Author: rgoers
Date: Thu Mar 21 02:17:25 2013
New Revision: 1459132
URL: http://svn.apache.org/r1459132
Log:
LOG4J2-178 - Do not encrypt in unit tests to avoid failures when the java
enhanced security jars are not installed. Make secret key provider a plugin
Added:
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/
logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
Modified:
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml
logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml
logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml
Modified:
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
---
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
(original)
+++
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/config/plugins/PluginManager.java
Thu Mar 21 02:17:25 2013
@@ -155,9 +155,11 @@ public class PluginManager {
LOGGER.warn("Plugin preloads not available");
}
}
- if (plugins.size() == 0) {
+ if (plugins == null || plugins.size() == 0) {
if (pkgs == null) {
- PACKAGES.add(LOG4J_PACKAGES);
+ if (!PACKAGES.contains(LOG4J_PACKAGES)) {
+ PACKAGES.add(LOG4J_PACKAGES);
+ }
} else {
final String[] names = pkgs.split(",");
for (final String name : names) {
Added:
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java?rev=1459132&view=auto
==============================================================================
---
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
(added)
+++
logging/log4j/log4j2/trunk/core/src/main/java/org/apache/logging/log4j/core/helpers/SecretKeyProvider.java
Thu Mar 21 02:17:25 2013
@@ -0,0 +1,11 @@
+package org.apache.logging.log4j.core.helpers;
+
+import javax.crypto.SecretKey;
+
+/**
+ *
+ */
+public interface SecretKeyProvider {
+
+ SecretKey getSecretKey();
+}
Modified:
logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
---
logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
(original)
+++
logging/log4j/log4j2/trunk/flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumePersistentManager.java
Thu Mar 21 02:17:25 2013
@@ -29,7 +29,10 @@ import org.apache.flume.event.SimpleEven
import org.apache.logging.log4j.LoggingException;
import org.apache.logging.log4j.core.appender.ManagerFactory;
import org.apache.logging.log4j.core.config.Property;
+import org.apache.logging.log4j.core.config.plugins.PluginManager;
+import org.apache.logging.log4j.core.config.plugins.PluginType;
import org.apache.logging.log4j.core.helpers.FileUtils;
+import org.apache.logging.log4j.core.helpers.SecretKeyProvider;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
@@ -58,7 +61,7 @@ import java.util.zip.GZIPOutputStream;
*/
public class FlumePersistentManager extends FlumeAvroManager {
- public static final String PASSWORD = "password";
+ public static final String KEY_PROVIDER = "keyProvider";
private static final Charset UTF8 = Charset.forName("UTF-8");
@@ -232,7 +235,6 @@ public class FlumePersistentManager exte
*/
public FlumePersistentManager createManager(final String name, final
FactoryData data) {
SecretKey secretKey = null;
- byte[] salt;
Database database;
@@ -261,37 +263,44 @@ public class FlumePersistentManager exte
}
try {
- if (properties.containsKey(PASSWORD)) {
- String password = properties.get(PASSWORD);
- salt = new byte[20];
- File saltFile = new File(data.dataDir + "/salt.dat");
- boolean needSalt = true;
- if (saltFile.exists()) {
- FileInputStream fis = new FileInputStream(saltFile);
- if (fis.read(salt) == 20) {
- needSalt = false;
- }
- fis.close();
+ String key = null;
+ for (Map.Entry<String, String> entry : properties.entrySet()) {
+ if (entry.getKey().equalsIgnoreCase(KEY_PROVIDER)) {
+ key = entry.getValue();
}
- if (needSalt) {
- Random r = new SecureRandom();
- r.nextBytes(salt);
- FileOutputStream fos = new FileOutputStream(saltFile);
- fos.write(salt);
- fos.close();
+ }
+ if (key != null) {
+ final PluginManager manager = new
PluginManager("KeyProvider", SecretKeyProvider.class);
+ manager.collectPlugins();
+ final Map<String, PluginType> plugins =
manager.getPlugins();
+ if (plugins != null) {
+ boolean found = false;
+ for (Map.Entry<String, PluginType> entry :
plugins.entrySet()) {
+ if (entry.getKey().equalsIgnoreCase(key)) {
+ found = true;
+ Class cl = entry.getValue().getPluginClass();
+ try {
+ SecretKeyProvider provider =
(SecretKeyProvider) cl.newInstance();
+ secretKey = provider.getSecretKey();
+ } catch (Exception ex) {
+ LOGGER.error("Unable to create
SecretKeyProvider {}, encryption will be disabled",
+ cl.getName());
+ }
+ break;
+ }
+ }
+ if (!found) {
+ LOGGER.error("Unable to locate SecretKey provider
{}, encryption will be disabled", key);
+ }
+ } else {
+ LOGGER.error("Unable to locate SecretKey provider {},
encryption will be disabled", key);
}
- SecretKeyFactory factory =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- KeySpec spec = new PBEKeySpec(password.toCharArray(),
salt, 65536, 256);
- SecretKey tmp = factory.generateSecret(spec);
- secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
}
- return new FlumePersistentManager(name, data.name,
data.agents, data.batchSize, data.reconnectionDelay,
- database, secretKey);
} catch (Exception ex) {
LOGGER.warn("Error setting up encryption - encryption will be
disabled", ex);
-
}
- return null;
+ return new FlumePersistentManager(name, data.name, data.agents,
data.batchSize, data.reconnectionDelay,
+ database, secretKey);
}
}
Added:
logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java?rev=1459132&view=auto
==============================================================================
---
logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
(added)
+++
logging/log4j/log4j2/trunk/flume-ng/src/test/java/org/apache/logging/log4j/flume/test/FlumeKeyProvider.java
Thu Mar 21 02:17:25 2013
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache license, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the license for the specific language governing permissions and
+ * limitations under the license.
+ */
+package org.apache.logging.log4j.flume.test;
+
+import org.apache.logging.log4j.core.config.plugins.Plugin;
+import org.apache.logging.log4j.core.helpers.SecretKeyProvider;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.FileOutputStream;
+import java.security.SecureRandom;
+import java.security.spec.KeySpec;
+import java.util.Random;
+
+/**
+ *
+ */
+@Plugin(name = "FlumeKeyProvider", type = "KeyProvider", elementType =
"SecretKeyProvider", printObject = true)
+public class FlumeKeyProvider implements SecretKeyProvider {
+
+ private static final byte[] key = new byte[] {-7, -21, -118, -25, -79, 73,
72, -64, 0, 127, -93, -13, -38,
+ 3, -73, -31, -2, -74, 3, 28, 113, -55, -105, 9, -103, 97, -5, -54, 88,
-110, 97, -4};
+
+ public SecretKey getSecretKey() {
+ return new SecretKeySpec(key, "AES");
+ }
+}
Modified: logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml
(original)
+++ logging/log4j/log4j2/trunk/flume-ng/src/test/resources/persistent.xml Thu
Mar 21 02:17:25 2013
@@ -1,11 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
-<configuration status="info" name="MyApp" packages="">
+<configuration status="info" name="MyApp"
packages="org.apache.logging.log4j.flume.test">
<appenders>
<Flume name="eventLogger" suppressExceptions="false" compress="true"
type="persistent" dataDir="target/persistent">
<Agent host="localhost" port="${sys:primaryPort}"/>
<Agent host="localhost" port="${sys:alternatePort}"/>
<RFC5424Layout enterpriseNumber="18060" includeMDC="true"
appName="MyApp"/>
- <Property name="password">Test123!!</Property>
+ <!-- Uncomment to enable encryption
+ <Property name="keyProvider">FlumeKeyProvider</Property> -->
</Flume>
<Console name="STDOUT">
<PatternLayout pattern="%d %t - [%p] %c %m%n"/>
Modified: logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml (original)
+++ logging/log4j/log4j2/trunk/src/site/xdoc/manual/appenders.xml Thu Mar 21
02:17:25 2013
@@ -484,8 +484,7 @@
elements will result in an error.</p>
<p>When used to configure in Persistent mode the valid
properties are:
<ol>
- <li>"password" to specfify that
- the data should be encrypted when written to disk.</li>
+ <li>"keyProvider" to specify the name of the plugin to
provide the secret key for encryption.</li>
</ol></p>
</td>
</tr>
@@ -542,7 +541,7 @@
<Agent host="192.168.10.101" port="8800"/>
<Agent host="192.168.10.102" port="8800"/>
<RFC5424Layout enterpriseNumber="18060" includeMDC="true"
appName="MyApp"/>
- <Property name="password">Test123!!</Property>
+ <Property name="keyProvider">MySecretProvider</Property>
</Flume>
</appenders>
<loggers>
Modified: logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml
URL:
http://svn.apache.org/viewvc/logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml?rev=1459132&r1=1459131&r2=1459132&view=diff
==============================================================================
--- logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml (original)
+++ logging/log4j/log4j2/trunk/src/site/xdoc/manual/plugins.xml Thu Mar 21
02:17:25 2013
@@ -89,6 +89,13 @@
RollingFileAppender to construct the name of the file to log to.
</p>
</subsection>
+ <a name="KeyProviders"/>
+ <subsection name="KeyProviders">
+ Some components within Log4j may provide the ability to perform data
encryption. These components require
+ a secret key to perform the encryption. Applications may provide the
key by creating a class that
+ implements the <a
href="../log4j-core/apidocs/org/apache/logging/log4j/core/helpers/SecretKeyProvider.html">SecretKeyProvider</a>
+ interface.
+ </subsection>
<a name="Lookups"/>
<subsection name="Lookups">
<p>
