[ https://issues.apache.org/jira/browse/NIFI-3594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15982061#comment-15982061 ]
ASF GitHub Bot commented on NIFI-3594: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/1686#discussion_r113075785 --- Diff: nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/groovy/org/apache/nifi/provenance/EncryptedSchemaRecordReaderWriterTest.groovy --- @@ -0,0 +1,286 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.provenance + +import org.apache.nifi.flowfile.FlowFile +import org.apache.nifi.provenance.serialization.RecordReader +import org.apache.nifi.provenance.serialization.RecordWriter +import org.apache.nifi.provenance.toc.StandardTocReader +import org.apache.nifi.provenance.toc.StandardTocWriter +import org.apache.nifi.provenance.toc.TocReader +import org.apache.nifi.provenance.toc.TocUtil +import org.apache.nifi.provenance.toc.TocWriter +import org.apache.nifi.util.file.FileUtils +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.bouncycastle.util.encoders.Hex +import org.junit.After +import org.junit.AfterClass +import org.junit.Before +import org.junit.BeforeClass +import org.junit.ClassRule +import org.junit.Test +import org.junit.rules.TemporaryFolder +import org.junit.runner.RunWith +import org.junit.runners.JUnit4 +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +import javax.crypto.Cipher +import javax.crypto.spec.SecretKeySpec +import java.security.KeyManagementException +import java.security.Security +import java.util.concurrent.atomic.AtomicLong + +import static groovy.test.GroovyAssert.shouldFail +import static org.apache.nifi.provenance.TestUtil.createFlowFile + +@RunWith(JUnit4.class) +class EncryptedSchemaRecordReaderWriterTest extends AbstractTestRecordReaderWriter { + private static final Logger logger = LoggerFactory.getLogger(EncryptedSchemaRecordReaderWriterTest.class) + + private static final String KEY_HEX_128 = "0123456789ABCDEFFEDCBA9876543210" + private static final String KEY_HEX_256 = KEY_HEX_128 * 2 + private static final String KEY_HEX = isUnlimitedStrengthCryptoAvailable() ? KEY_HEX_256 : KEY_HEX_128 + private static final int IV_LENGTH = 16 + private static final String KEY_ID = "K1" + + private static final String TRANSIT_URI = "nifi://unit-test" + private static final String PROCESSOR_TYPE = "Mock Processor" + private static final String COMPONENT_ID = "1234" + + private static final int UNCOMPRESSED_BLOCK_SIZE = 1024 * 32 + private static final int MAX_ATTRIBUTE_SIZE = 2048 + + private static final AtomicLong idGenerator = new AtomicLong(0L) + private File journalFile + private File tocFile + + private static KeyProvider mockKeyProvider + private static ProvenanceEventEncryptor provenanceEventEncryptor = new AESProvenanceEventEncryptor() + + @ClassRule + public static TemporaryFolder tempFolder = new TemporaryFolder() + + private static String ORIGINAL_LOG_LEVEL + + @BeforeClass + static void setUpOnce() throws Exception { + ORIGINAL_LOG_LEVEL = System.getProperty("org.slf4j.simpleLogger.log.org.apache.nifi.provenance") + System.setProperty("org.slf4j.simpleLogger.log.org.apache.nifi.provenance", "DEBUG") + + Security.addProvider(new BouncyCastleProvider()) + + logger.metaClass.methodMissing = { String name, args -> + logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}") + } + + mockKeyProvider = [ + getKey : { String keyId -> + logger.mock("Requesting key ID: ${keyId}") + if (keyId == KEY_ID) { + new SecretKeySpec(Hex.decode(KEY_HEX), "AES") + } else { + throw new KeyManagementException("${keyId} is not available") + } + }, + getAvailableKeyIds: { -> + logger.mock("Available key IDs: [${KEY_ID}]") + [KEY_ID] + }, + keyExists : { String keyId -> + logger.mock("Checking availability of key ID: ${keyId}") + keyId == KEY_ID + }] as KeyProvider + provenanceEventEncryptor.initialize(mockKeyProvider) +// --- End diff -- Yes. Thanks. > Implement encrypted provenance repository > ----------------------------------------- > > Key: NIFI-3594 > URL: https://issues.apache.org/jira/browse/NIFI-3594 > Project: Apache NiFi > Issue Type: Sub-task > Components: Core Framework > Affects Versions: 1.1.1 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Labels: encryption, provenance, repository > > I am going to start with the provenance repository, as the new implementation > of {{WriteAheadProvenanceRepository}} has the most recent design decisions > and has not been available in a released version yet, so there should be > minimal backward compatibility concerns. -- This message was sent by Atlassian JIRA (v6.3.15#6346)