ctubbsii commented on a change in pull request #499: Implement new Encryption
interface
URL: https://github.com/apache/accumulo/pull/499#discussion_r190424371
##########
File path:
core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java
##########
@@ -143,54 +148,14 @@ public WBlockState(Algorithm compressionAlgo,
RateLimitedOutputStream fsOut,
this.fsBufferedOutput = new SimpleBufferedOutputStream(this.fsOut,
fsOutputBuffer.getBytes());
-
- // *This* is very important. Without this, when the crypto stream is
closed (in order to
- // flush its last bytes),
- // the underlying RFile stream will *also* be closed, and that's
undesirable as the cipher
- // stream is closed for
- // every block written.
- cryptoParams.setCloseUnderylingStreamAfterCryptoStreamClose(false);
-
- // *This* is also very important. We don't want the underlying stream
messed with.
- cryptoParams.setRecordParametersToStream(false);
-
- // Create a new IV for the block or update an existing one in the case
of GCM
- cryptoParams.updateInitializationVector();
-
- // Initialize the cipher including generating a new IV
- cryptoParams = cryptoModule.initializeCipher(cryptoParams);
-
- // Write the init vector in plain text, uncompressed, to the output
stream. Due to the way
- // the streams work out, there's no good way to write this
- // compressed, but it's pretty small.
- DataOutputStream tempDataOutputStream = new
DataOutputStream(fsBufferedOutput);
-
- // Init vector might be null if the underlying cipher does not require
one (NullCipher being
- // a good example)
- if (cryptoParams.getInitializationVector() != null) {
-
tempDataOutputStream.writeInt(cryptoParams.getInitializationVector().length);
- tempDataOutputStream.write(cryptoParams.getInitializationVector());
- } else {
- // Do nothing
- }
-
- // Initialize the cipher stream and get the IV
- cryptoParams.setPlaintextOutputStream(tempDataOutputStream);
- cryptoParams = cryptoModule.getEncryptingOutputStream(cryptoParams);
-
- if (cryptoParams.getEncryptedOutputStream() == tempDataOutputStream) {
- this.cipherOut = fsBufferedOutput;
- } else {
- this.cipherOut = cryptoParams.getEncryptedOutputStream();
- }
-
this.compressor = compressAlgo.getCompressor();
try {
+ this.cipherOut = encryptionStrategy.encryptStream(fsBufferedOutput);
this.out = compressionAlgo.createCompressionStream(cipherOut,
compressor, 0);
- } catch (IOException e) {
+ } catch (Exception e) {
Review comment:
Is it possible to avoid overly broad catching of `Exception` here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
