GEODE-1372 added test for different algo. Fixed issue for algo without size
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/32441256 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/32441256 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/32441256 Branch: refs/heads/feature/GEODE-420 Commit: 324412564b725cc3b32e5b306314bf3b29af9af1 Parents: 3a64308 Author: Hitesh Khamesra <[email protected]> Authored: Fri Jun 3 14:57:37 2016 -0700 Committer: Hitesh Khamesra <[email protected]> Committed: Mon Aug 29 10:39:18 2016 -0700 ---------------------------------------------------------------------- .../membership/gms/messenger/GMSEncrypt.java | 24 ++-- .../gms/membership/GMSJoinLeaveJUnitTest.java | 1 + .../gms/messenger/GMSEncryptJUnitTest.java | 109 ++++++++++++++----- 3 files changed, 95 insertions(+), 39 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/32441256/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java index 8136c1a..1575864 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java @@ -92,7 +92,7 @@ public class GMSEncrypt implements Cloneable{ protected byte[] getClusterSecretKey() { return this.clusterEncryptor.secretBytes; } - + protected synchronized void initClusterSecretKey() throws Exception { if(this.clusterEncryptor == null) { this.clusterEncryptor = new ClusterEncryptor(this); @@ -104,7 +104,7 @@ public class GMSEncrypt implements Cloneable{ //TODO we are reseeting here, in case there is some race this.clusterEncryptor = new ClusterEncryptor(secretBytes); } - + protected GMSEncrypt() { initEncryptors(); } @@ -239,7 +239,7 @@ public class GMSEncrypt implements Cloneable{ private Map<InternalDistributedMember, PeerEncryptor> getPeerEncryptorMap() { int h = Math.abs(Thread.currentThread().getName().hashCode() % numberOfPeerEncryptorCopies); - ConcurrentHashMap m = copyOfPeerEncryptors[h]; + ConcurrentHashMap<InternalDistributedMember, PeerEncryptor> m = copyOfPeerEncryptors[h]; if(m == null) { synchronized (copyOfPeerEncryptors) { @@ -439,10 +439,9 @@ public class GMSEncrypt implements Cloneable{ int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { - // TODO how should we do here, should we just throw runtime exception? - /* SecretKey sKey = ka.generateSecret(dhSKAlgo); - * encrypt = Cipher.getInstance(dhSKAlgo); - * encrypt.init(Cipher.ENCRYPT_MODE, sKey); */ + SecretKeySpec sks = new SecretKeySpec(secretBytes, dhSKAlgo); + encrypt = Cipher.getInstance(dhSKAlgo); + encrypt.init(Cipher.ENCRYPT_MODE, sks); } else { String dhAlgoStr = getDhAlgoStr(dhSKAlgo); @@ -491,10 +490,9 @@ public class GMSEncrypt implements Cloneable{ int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { - // TODO: how to do here, should we just throw runtime exception? - /* SecretKey sKey = ka.generateSecret(dhSKAlgo); - * decrypt = Cipher.getInstance(dhSKAlgo); - * decrypt.init(Cipher.DECRYPT_MODE, sKey); */ + SecretKeySpec sks = new SecretKeySpec(secretBytes, dhSKAlgo); + decrypt = Cipher.getInstance(dhSKAlgo); + decrypt.init(Cipher.DECRYPT_MODE, sks); } else { String algoStr = getDhAlgoStr(dhSKAlgo); @@ -515,7 +513,7 @@ public class GMSEncrypt implements Cloneable{ int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { - SecretKey sKey = ka.generateSecret(dhSKAlgo); + SecretKey sKey = ka.generateSecret(dhSKAlgo); return sKey.getEncoded(); } else { return ka.generateSecret(); @@ -552,7 +550,7 @@ public class GMSEncrypt implements Cloneable{ public ClusterEncryptor(byte[] sb) { this.secretBytes = sb; } - + public synchronized byte[] encryptBytes(byte[] data) throws Exception { String algo = dhSKAlgo; return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo)); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/32441256/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java index d652915..c44c327 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java @@ -87,6 +87,7 @@ public class GMSJoinLeaveJUnitTest { mockDistConfig = mock(DistributionConfig.class); when(mockDistConfig.getEnableNetworkPartitionDetection()).thenReturn(enableNetworkPartition); when(mockDistConfig.getLocators()).thenReturn("localhost[8888]"); + when(mockDistConfig.getSecurityClientDHAlgo()).thenReturn(""); mockConfig = mock(ServiceConfig.class); when(mockDistConfig.getStartLocator()).thenReturn("localhost[12345]"); when(mockConfig.getDistributionConfig()).thenReturn(mockDistConfig); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/32441256/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java index ace40d6..30abb7d 100755 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java @@ -46,9 +46,13 @@ public class GMSEncryptJUnitTest { NetView netView; - private void initMocks() throws Exception { + private void initMocks() throws Exception{ + initMocks("AES:128"); + } + + private void initMocks(String algo) throws Exception { Properties nonDefault = new Properties(); - nonDefault.put(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, "AES:128"); + nonDefault.put(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, algo); DistributionConfigImpl config = new DistributionConfigImpl(nonDefault); RemoteTransportConfig tconfig = new RemoteTransportConfig(config, DistributionManager.NORMAL_DM_TYPE); @@ -74,45 +78,51 @@ public class GMSEncryptJUnitTest { } + String[] algos = new String[]{"AES", + "Blowfish", + "DES", + "DESede"}; @Test public void testOneMemberCanDecryptAnothersMessage() throws Exception{ - initMocks(); + for (String algo : algos) { + initMocks(algo); - GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender - GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the receiver + GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender + GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the receiver - // establish the public keys for the sender and receiver - netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes()); - netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes()); + // establish the public keys for the sender and receiver + netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes()); + netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes()); - gmsEncrypt1.installView(netView, mockMembers[1]); - gmsEncrypt2.installView(netView, mockMembers[2]); + gmsEncrypt1.installView(netView, mockMembers[1]); + gmsEncrypt2.installView(netView, mockMembers[2]); - // sender encrypts a message, so use receiver's public key - String ch = "Hello world"; - byte[] challenge = ch.getBytes(); - byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge, mockMembers[2]); + // sender encrypts a message, so use receiver's public key + String ch = "Hello world"; + byte[] challenge = ch.getBytes(); + byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge, mockMembers[2]); - // receiver decrypts the message using the sender's public key - byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge, mockMembers[1]); + // receiver decrypts the message using the sender's public key + byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge, mockMembers[1]); - // now send a response - String response = "Hello yourself!"; - byte[] responseBytes = response.getBytes(); - byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]); + // now send a response + String response = "Hello yourself!"; + byte[] responseBytes = response.getBytes(); + byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]); - // receiver decodes the response - byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse, mockMembers[2]); + // receiver decodes the response + byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse, mockMembers[2]); - Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge)); + Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge)); - Assert.assertTrue(Arrays.equals(challenge, decryptBytes)); + Assert.assertTrue(Arrays.equals(challenge, decryptBytes)); - Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse)); + Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse)); - Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse)); + Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse)); + } } @Test @@ -248,6 +258,53 @@ public class GMSEncryptJUnitTest { } @Test + public void testForClusterSecretKeyFromOtherMember() throws Exception{ + for (String algo : algos) { + initMocks(algo); + + final GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the sender + Thread.currentThread().sleep(100); + gmsEncrypt1.initClusterSecretKey(); + final GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the sender + + // establish the public keys for the sender and receiver + netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes()); + netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes()); + + gmsEncrypt1.installView(netView, mockMembers[1]); + + byte[] secretBytes = gmsEncrypt1.getClusterSecretKey(); + gmsEncrypt2.addClusterKey(secretBytes); + + gmsEncrypt2.installView(netView, mockMembers[1]); + + // sender encrypts a message, so use receiver's public key + String ch = "Hello world"; + byte[] challenge = ch.getBytes(); + byte[] encryptedChallenge = gmsEncrypt1.encryptData(challenge); + + // receiver decrypts the message using the sender's public key + byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge); + + // now send a response + String response = "Hello yourself!"; + byte[] responseBytes = response.getBytes(); + byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes); + + // receiver decodes the response + byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse); + + Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge)); + + Assert.assertTrue(Arrays.equals(challenge, decryptBytes)); + + Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse)); + + Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse)); + } + } + + @Test public void testForClusterSecretKeyFromOtherMemberMultipleThreads() throws Exception{ initMocks();
