/flume/blob/abf5f239/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProvider.java ---------------------------------------------------------------------- diff --git a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProvider.java b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProvider.java index e0877d1..207a140 100644 --- a/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProvider.java +++ b/flume-ng-channels/flume-file-channel/src/main/java/org/apache/flume/channel/file/encryption/KeyProvider.java @@ -24,6 +24,9 @@ import org.apache.flume.Context; public abstract class KeyProvider { + /** + * Returns a non-null Key + */ public abstract Key getKey(String alias); public interface Builder {
