cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aadamc...@apache.org
Subject svn commit: r1584632 - in /cayenne/main/trunk/cayenne-crypto/src: main/java/org/apache/cayenne/crypto/ main/java/org/apache/cayenne/crypto/key/ test/java/org/apache/cayenne/crypto/ test/java/org/apache/cayenne/crypto/key/
Date Fri, 04 Apr 2014 12:04:41 GMT
Author: aadamchik
Date: Fri Apr  4 12:04:41 2014
New Revision: 1584632

URL: http://svn.apache.org/r1584632
Log:
CAY-1916 cayenne-crypto module that enables data encryption for certain model attributes

* builder cleanup
* fixing tests

Modified:
    cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoConstants.java
    cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoModuleBuilder.java
    cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/key/JceksKeySource.java
    cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/CryptoModuleBuilderTest.java
    cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/Runtime_AES128_Test.java
    cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/key/JceksKeySourceTest.java

Modified: cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoConstants.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoConstants.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoConstants.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoConstants.java
Fri Apr  4 12:04:41 2014
@@ -49,13 +49,13 @@ public interface CryptoConstants {
     public static final String KEYSTORE_URL = "cayenne.crypto.keystore.url";
 
     /**
-     * A password to access a secret key within the keystore.
+     * A password to access all secret keys within the keystore.
      */
     public static final String KEY_PASSWORD = "cayenne.crypto.key.password";
 
     /**
      * A symbolic name of the default encryption key in the keystore.
      */
-    public static final String DEFAULT_KEY_ALIAS = "cayenne.crypto.key.defaultalias";
+    public static final String ENCRYPTION_KEY_ALIAS = "cayenne.crypto.key.enc.alias";
 
 }

Modified: cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoModuleBuilder.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoModuleBuilder.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoModuleBuilder.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/CryptoModuleBuilder.java
Fri Apr  4 12:04:41 2014
@@ -74,8 +74,7 @@ public class CryptoModuleBuilder {
     private Class<? extends KeySource> keySourceType;
     private KeySource keySource;
 
-    private String defaultKeyAlias;
-
+    private String encryptionKeyAlias;
     private char[] keyPassword;
 
     public CryptoModuleBuilder() {
@@ -114,7 +113,7 @@ public class CryptoModuleBuilder {
         this.valueTransformerFactoryType = factoryType;
         return this;
     }
-    
+
     public CryptoModuleBuilder bytesTransformer(Class<? extends BytesTransformerFactory>
factoryType) {
         this.bytesTransformerFactoryType = factoryType;
         return this;
@@ -142,19 +141,21 @@ public class CryptoModuleBuilder {
     }
 
     /**
-     * Sets a password that unlocks a secret key.
-     */
-    public CryptoModuleBuilder keyPassword(char[] password) {
-        this.keyPassword = password;
-        return this;
-    }
-
-    /**
-     * Instructs builder to use a given file to load keystore data. The KeyStore
-     * must be of "jceks" type and contain all needed secret keys for the target
-     * database.
+     * Configures keystore parameters. The KeyStore must be of "jceks" type and
+     * contain all needed secret keys for the target database. Currently all
+     * keys must be protected with the same password.
+     * 
+     * @param file
+     *            A file to load keystore from.
+     * @param passwordForAllKeys
+     *            A password that unlocks all keys in the keystore.
+     * @param encryptionKeyAlias
+     *            The name of the key in the keystore that should be used for
+     *            encryption by default.
      */
-    public CryptoModuleBuilder keyStore(File file) {
+    public CryptoModuleBuilder keyStore(File file, char[] passwordForAllKeys, String encryptionKeyAlias)
{
+        this.encryptionKeyAlias = encryptionKeyAlias;
+        this.keyPassword = passwordForAllKeys;
         this.keyStoreUrl = null;
         this.keyStoreUrlString = null;
         this.keyStoreFile = file;
@@ -162,11 +163,21 @@ public class CryptoModuleBuilder {
     }
 
     /**
-     * Instructs builder to use a given URL to load keystore data. The KeyStore
-     * must be of "jceks" type and contain all needed secret keys for the target
-     * database.
+     * Configures keystore parameters. The KeyStore must be of "jceks" type and
+     * contain all needed secret keys for the target database. Currently all
+     * keys must be protected with the same password.
+     * 
+     * @param url
+     *            A URL to load keystore from.
+     * @param passwordForAllKeys
+     *            A password that unlocks all keys in the keystore.
+     * @param encryptionKeyAlias
+     *            The name of the key in the keystore that should be used for
+     *            encryption by default.
      */
-    public CryptoModuleBuilder keyStore(String url) {
+    public CryptoModuleBuilder keyStore(String url, char[] passwordForAllKeys, String encryptionKeyAlias)
{
+        this.encryptionKeyAlias = encryptionKeyAlias;
+        this.keyPassword = passwordForAllKeys;
         this.keyStoreUrl = null;
         this.keyStoreUrlString = url;
         this.keyStoreFile = null;
@@ -174,11 +185,21 @@ public class CryptoModuleBuilder {
     }
 
     /**
-     * Instructs builder to use a given URL to load keystore data. The KeyStore
-     * must be of "jceks" type and contain all needed secret keys for the target
-     * database.
+     * Configures keystore parameters. The KeyStore must be of "jceks" type and
+     * contain all needed secret keys for the target database. Currently all
+     * keys must be protected with the same password.
+     * 
+     * @param url
+     *            A URL to load keystore from.
+     * @param passwordForAllKeys
+     *            A password that unlocks all keys in the keystore.
+     * @param encryptionKeyAlias
+     *            The name of the key in the keystore that should be used for
+     *            encryption by default.
      */
-    public CryptoModuleBuilder keyStore(URL url) {
+    public CryptoModuleBuilder keyStore(URL url, char[] passwordForAllKeys, String encryptionKeyAlias)
{
+        this.encryptionKeyAlias = encryptionKeyAlias;
+        this.keyPassword = passwordForAllKeys;
         this.keyStoreUrl = url;
         this.keyStoreUrlString = null;
         this.keyStoreFile = null;
@@ -197,11 +218,6 @@ public class CryptoModuleBuilder {
         return this;
     }
 
-    public CryptoModuleBuilder defaultKeyAlias(String defaultKeyAlias) {
-        this.defaultKeyAlias = defaultKeyAlias;
-        return this;
-    }
-
     /**
      * Produces a module that can be used to start Cayenne runtime.
      */
@@ -247,8 +263,8 @@ public class CryptoModuleBuilder {
                     props.put(CryptoConstants.KEYSTORE_URL, keyStoreUrl);
                 }
 
-                if (defaultKeyAlias != null) {
-                    props.put(CryptoConstants.DEFAULT_KEY_ALIAS, defaultKeyAlias);
+                if (encryptionKeyAlias != null) {
+                    props.put(CryptoConstants.ENCRYPTION_KEY_ALIAS, encryptionKeyAlias);
                 }
 
                 // char[] credentials... stored as char[] to potentially allow

Modified: cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/key/JceksKeySource.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/key/JceksKeySource.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/key/JceksKeySource.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/main/java/org/apache/cayenne/crypto/key/JceksKeySource.java
Fri Apr  4 12:04:41 2014
@@ -65,10 +65,10 @@ public class JceksKeySource implements K
             throw new CayenneCryptoException("Error loading keystore at " + keyStoreUrl,
e);
         }
 
-        this.defaultKeyAlias = properties.get(CryptoConstants.DEFAULT_KEY_ALIAS);
+        this.defaultKeyAlias = properties.get(CryptoConstants.ENCRYPTION_KEY_ALIAS);
         if (defaultKeyAlias == null) {
             throw new CayenneCryptoException("Default key alias is not set. Property name:
"
-                    + CryptoConstants.DEFAULT_KEY_ALIAS);
+                    + CryptoConstants.ENCRYPTION_KEY_ALIAS);
         }
     }
 

Modified: cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/CryptoModuleBuilderTest.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/CryptoModuleBuilderTest.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/CryptoModuleBuilderTest.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/CryptoModuleBuilderTest.java
Fri Apr  4 12:04:41 2014
@@ -21,6 +21,7 @@ package org.apache.cayenne.crypto;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
+import java.net.URL;
 import java.security.Key;
 
 import org.apache.cayenne.crypto.key.JceksKeySourceTest;
@@ -35,9 +36,10 @@ public class CryptoModuleBuilderTest {
 
     @Test
     public void testBuild_KeySource() {
-        Module m = new CryptoModuleBuilder().keyPassword(JceksKeySourceTest.TEST_KEY_PASS)
-                .keyStore(JceksKeySourceTest.class.getResource(JceksKeySourceTest.KS1_JCEKS))
-                .valueTransformer(DefaultValueTransformerFactory.class).defaultKeyAlias("k1").build();
+
+        URL ksUrl = JceksKeySourceTest.class.getResource(JceksKeySourceTest.KS1_JCEKS);
+        Module m = new CryptoModuleBuilder().keyStore(ksUrl, JceksKeySourceTest.TEST_KEY_PASS,
"k1")
+                .valueTransformer(DefaultValueTransformerFactory.class).build();
 
         Injector injector = DIBootstrap.createInjector(m);
 

Modified: cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/Runtime_AES128_Test.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/Runtime_AES128_Test.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/Runtime_AES128_Test.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/Runtime_AES128_Test.java
Fri Apr  4 12:04:41 2014
@@ -21,6 +21,7 @@ package org.apache.cayenne.crypto;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 
+import java.net.URL;
 import java.sql.SQLException;
 import java.util.HashMap;
 import java.util.List;
@@ -30,6 +31,7 @@ import org.apache.cayenne.ObjectContext;
 import org.apache.cayenne.configuration.server.ServerRuntime;
 import org.apache.cayenne.crypto.db.Table1;
 import org.apache.cayenne.crypto.db.Table2;
+import org.apache.cayenne.crypto.key.JceksKeySourceTest;
 import org.apache.cayenne.crypto.unit.CryptoUnitUtils;
 import org.apache.cayenne.di.Module;
 import org.apache.cayenne.query.SelectQuery;
@@ -48,7 +50,8 @@ public class Runtime_AES128_Test {
     @Before
     public void setUp() throws Exception {
 
-        Module crypto = new CryptoModuleBuilder().build();
+        URL keyStoreUrl = JceksKeySourceTest.class.getResource(JceksKeySourceTest.KS1_JCEKS);
+        Module crypto = new CryptoModuleBuilder().keyStore(keyStoreUrl, JceksKeySourceTest.TEST_KEY_PASS,
"k1").build();
 
         this.runtime = new ServerRuntime("cayenne-crypto.xml", crypto);
 

Modified: cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/key/JceksKeySourceTest.java
URL: http://svn.apache.org/viewvc/cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/key/JceksKeySourceTest.java?rev=1584632&r1=1584631&r2=1584632&view=diff
==============================================================================
--- cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/key/JceksKeySourceTest.java
(original)
+++ cayenne/main/trunk/cayenne-crypto/src/test/java/org/apache/cayenne/crypto/key/JceksKeySourceTest.java
Fri Apr  4 12:04:41 2014
@@ -51,7 +51,7 @@ public class JceksKeySourceTest {
 
         Map<String, String> props = new HashMap<String, String>();
         props.put(CryptoConstants.KEYSTORE_URL, url.toExternalForm());
-        props.put(CryptoConstants.DEFAULT_KEY_ALIAS, "k2");
+        props.put(CryptoConstants.ENCRYPTION_KEY_ALIAS, "k2");
 
         Map<String, char[]> creds = new HashMap<String, char[]>();
         creds.put(CryptoConstants.KEY_PASSWORD, TEST_KEY_PASS);



Mime
View raw message