[jboss-jira] [JBoss JIRA] (JGRP-1531) Message Headers Not Encrypted

Edward Sutter (JIRA) jira-events at lists.jboss.org
Wed Oct 31 17:03:18 EDT 2012 

    [ https://issues.jboss.org/browse/JGRP-1531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12730617#comment-12730617 ] 

Edward Sutter commented on JGRP-1531:
-------------------------------------

I was able to test the fix and it looks like it is working.  Is there a nightly build available?  I want to be sure that I stay compliant with the license and I'm not clear if downloading the source, building myself, and including the jar in our product is within the terms of the license.  Obviously no changes to source have been made.
                
> Message Headers Not Encrypted
> -----------------------------
>
>                 Key: JGRP-1531
>                 URL: https://issues.jboss.org/browse/JGRP-1531
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 3.1
>            Reporter: Edward Sutter
>            Assignee: Bela Ban
>             Fix For: 3.3
>
>
> I am running 3.1.0-FINAL and have observed that message headers are not
> being encrypted even though the "encrypt_entire_message" option is set to
> true.  After stepping through the code I suspect that the headers are being
> appended to the output stream that is used at the TCP layer.
> Specifically...
> org.jgroups.protocols.ENCRYPT.sendDown(Event evt) will encrypt the message
> (including headers) and send down the stack via this block...
> {code}
> private void sendDown(Event evt) throws Exception {
> ...
>         EncryptHeader hdr=new EncryptHeader(EncryptHeader.ENCRYPT, getSymVersion());
>         hdr.encrypt_entire_msg=this.encrypt_entire_message;
>         if(encrypt_entire_message) {
>             byte[] serialized_msg=Util.streamableToByteBuffer(msg);
>             byte[] encrypted_msg=encryptMessage(symEncodingCipher,
>                                                 serialized_msg,
>                                                 0,
>                                                 serialized_msg.length);
>             Message tmp=msg.copy(false); // we need to preserve headers which may already be present
>             tmp.setBuffer(encrypted_msg);
>             if(tmp.getSrc() == null)
>                 tmp.setSrc(local_addr);
>             tmp.putHeader(this.id, hdr);
>             passItDown(new Event(Event.MSG, tmp));
>             return;
>         }
> ...
> }
> {code}
> Note that the unencrypted headers are preserved even though the encrypted
> headers are included in "encrypted_msg".
> Later on, org.jgroups.protocols.TP.writeMessage(Message msg, DataOutputStream dos, boolean multicast) will call
> Message.writeTo(DataOutput) to build the message that is sent.  The problem
> seems to be that Message.writeTo(DataOutput) will include the encrypted
> byte[] (expected) but also include the unencrypted headers that were
> preserved.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list