Re: [PATCH] Derby 236 BootPassword gets written out in plain text in sane mode and in our test environment.

[Suresh Thalamati]

- Why is password hard coded in the test harness code, is it not possible to 
specify it as test property ? for eg on the db URL itself. 

+               String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
Thanks
-suresht
Mike Matrigali wrote:
I'll look into committing this one.  If anyone else is reviewing it
let me know.
Sunitha Kambhampati wrote:
 

This patch fixes Derby 236 
http://issues.apache.org/jira/browse/DERBY-236 - BootPassword gets
written out in plain text in sane mode and in our test environment.

Changes include
1. remove sanity debug code in RawStore to not write bootpassword in
plain text into the service.properties 2. currently the test harness
does not seem to pass on the encryption related properties to the
MultiTest and with change in #1, encryption wont be used for
stress.multi. So changes made to  RunTest to pass on the encryption,
testEncryptionAlgorithm values to the MultiTest harness. Also changed
mtTestCase to recognize the encryption properties and modify the
database url to use for the MultiTest.
-- ran derbyall on jdk142 with no failures
-- verified that encryption run for stress.multi was running ok, by
adding keepfiles=true to encryptionAll.properties and checking the
service.properties for all the databases created as part of this
encryptionAll testrun.
svn stat
M      java\tools\org\apache\derby\impl\tools\ij\mtTestCase.java
M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
A     
java\testing\org\apache\derbyTesting\functionTests\tests\store\EncryptionTest.java

M     
java\testing\org\apache\derbyTesting\functionTests\harness\RunTest.java
A     
java\testing\org\apache\derbyTesting\functionTests\master\EncryptionTest.out

M     
java\testing\org\apache\derbyTesting\functionTests\suites\encryption.runall

Can someone please review it and if it looks ok, can a committer please
commit it.
Thanks, Sunitha.
------------------------------------------------------------------------
Index: java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java
===================================================================
--- java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(revision 169429)
+++ java/tools/org/apache/derby/impl/tools/ij/mtTestCase.java	(working copy)
@@ -156,6 +156,20 @@
						p.setProperty("ij.password","PWD");
					}
			}
+            // this is a special case for the MultiTest.
+            // check and alter url if there are any encryption related properties
+            // that need to be set on the url 
+            if (("true").equalsIgnoreCase(p.getProperty("encryption"))) 
+            {
+               String encryptUrl = "dataEncryption=true;bootPassword=Thursday";
+               String dbUrl = p.getProperty("database");
+               String encryptionAlgorithm = p.getProperty("encryptionAlgorithm");
+               if (encryptionAlgorithm != null)
+                   p.setProperty("database",dbUrl + ";"+encryptUrl +";"+encryptionAlgorithm);
+               else
+                   p.setProperty("database",dbUrl + ";"+encryptUrl);
+            }
+            
			System.setProperties(p);
		}
		// set input stream
Index: java/engine/org/apache/derby/impl/store/raw/RawStore.java
===================================================================
--- java/engine/org/apache/derby/impl/store/raw/RawStore.java	(revision 169429)
+++ java/engine/org/apache/derby/impl/store/raw/RawStore.java	(working copy)
@@ -175,27 +175,6 @@
			String dataEncryption = properties.getProperty(Attribute.DATA_ENCRYPTION);
			databaseEncrypted = Boolean.valueOf(dataEncryption).booleanValue();

-
-			if (SanityManager.DEBUG)
-			{
-				if (!databaseEncrypted)
-				{
-					// check for system property if running under sanity - this
-					// gives more test coverage for those that that hard code
-					// connection URL in the test or somehow go thru the test
-					// harness in a strange way.
-					String testEncryption =
-						PropertyUtil.getSystemProperty("testDataEncryption");
-
-					if (testEncryption != null)
-					{
-						properties.put(Attribute.DATA_ENCRYPTION, "true");
-						properties.put(Attribute.BOOT_PASSWORD, testEncryption);
-						databaseEncrypted = true;
-                    }
-				}
-			}
-
			if (databaseEncrypted)
			{
					cipherFactory =
Index: java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java	(revision 0)
+++ java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java	(revision 0)
@@ -0,0 +1,74 @@
+/*
+ 
+ Derby - Class org.apache.derbyTesting.functionTests.tests.store.EncryptionTest
+ 
+ Copyright 2002, 2005 The Apache Software Foundation or its licensors, as applicable.
+ 
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ 
+ */
+
+package org.apache.derbyTesting.functionTests.tests.store;
+
+import java.sql.Connection;
+import java.sql.Statement;
+import java.sql.PreparedStatement;
+import java.sql.DriverManager;
+import java.util.Properties;
+import java.io.*;
+
+/**
+ * check if bootpassword is not written out in plain text into service.properties
+ * for an encrypted database run within the test harness.
+ * In future encryption related testcases can be added to this test
+ */
+public class EncryptionTest {
+    public static void main(String[] args) {
+        Connection conn = null;
+        try {
+            // use the ij utility to read the property file and
+            // make the initial connection.
+            org.apache.derby.tools.ij.getPropertyArg(args);
+            conn = org.apache.derby.tools.ij.startJBMS();
+
+            // Test 1
+            // Derby 236 - boot password should not be written out
+            // into service.properties
+            String derbyHome = System.getProperty("derby.system.home");
+
+            // read in the properties in the service.properties file of the db
+            Properties serviceProperties = new Properties();
+            File f = new File(derbyHome + "/wombat/service.properties");
+            serviceProperties.load(new FileInputStream(f.getAbsolutePath()));
+            if (serviceProperties.getProperty("bootPassword") == null)
+                report("TEST PASSED");
+            else
+                report("FAIL -- bootPassword should not be written out into service.properties");
+            
+            conn.close();
+        } catch (Throwable e) {
+            report("FAIL -- unexpected exception: " + e);
+            e.printStackTrace();
+        }
+
+    }
+
+    /**
+     * print message
+     * @param msg to print out 
+     */
+    public static void report(String msg) {
+        System.out.println(msg);
+    }
+
+}

Property changes on: 
java/testing/org/apache/derbyTesting/functionTests/tests/store/EncryptionTest.java
___________________________________________________________________
Name: svn:eol-style
  + native
Index: java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(revision 169429)
+++ java/testing/org/apache/derbyTesting/functionTests/harness/RunTest.java	(working copy)
@@ -2021,13 +2021,24 @@
            jvm.setFlags(jvmflags);
        }
        
-        jvm.setD(jvmProps);
        
        if (testType.equals("multi"))
        {
            if ( (jvmflags != null) && (jvmflags.indexOf("mx") == -1) )
                jvm.setMx(64*1024*1024); // -mx64m
+            
+            // MultiTest is special case, so pass on properties
+            // related to encryption to MultiTest
+            jvmProps.addElement("encryption="+encryption);
+            Properties props = new Properties();
+            // parse and get only the special properties that are needed for the url 
+            SpecialFlags.parse(testSpecialProps, props, new Properties());
+            String encryptionAlgorithm = props.getProperty("testEncryptionAlgorithm");
+            if(encryptionAlgorithm != null)
+                jvmProps.addElement("encryptionAlgorithm=\""+ Attribute.CRYPTO_ALGORITHM 
+                        +"="+encryptionAlgorithm+"\"");
        }
+        jvm.setD(jvmProps);
            
        Vector v = jvm.getCommandLine();
        if ( ij.startsWith("ij") )
Index: java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision 0)
+++ java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out	(revision 0)
@@ -0,0 +1 @@
+TEST PASSED

Property changes on: 
java/testing/org/apache/derbyTesting/functionTests/master/EncryptionTest.out
___________________________________________________________________
Name: svn:eol-style
  + native
Index: java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(revision 169429)
+++ java/testing/org/apache/derbyTesting/functionTests/suites/encryption.runall	(working copy)
@@ -1,2 +1,3 @@
-unit/T_Cipher.unit
-store/encryptDatabase.sql
+unit/T_Cipher.unit
+store/encryptDatabase.sql
+store/EncryptionTest.java