HADOOP-11311. Restrict uppercase key names from being created with JCEKS.

This commit is contained in:
Andrew Wang 2014-11-17 13:59:46 -08:00
parent 351c5561c2
commit 48d62fad80
3 changed files with 17 additions and 0 deletions

View File

@ -444,6 +444,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11157. ZKDelegationTokenSecretManager never shuts down HADOOP-11157. ZKDelegationTokenSecretManager never shuts down
listenerThreadPool. (Arun Suresh via atm) listenerThreadPool. (Arun Suresh via atm)
HADOOP-11311. Restrict uppercase key names from being created with JCEKS.
(wang)
Release 2.6.0 - 2014-11-18 Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -18,6 +18,7 @@
package org.apache.hadoop.crypto.key; package org.apache.hadoop.crypto.key;
import com.google.common.base.Preconditions;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.classification.InterfaceAudience.Private;
@ -423,6 +424,8 @@ public Metadata getMetadata(String name) throws IOException {
@Override @Override
public KeyVersion createKey(String name, byte[] material, public KeyVersion createKey(String name, byte[] material,
Options options) throws IOException { Options options) throws IOException {
Preconditions.checkArgument(name.equals(name.toLowerCase()),
"Uppercase key names are unsupported: %s", name);
writeLock.lock(); writeLock.lock();
try { try {
try { try {

View File

@ -33,6 +33,7 @@
import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.ProviderUtils; import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -328,6 +329,16 @@ public void testJksProvider() throws Exception {
// check permission retention after explicit change // check permission retention after explicit change
fs.setPermission(path, new FsPermission("777")); fs.setPermission(path, new FsPermission("777"));
checkPermissionRetention(conf, ourUrl, path); checkPermissionRetention(conf, ourUrl, path);
// Check that an uppercase keyname results in an error
provider = KeyProviderFactory.getProviders(conf).get(0);
try {
provider.createKey("UPPERCASE", KeyProvider.options(conf));
Assert.fail("Expected failure on creating key name with uppercase " +
"characters");
} catch (IllegalArgumentException e) {
GenericTestUtils.assertExceptionContains("Uppercase key names", e);
}
} }
private void verifyAfterReload(File file, KeyProvider provider) private void verifyAfterReload(File file, KeyProvider provider)