HADOOP-11311. Restrict uppercase key names from being created with JCEKS.

(cherry picked from commit 48d62fad80)
This commit is contained in:
Andrew Wang 2014-11-17 13:59:46 -08:00
parent 7b2a884077
commit 1deefa6cf1
3 changed files with 17 additions and 0 deletions

View File

@ -88,6 +88,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11157. ZKDelegationTokenSecretManager never shuts down
listenerThreadPool. (Arun Suresh via atm)
HADOOP-11311. Restrict uppercase key names from being created with JCEKS.
(wang)
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES

View File

@ -18,6 +18,7 @@
package org.apache.hadoop.crypto.key;
import com.google.common.base.Preconditions;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceAudience.Private;
@ -423,6 +424,8 @@ public class JavaKeyStoreProvider extends KeyProvider {
@Override
public KeyVersion createKey(String name, byte[] material,
Options options) throws IOException {
Preconditions.checkArgument(name.equals(name.toLowerCase()),
"Uppercase key names are unsupported: %s", name);
writeLock.lock();
try {
try {

View File

@ -33,6 +33,7 @@ import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@ -328,6 +329,16 @@ public class TestKeyProviderFactory {
// check permission retention after explicit change
fs.setPermission(path, new FsPermission("777"));
checkPermissionRetention(conf, ourUrl, path);
// Check that an uppercase keyname results in an error
provider = KeyProviderFactory.getProviders(conf).get(0);
try {
provider.createKey("UPPERCASE", KeyProvider.options(conf));
Assert.fail("Expected failure on creating key name with uppercase " +
"characters");
} catch (IllegalArgumentException e) {
GenericTestUtils.assertExceptionContains("Uppercase key names", e);
}
}
private void verifyAfterReload(File file, KeyProvider provider)