EncryptingEntity and EncryptedPartEntity should not close writeTo(OutputStream) (#333)

Stop closing supplied output streams in encrypting operations, it causes chunked requests to complete successfully in spite of exceptions being thrown. This resolves #332

Author: tjcelaya

java-manta-client/src/main/java/com/joyent/manta/client/crypto/EncryptingEntity.java

@@ -154,29 +154,26 @@ public void writeTo(final OutputStream httpOut) throws IOException {
 
         OutputStream out = EncryptingEntityHelper.makeCipherOutputForStream(
                 httpOut, encryptionContext);
-        try {
-            copyContentToOutputStream(out);
-            /* We don't close quietly because we want the operation to fail if
-             * there is an error closing out the CipherOutputStream. */
-            out.close();
-
-            if (out instanceof HmacOutputStream) {
-                final HMac hmac = ((HmacOutputStream) out).getHmac();
-                final int hmacSize = hmac.getMacSize();
-                final byte[] hmacBytes = new byte[hmacSize];
-                hmac.doFinal(hmacBytes, 0);
-
-                Validate.isTrue(hmacBytes.length == hmacSize,
-                        "HMAC actual bytes doesn't equal the number of bytes expected");
-
-                if (LOGGER.isDebugEnabled()) {
-                    LOGGER.debug("HMAC: {}", Hex.encodeHexString(hmacBytes));
-                }
-
-                httpOut.write(hmacBytes);
+
+        copyContentToOutputStream(out);
+        /* We don't close quietly because we want the operation to fail if
+         * there is an error closing out the CipherOutputStream. */
+        out.close();
+
+        if (out instanceof HmacOutputStream) {
+            final HMac hmac = ((HmacOutputStream) out).getHmac();
+            final int hmacSize = hmac.getMacSize();
+            final byte[] hmacBytes = new byte[hmacSize];
+            hmac.doFinal(hmacBytes, 0);
+
+            Validate.isTrue(hmacBytes.length == hmacSize,
+                    "HMAC actual bytes doesn't equal the number of bytes expected");
+
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace("HMAC: {}", Hex.encodeHexString(hmacBytes));
             }
-        } finally {
-            IOUtils.closeQuietly(httpOut);
+
+            httpOut.write(hmacBytes);
         }
     }
 

java-manta-client/src/main/java/com/joyent/manta/client/crypto/EncryptingPartEntity.java

@@ -140,7 +140,6 @@ public void writeTo(final OutputStream httpOut) throws IOException {
                 }
             }
         } finally {
-            IOUtils.closeQuietly(httpOut);
             IOUtils.closeQuietly(contentStream);
         }
     }

java-manta-client/src/test/java/com/joyent/manta/client/crypto/EncryptingEntityTest.java

@@ -9,6 +9,7 @@
 
 import com.joyent.manta.client.MantaObjectInputStream;
 import com.joyent.manta.client.MantaObjectResponse;
+import com.joyent.manta.config.DefaultsConfigContext;
 import com.joyent.manta.exception.MantaClientEncryptionException;
 import com.joyent.manta.http.MantaHttpHeaders;
 import com.joyent.manta.http.entity.ExposedStringEntity;
@@ -17,11 +18,13 @@
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.io.input.BoundedInputStream;
+import org.apache.commons.io.input.BrokenInputStream;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.RandomUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.conn.EofSensorInputStream;
+import org.apache.http.entity.InputStreamEntity;
 import org.bouncycastle.jcajce.io.CipherInputStream;
 import org.mockito.Mockito;
 import org.testng.Assert;
@@ -34,6 +37,7 @@
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.net.URL;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -116,6 +120,89 @@ public void canSurviveNetworkFailuresInAesCbc() throws Exception {
         canBeWrittenIdempotently(AesCbcCipherDetails.INSTANCE_128_BIT);
     }
 
+    /* Cipher-generic tests */
+
+    private void canBeWrittenIdempotently(final SupportedCipherDetails cipherDetails) throws Exception {
+        final SecretKey secretKey = SecretKeyUtils.generate(cipherDetails);
+        final String content = RandomStringUtils.randomAlphanumeric(RandomUtils.nextInt(500, 1500));
+        final ExposedStringEntity contentEntity = new ExposedStringEntity(
+                content,
+                StandardCharsets.UTF_8);
+
+        final ByteArrayOutputStream referenceEncrypted = new ByteArrayOutputStream(content.length());
+        {
+
+            final EncryptingEntity referenceEntity = new EncryptingEntity(
+                    secretKey,
+                    cipherDetails,
+                    contentEntity);
+
+            referenceEntity.writeTo(referenceEncrypted);
+            validateCiphertext(
+                    cipherDetails,
+                    secretKey,
+                    contentEntity.getBackingBuffer().array(),
+                    referenceEntity.getCipher().getIV(),
+                    referenceEncrypted.toByteArray());
+        }
+
+        final ByteArrayOutputStream retryEncrypted = new ByteArrayOutputStream(content.length());
+        final FailingOutputStream output = new FailingOutputStream(retryEncrypted, content.length() / 2);
+        {
+            final EncryptingEntity retryingEntity = new EncryptingEntity(
+                    secretKey,
+                    cipherDetails,
+                    contentEntity);
+
+            Assert.assertThrows(IOException.class, () -> {
+                retryingEntity.writeTo(output);
+            });
+
+            // clear the data written so we only see what makes it into the second request
+            retryEncrypted.reset();
+            output.setMinimumBytes(FailingOutputStream.NO_FAILURE);
+
+            retryingEntity.writeTo(output);
+            validateCiphertext(
+                    cipherDetails,
+                    secretKey,
+                    contentEntity.getBackingBuffer().array(),
+                    retryingEntity.getCipher().getIV(),
+                    retryEncrypted.toByteArray());
+        }
+    }
+
+    public void doesNotCloseSuppliedOutputStreamWhenWrittenSuccessfully() throws Exception {
+        final SupportedCipherDetails cipherDetails = DefaultsConfigContext.DEFAULT_CIPHER;
+        final SecretKey secretKey = SecretKeyUtils.generate(cipherDetails);
+        final String content = RandomStringUtils.randomAlphanumeric(RandomUtils.nextInt(500, 1500));
+        final ExposedStringEntity contentEntity = new ExposedStringEntity(
+                content,
+                StandardCharsets.UTF_8);
+
+        final EncryptingEntity encryptingEntity = new EncryptingEntity(
+                secretKey,
+                cipherDetails,
+                contentEntity);
+
+        final OutputStream output = Mockito.mock(OutputStream.class);
+        encryptingEntity.writeTo(output);
+        Mockito.verify(output, Mockito.never()).close();
+    }
+
+    public void doesNotCloseSuppliedOutputStreamWhenFailureOccurs() throws Exception {
+        final SupportedCipherDetails cipherDetails = DefaultsConfigContext.DEFAULT_CIPHER;
+        final SecretKey secretKey = SecretKeyUtils.generate(cipherDetails);
+        final EncryptingEntity encryptingEntity = new EncryptingEntity(
+                secretKey,
+                cipherDetails,
+                new InputStreamEntity(new BrokenInputStream(new IOException("bad input"))));
+
+        final OutputStream output = Mockito.mock(OutputStream.class);
+        Assert.assertThrows(IOException.class, () -> encryptingEntity.writeTo(output));
+        Mockito.verify(output, Mockito.never()).close();
+    }
+
     /* Test helper methods */
 
     private void canCountBytesFromStreamWithUnknownLength(SupportedCipherDetails cipherDetails)
@@ -228,56 +315,6 @@ private static void verifyEncryptionWorksRoundTrip(byte[] keyBytes,
         }
     }
 
-    private void canBeWrittenIdempotently(final SupportedCipherDetails cipherDetails) throws Exception {
-        final SecretKey secretKey = SecretKeyUtils.generate(cipherDetails);
-        final String content = RandomStringUtils.randomAlphanumeric(RandomUtils.nextInt(500, 1500));
-        final ExposedStringEntity contentEntity = new ExposedStringEntity(
-                content,
-                StandardCharsets.UTF_8);
-
-        final ByteArrayOutputStream referenceEncrypted = new ByteArrayOutputStream(content.length());
-        {
-
-            final EncryptingEntity referenceEntity = new EncryptingEntity(
-                    secretKey,
-                    cipherDetails,
-                    contentEntity);
-
-            referenceEntity.writeTo(referenceEncrypted);
-            validateCiphertext(
-                    cipherDetails,
-                    secretKey,
-                    contentEntity.getBackingBuffer().array(),
-                    referenceEntity.getCipher().getIV(),
-                    referenceEncrypted.toByteArray());
-        }
-
-        final ByteArrayOutputStream retryEncrypted = new ByteArrayOutputStream(content.length());
-        final FailingOutputStream output = new FailingOutputStream(retryEncrypted, content.length() / 2);
-        {
-            final EncryptingEntity retryingEntity = new EncryptingEntity(
-                    secretKey,
-                    cipherDetails,
-                    contentEntity);
-
-            Assert.assertThrows(IOException.class, () -> {
-                retryingEntity.writeTo(output);
-            });
-
-            // clear the data written so we only see what makes it into the second request
-            retryEncrypted.reset();
-            output.setMinimumBytes(FailingOutputStream.NO_FAILURE);
-
-            retryingEntity.writeTo(output);
-            validateCiphertext(
-                    cipherDetails,
-                    secretKey,
-                    contentEntity.getBackingBuffer().array(),
-                    retryingEntity.getCipher().getIV(),
-                    retryEncrypted.toByteArray());
-        }
-    }
-
     private void validateCiphertext(SupportedCipherDetails cipherDetails,
                                     SecretKey secretKey,
                                     byte[] plaintext,

java-manta-client/src/test/java/com/joyent/manta/client/multipart/EncryptingPartEntityTest.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2017, Joyent, Inc. All rights reserved.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+package com.joyent.manta.client.multipart;
+
+import com.joyent.manta.client.crypto.EncryptingEntityHelper;
+import com.joyent.manta.client.crypto.EncryptingPartEntity;
+import com.joyent.manta.client.crypto.EncryptionContext;
+import com.joyent.manta.client.crypto.SecretKeyUtils;
+import com.joyent.manta.client.crypto.SupportedCipherDetails;
+import com.joyent.manta.config.DefaultsConfigContext;
+import com.joyent.manta.http.entity.ExposedStringEntity;
+import org.apache.commons.io.input.BrokenInputStream;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.http.entity.InputStreamEntity;
+import org.mockito.Mockito;
+import org.testng.Assert;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+
+@Test
+public class EncryptingPartEntityTest {
+
+    private EncryptionState state;
+
+    private static final ByteArrayOutputStream BYTE_ARRAY_OUTPUT_STREAM_EMPTY = new ByteArrayOutputStream(0);
+
+    private static final EncryptingPartEntity.LastPartCallback CALLBACK_NOOP =
+            new EncryptingPartEntity.LastPartCallback() {
+                @Override
+                public ByteArrayOutputStream call(final long uploadedBytes) throws IOException {
+                    return BYTE_ARRAY_OUTPUT_STREAM_EMPTY;
+                }
+            };
+
+    @BeforeMethod
+    public void setup() throws Exception {
+        final SupportedCipherDetails cipherDetails = DefaultsConfigContext.DEFAULT_CIPHER;
+        state = new EncryptionState(new EncryptionContext(SecretKeyUtils.generate(cipherDetails), cipherDetails));
+
+        state.setMultipartStream(
+                new MultipartOutputStream(
+                        state.getEncryptionContext().getCipherDetails().getBlockSizeInBytes()));
+        state.setCipherStream(
+                EncryptingEntityHelper.makeCipherOutputForStream(
+                        state.getMultipartStream(),
+                        state.getEncryptionContext()));
+    }
+
+    public void doesNotCloseSuppliedOutputStreamWhenFailureOccurs() throws Exception {
+        final ExposedStringEntity contentEntity = new ExposedStringEntity(
+                RandomStringUtils.randomAlphanumeric(RandomUtils.nextInt(500, 1500)),
+                StandardCharsets.UTF_8);
+
+        final EncryptingPartEntity encryptingPartEntity = new EncryptingPartEntity(
+                state.getCipherStream(),
+                state.getMultipartStream(),
+                contentEntity,
+                CALLBACK_NOOP);
+
+        final OutputStream output = Mockito.mock(OutputStream.class);
+        encryptingPartEntity.writeTo(output);
+        Mockito.verify(output, Mockito.never()).close();
+    }
+
+    public void doesNotCloseSuppliedOutputStreamWhenWrittenSuccessfully() throws Exception {
+        final EncryptingPartEntity encryptingPartEntity = new EncryptingPartEntity(
+                state.getCipherStream(),
+                state.getMultipartStream(),
+                new InputStreamEntity(new BrokenInputStream(new IOException("bad input"))),
+                CALLBACK_NOOP);
+
+        final OutputStream output = Mockito.mock(OutputStream.class);
+        Assert.assertThrows(IOException.class, () -> encryptingPartEntity.writeTo(output));
+        Mockito.verify(output, Mockito.never()).close();
+    }
+
+}