[GitHub] keith-turner closed pull request #315: ACCUMULO-4731 Improve exception handling if a key encryption key cannot be loaded
keith-turner closed pull request #315: ACCUMULO-4731 Improve exception handling
if a key encryption key cannot be loaded
URL: https://github.com/apache/accumulo/pull/315
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
index 1fa659a3fd..58f10101f7 100644
---
a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
+++
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
@@ -18,6 +18,7 @@
import java.io.DataInputStream;
import java.io.DataOutputStream;
+import java.io.EOFException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -45,13 +46,13 @@
private SecretKeyCache secretKeyCache = new SecretKeyCache();
@Override
- public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters
context) {
+ public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters
context) throws IOException {
try {
secretKeyCache.ensureSecretKeyCacheInitialized(context);
doKeyEncryptionOperation(Cipher.WRAP_MODE, context);
} catch (IOException e) {
log.error("{}", e.getMessage(), e);
- throw new RuntimeException(e);
+ throw new IOException(e);
}
return context;
}
@@ -128,11 +129,14 @@ public synchronized void
ensureSecretKeyCacheInitialized(CryptoModuleParameters
pathToKeyName =
Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue();
}
- // TODO ACCUMULO-2530 Ensure volumes a properly supported
+ // TODO ACCUMULO-2530 Ensure volumes are properly supported
Path pathToKey = new Path(pathToKeyName);
FileSystem fs = FileSystem.get(CachedConfiguration.getInstance());
DataInputStream in = null;
+ boolean invalidFile = false;
+ int keyEncryptionKeyLength = 0;
+
try {
if (!fs.exists(pathToKey)) {
initializeKeyEncryptionKey(fs, pathToKey, context);
@@ -140,14 +144,29 @@ public synchronized void
ensureSecretKeyCacheInitialized(CryptoModuleParameters
in = fs.open(pathToKey);
-int keyEncryptionKeyLength = in.readInt();
+keyEncryptionKeyLength = in.readInt();
+// If the file length does not correctly relate to the expected key
size, there is an inconsistency and
+// we have no way of knowing the correct key length.
+// The keyEncryptionKeyLength+4 accounts for the integer read from the
file.
+if (fs.getFileStatus(pathToKey).getLen() != keyEncryptionKeyLength +
4) {
+ invalidFile = true;
+ // Passing this exception forward so we can provide the more useful
error message
+ throw new IOException();
+}
keyEncryptionKey = new byte[keyEncryptionKeyLength];
in.readFully(keyEncryptionKey);
initialized = true;
+ } catch (EOFException e) {
+throw new IOException("Could not initialize key encryption cache,
malformed key encryption key file", e);
} catch (IOException e) {
-log.error("Could not initialize key encryption cache", e);
+if (invalidFile) {
+ throw new IOException("Could not initialize key encryption cache,
malformed key encryption key file. Expected key of lengh " +
keyEncryptionKeyLength
+ + " but file contained " + (fs.getFileStatus(pathToKey).getLen()
- 4) + "bytes for key encryption key.");
+} else {
+ throw new IOException("Could not initialize key encryption cache,
unable to access or find key encryption key file", e);
+}
} finally {
IOUtils.closeQuietly(in);
}
diff --git
a/core/src/main/java/org/apache/accumulo/core/security/crypto/SecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/SecretKeyEncryptionStrategy.java
index 7d3c33302b..8dfdee16aa 100644
---
a/core/src/main/java/org/apache/accumulo/core/security/crypto/SecretKeyEncryptionStrategy.java
+++
b/core/src/main/java/org/apache/accumulo/core/security/crypto/SecretKeyEncryptionStrategy.java
@@ -16,12 +16,14 @@
*/
package org.apache.accumulo.core.security.crypto;
+import java.io.IOException;
+
/**
*
*/
public interface SecretKeyEncryptionStrategy {
- CryptoModuleParameters encryptSecretKey(CryptoModuleParameters params);
+ CryptoModuleParameters encryptSecretKey(CryptoModuleParameters params)
throws IOException;
CryptoModuleParameters decryptSecretKey(CryptoModuleParameters params);
diff --git
a/
[GitHub] keith-turner commented on issue #315: ACCUMULO-4731 Improve exception handling if a key encryption key cannot be loaded
keith-turner commented on issue #315: ACCUMULO-4731 Improve exception handling if a key encryption key cannot be loaded URL: https://github.com/apache/accumulo/pull/315#issuecomment-359125432 Changes in this PR merged in 518c109. I did some minor fixups of unit test in 591c3a0dc9d3ba0eb12cba2328e8e5badc6c7f60 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Assigned] (ACCUMULO-4778) Resolving table name to table id is expensive
[ https://issues.apache.org/jira/browse/ACCUMULO-4778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller reassigned ACCUMULO-4778: Assignee: Michael Miller > Resolving table name to table id is expensive > - > > Key: ACCUMULO-4778 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4778 > Project: Accumulo > Issue Type: Bug >Affects Versions: 1.7.3, 1.8.1 >Reporter: Keith Turner >Assignee: Michael Miller >Priority: Major > Fix For: 2.0.0 > > > I was running a Fluo test application and profiling the tablet server and > Fluo worker. The Fluo worker does lots small scans against Accumulo. > Resolving table names to ids (which is done for each scan) was expensive > enough to make a significant showing in the profiling data. > I looked that the 1.8 code and it does the following to resolve a table name : > * reads over all cached table ids in zookeeper putting them in a treemap > * does a lookup in the treemap > Ideally the client code would keep a cache of name to id mappings and > invalidate them when something changes in zookeeper. The data in zookeeper > is stored by id, so it does need to be inverted to lookup by name. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Accumulo-Master - Build # 2239 - Fixed
The Apache Jenkins build system has built Accumulo-Master (build #2239) Status: Fixed Check console output at https://builds.apache.org/job/Accumulo-Master/2239/ to view the results.
[jira] [Resolved] (ACCUMULO-4587) Update jquery version for 1.7/1.8
[ https://issues.apache.org/jira/browse/ACCUMULO-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller resolved ACCUMULO-4587. -- Resolution: Fixed > Update jquery version for 1.7/1.8 > - > > Key: ACCUMULO-4587 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4587 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.2, 1.8.0 >Reporter: Sean Busbey >Assignee: Michael Miller >Priority: Critical > Fix For: 1.7.4, 1.9.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > right now we bundle jquery v 1.5.1, which has been EOL for years. > we can use the [jquery migrate > plugin|http://jquery.com/download/#jquery-migrate-plugin] to help update APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (ACCUMULO-4786) XML and JSON API links not consistent
[ https://issues.apache.org/jira/browse/ACCUMULO-4786?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christopher Tubbs updated ACCUMULO-4786: Fix Version/s: 2.0.0 > XML and JSON API links not consistent > -- > > Key: ACCUMULO-4786 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4786 > Project: Accumulo > Issue Type: Bug >Reporter: Michael Miller >Assignee: Michael Miller >Priority: Minor > Fix For: 2.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Links on the Monitor API should return the same info for JSON and XML -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (ACCUMULO-4784) Create builder methods for Connector to simplify client API
[ https://issues.apache.org/jira/browse/ACCUMULO-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christopher Tubbs updated ACCUMULO-4784: Fix Version/s: 2.0.0 > Create builder methods for Connector to simplify client API > --- > > Key: ACCUMULO-4784 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4784 > Project: Accumulo > Issue Type: Improvement > Components: client >Affects Versions: 2.0.0 > Environment: Currently, Connector objects are created using > ZookeeperInstance. Client code would be cleaner if it was created using > builder methods in Connector. >Reporter: Mike Walch >Assignee: Mike Walch >Priority: Major > Labels: pull-request-available > Fix For: 2.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Accumulo-Master - Build # 2238 - Unstable
The Apache Jenkins build system has built Accumulo-Master (build #2238) Status: Unstable Check console output at https://builds.apache.org/job/Accumulo-Master/2238/ to view the results.
[jira] [Resolved] (ACCUMULO-4741) Remove minified versions of JS and CSS
[ https://issues.apache.org/jira/browse/ACCUMULO-4741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller resolved ACCUMULO-4741. -- Resolution: Fixed > Remove minified versions of JS and CSS > --- > > Key: ACCUMULO-4741 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4741 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.3, 1.8.1, 2.0.0 >Reporter: Michael Miller >Assignee: Michael Miller >Priority: Minor > Fix For: 1.7.4, 1.9.0, 2.0.0 > > Time Spent: 50m > Remaining Estimate: 0h > > Only use the full versions of external JS and CSS resources. The minified > versions shouldn't really affect the Monitor performance and just complicate > the "Open source" culture of the project. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Accumulo-1.7 - Build # 398 - Fixed
The Apache Jenkins build system has built Accumulo-1.7 (build #398) Status: Fixed Check console output at https://builds.apache.org/job/Accumulo-1.7/398/ to view the results.
[jira] [Assigned] (ACCUMULO-4587) Update jquery version for 1.7/1.8
[ https://issues.apache.org/jira/browse/ACCUMULO-4587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller reassigned ACCUMULO-4587: Assignee: Michael Miller > Update jquery version for 1.7/1.8 > - > > Key: ACCUMULO-4587 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4587 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.2, 1.8.0 >Reporter: Sean Busbey >Assignee: Michael Miller >Priority: Critical > Fix For: 1.7.4, 1.9.0 > > > right now we bundle jquery v 1.5.1, which has been EOL for years. > we can use the [jquery migrate > plugin|http://jquery.com/download/#jquery-migrate-plugin] to help update APIs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (ACCUMULO-4741) Remove minified versions of JS and CSS
[ https://issues.apache.org/jira/browse/ACCUMULO-4741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller updated ACCUMULO-4741: - Fix Version/s: 1.9.0 1.7.4 > Remove minified versions of JS and CSS > --- > > Key: ACCUMULO-4741 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4741 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.3, 1.8.1, 2.0.0 >Reporter: Michael Miller >Assignee: Michael Miller >Priority: Minor > Fix For: 1.7.4, 1.9.0, 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Only use the full versions of external JS and CSS resources. The minified > versions shouldn't really affect the Monitor performance and just complicate > the "Open source" culture of the project. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (ACCUMULO-4741) Remove minified versions of JS and CSS
[ https://issues.apache.org/jira/browse/ACCUMULO-4741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller updated ACCUMULO-4741: - Affects Version/s: 1.7.3 1.8.1 > Remove minified versions of JS and CSS > --- > > Key: ACCUMULO-4741 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4741 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.3, 1.8.1, 2.0.0 >Reporter: Michael Miller >Assignee: Michael Miller >Priority: Minor > Fix For: 1.7.4, 1.9.0, 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Only use the full versions of external JS and CSS resources. The minified > versions shouldn't really affect the Monitor performance and just complicate > the "Open source" culture of the project. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Reopened] (ACCUMULO-4741) Remove minified versions of JS and CSS
[ https://issues.apache.org/jira/browse/ACCUMULO-4741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Miller reopened ACCUMULO-4741: -- Re-opening to do this in 1.7 and 1.8 as well. > Remove minified versions of JS and CSS > --- > > Key: ACCUMULO-4741 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4741 > Project: Accumulo > Issue Type: Improvement > Components: monitor >Affects Versions: 1.7.3, 1.8.1, 2.0.0 >Reporter: Michael Miller >Assignee: Michael Miller >Priority: Minor > Fix For: 1.7.4, 1.9.0, 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Only use the full versions of external JS and CSS resources. The minified > versions shouldn't really affect the Monitor performance and just complicate > the "Open source" culture of the project. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
