Merge branch '3.1.x' into upstream-3.1.x

tjcelaya · tjcelaya · commit 87a46314b184 · 2018-01-10T12:22:30.000-08:00
diff --git a/java-manta-client/src/main/java/com/joyent/manta/client/crypto/MantaEncryptedObjectInputStream.java b/java-manta-client/src/main/java/com/joyent/manta/client/crypto/MantaEncryptedObjectInputStream.java
@@ -14,7 +14,6 @@
 import com.joyent.manta.http.MantaHttpHeaders;
 import com.joyent.manta.util.NotThreadSafe;
 import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.io.IOUtils;
 import org.apache.commons.io.input.BoundedInputStream;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.Validate;
@@ -26,16 +25,16 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.crypto.AEADBadTagException;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.function.Supplier;
+import javax.crypto.AEADBadTagException;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
 
 /**
  * <p>An {@link InputStream} implementation that decrypts client-side encrypted
@@ -721,37 +720,39 @@ public void close() throws IOException {
         readRemainingBytes();
 
         try {
-            IOUtils.closeQuietly(cipherInputStream);
+            cipherInputStream.close();
         } catch (Exception e) {
             LOGGER.warn("Error closing CipherInputStream", e);
         }
 
-        if (hmac != null && authenticateCiphertext) {
-            byte[] checksum = new byte[hmac.getMacSize()];
-            hmac.doFinal(checksum, 0);
-            byte[] expected = readHmacFromEndOfStream();
-
-            if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug("Calculated HMAC is: {}", Hex.encodeHexString(checksum));
-            }
+        try {
+            if (hmac != null && authenticateCiphertext) {
+                byte[] checksum = new byte[hmac.getMacSize()];
+                hmac.doFinal(checksum, 0);
+                byte[] expected = readHmacFromEndOfStream();
 
-            if (super.getBackingStream().read() >= 0) {
-                MantaIOException e = new MantaIOException("More bytes were available than the "
-                        + "expected HMAC length");
-                annotateException(e);
-                throw e;
-            }
+                if (LOGGER.isDebugEnabled()) {
+                    LOGGER.debug("Calculated HMAC is: {}", Hex.encodeHexString(checksum));
+                }
 
-            super.close();
+                if (super.getBackingStream().read() >= 0) {
+                    MantaIOException e = new MantaIOException("More bytes were available than the "
+                            + "expected HMAC length");
+                    annotateException(e);
+                    throw e;
+                }
 
-            if (!Arrays.equals(expected, checksum)) {
-                MantaClientEncryptionCiphertextAuthenticationException e =
-                        new MantaClientEncryptionCiphertextAuthenticationException();
-                annotateException(e);
-                e.setContextValue("expected", Hex.encodeHexString(expected));
-                e.setContextValue("checksum", Hex.encodeHexString(checksum));
-                throw e;
+                if (!Arrays.equals(expected, checksum)) {
+                    MantaClientEncryptionCiphertextAuthenticationException e =
+                            new MantaClientEncryptionCiphertextAuthenticationException();
+                    annotateException(e);
+                    e.setContextValue("expected", Hex.encodeHexString(expected));
+                    e.setContextValue("checksum", Hex.encodeHexString(checksum));
+                    throw e;
+                }
             }
+        } finally {
+            super.close();
         }
     }
 
diff --git a/java-manta-client/src/test/java/com/joyent/manta/client/crypto/IncompleteByteReadInputStream.java b/java-manta-client/src/test/java/com/joyent/manta/client/crypto/IncompleteByteReadInputStream.java
@@ -43,4 +43,9 @@ public int read(byte[] b, int off, int len) throws IOException {
             return wrapped.read(b, off, len);
         }
     }
+
+    @Override
+    public void close() throws IOException {
+        wrapped.close();
+    }
 }
diff --git a/java-manta-client/src/test/java/com/joyent/manta/client/crypto/MantaEncryptedObjectInputStreamTest.java b/java-manta-client/src/test/java/com/joyent/manta/client/crypto/MantaEncryptedObjectInputStreamTest.java
@@ -26,8 +26,6 @@
 import org.testng.AssertJUnit;
 import org.testng.annotations.Test;
 
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -48,6 +46,8 @@
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.UUID;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
 
 import static java.nio.file.StandardOpenOption.READ;
 import static java.nio.file.StandardOpenOption.WRITE;
@@ -813,8 +813,10 @@ private void canCopyToOutputStreamWithLargeBuffer(SupportedCipherDetails cipherD
         final long ciphertextSize = encryptedFile.file.length();
 
         InputStream backing = new FileInputStream(encryptedFile.file);
+        final InputStream inSpy = Mockito.spy(backing);
+
         MantaEncryptedObjectInputStream in = createEncryptedObjectInputStream(
-                key, backing, ciphertextSize, cipherDetails, iv, authenticate,
+                key, inSpy, ciphertextSize, cipherDetails, iv, authenticate,
                 sourceLength);
         ByteArrayOutputStream out = new ByteArrayOutputStream();
 
@@ -829,6 +831,7 @@ private void canCopyToOutputStreamWithLargeBuffer(SupportedCipherDetails cipherD
         }
 
         AssertJUnit.assertArrayEquals(sourceBytes, out.toByteArray());
+        Mockito.verify(inSpy, Mockito.atLeastOnce()).close();
     }
 
     /**
@@ -897,8 +900,9 @@ private void canDecryptEntireObject(SupportedCipherDetails cipherDetails,
         EncryptedFile encryptedFile = encryptedFile(key, cipherDetails, this.plaintextSize);
         long ciphertextSize = encryptedFile.file.length();
 
-        FileInputStream in = new FileInputStream(encryptedFile.file);
-        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, in,
+        final FileInputStream in = new FileInputStream(encryptedFile.file);
+        final FileInputStream inSpy = Mockito.spy(in);
+        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, inSpy,
                 ciphertextSize, cipherDetails, encryptedFile.cipher.getIV(), authenticate,
                 (long)this.plaintextSize);
 
@@ -911,6 +915,8 @@ private void canDecryptEntireObject(SupportedCipherDetails cipherDetails,
         } finally {
             min.close();
         }
+
+        Mockito.verify(inSpy, Mockito.atLeastOnce()).close();
     }
 
     /**
@@ -1007,12 +1013,15 @@ private void canReadByteRange(SupportedCipherDetails cipherDetails,
             byte[] rangedBytes = new byte[(int)ciphertextByteRangeLength];
             randomAccessFile.read(rangedBytes);
 
-            try (ByteArrayInputStream bin = new ByteArrayInputStream(rangedBytes);
+            final ByteArrayInputStream bin = new ByteArrayInputStream(rangedBytes);
+            final ByteArrayInputStream binSpy = Mockito.spy(bin);
+
+            try (
                 /* When creating the fake stream, we feed it a content-length equal
                  * to the size of the byte range because that is what Manta would
                  * do. Also, we pass along the incorrect plaintext length and
                  * test how the stream handles incorrect values of plaintext length. */
-                 MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, bin,
+                 MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, binSpy,
                          ciphertextByteRangeLength, cipherDetails, encryptedFile.cipher.getIV(),
                     false, (long)this.plaintextSize,
                          initialSkipBytes,
@@ -1031,6 +1040,8 @@ private void canReadByteRange(SupportedCipherDetails cipherDetails,
                             new String(actual, StandardCharsets.UTF_8)));
                 }
             }
+
+            Mockito.verify(binSpy, Mockito.atLeastOnce()).close();
         }
     }
 
@@ -1041,8 +1052,9 @@ private void canReadObject(SupportedCipherDetails cipherDetails,
         EncryptedFile encryptedFile = encryptedFile(key, cipherDetails, this.plaintextSize);
         long ciphertextSize = encryptedFile.file.length();
 
-        FileInputStream in = new FileInputStream(encryptedFile.file);
-        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, in,
+        final FileInputStream in = new FileInputStream(encryptedFile.file);
+        final FileInputStream inSpy = Mockito.spy(in);
+        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, inSpy,
                 ciphertextSize, cipherDetails, encryptedFile.cipher.getIV(),
                 authenticate, (long)this.plaintextSize);
 
@@ -1051,6 +1063,7 @@ private void canReadObject(SupportedCipherDetails cipherDetails,
             readBytes.readAll(min, actual);
         } finally {
             min.close();
+            Mockito.verify(inSpy, Mockito.atLeastOnce()).close();
         }
     }
 
@@ -1070,8 +1083,9 @@ private void willThrowExceptionWhenCiphertextIsAltered(SupportedCipherDetails ci
 
         boolean thrown = false;
 
-        FileInputStream in = new FileInputStream(encryptedFile.file);
-        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, in,
+        final FileInputStream in = new FileInputStream(encryptedFile.file);
+        final FileInputStream inSpy = Mockito.spy(in);
+        MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, inSpy,
                 ciphertextSize, cipherDetails, encryptedFile.cipher.getIV(),
                 true, (long)this.plaintextSize);
 
@@ -1081,6 +1095,7 @@ private void willThrowExceptionWhenCiphertextIsAltered(SupportedCipherDetails ci
             min.close();
         }  catch (MantaClientEncryptionCiphertextAuthenticationException e) {
             thrown = true;
+            Mockito.verify(inSpy, Mockito.atLeastOnce()).close();
             System.out.printf(" Exception thrown: %s\n", e.getMessage());
         }
 
@@ -1096,8 +1111,10 @@ private void willErrorWhenMissingHMAC(final SupportedCipherDetails cipherDetails
 
         boolean thrown = false;
 
-        try (FileInputStream fin = new FileInputStream(encryptedFile.file);
-             BoundedInputStream in = new BoundedInputStream(fin, ciphertextSizeWithoutHmac);
+        final FileInputStream fin = new FileInputStream(encryptedFile.file);
+        final FileInputStream finSpy = Mockito.spy(fin);
+
+        try (BoundedInputStream in = new BoundedInputStream(finSpy, ciphertextSizeWithoutHmac);
              MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, in,
                      ciphertextSize, cipherDetails, encryptedFile.cipher.getIV(),
                      true, (long)this.plaintextSize)) {
@@ -1112,6 +1129,7 @@ private void willErrorWhenMissingHMAC(final SupportedCipherDetails cipherDetails
             }
         }
 
+        Mockito.verify(finSpy, Mockito.atLeastOnce()).close();
         Assert.assertTrue(thrown, "Expected MantaIOException was not thrown");
     }
 
@@ -1121,15 +1139,19 @@ private void willValidateIfHmacIsReadInMultipleReads(final SupportedCipherDetail
         EncryptedFile encryptedFile = encryptedFile(key, cipherDetails, this.plaintextSize);
         long ciphertextSize = encryptedFile.file.length();
 
-        try (FileInputStream fin = new FileInputStream(encryptedFile.file);
-             IncompleteByteReadInputStream ibrin = new IncompleteByteReadInputStream(fin);
+        final FileInputStream fin = new FileInputStream(encryptedFile.file);
+        final FileInputStream finSpy = Mockito.spy(fin);
+        try (IncompleteByteReadInputStream ibrin = new IncompleteByteReadInputStream(finSpy);
              MantaEncryptedObjectInputStream min = createEncryptedObjectInputStream(key, ibrin,
                      ciphertextSize, cipherDetails, encryptedFile.cipher.getIV(),
                      true, (long)this.plaintextSize);
              OutputStream out = new NullOutputStream()) {
 
             IOUtils.copy(min, out);
         }
+
+        fin.close();
+        Mockito.verify(finSpy, Mockito.atLeastOnce()).close();
     }
 
     private EncryptedFile encryptedFile(

Original file line number	Diff line number	Diff line change
`@@ -43,4 +43,9 @@ public int read(byte[] b, int off, int len) throws IOException {`
`43`	`43`	`return wrapped.read(b, off, len);`
`44`	`44`	`}`
`45`	`45`	`}`
	`46`	`+`
	`47`	`+ @Override`
	`48`	`+ public void close() throws IOException {`
	`49`	`+ wrapped.close();`
	`50`	`+ }`
`46`	`51`	`}`