modules/core/src/test/java/org/apache/ignite/internal/encryption/MasterKeyChangeConsistencyCheckTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.ignite.internal.encryption;

import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteException;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.failure.AbstractFailureHandler;
import org.apache.ignite.failure.FailureContext;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.distributed.FullMessage;
import org.apache.ignite.internal.util.typedef.T2;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.spi.IgniteSpiException;
import org.apache.ignite.spi.encryption.keystore.KeystoreEncryptionSpi;
import org.junit.Test;

import static org.apache.ignite.spi.encryption.keystore.KeystoreEncryptionSpi.DEFAULT_MASTER_KEY_NAME;
import static org.apache.ignite.testframework.GridTestUtils.assertThrowsAnyCause;

/** Tests master key change process with master key consistency issues. */
@SuppressWarnings("ThrowableNotThrown")
public class MasterKeyChangeConsistencyCheckTest extends AbstractEncryptionTest {
    /** */
    private final AtomicBoolean simulateOtherDigest = new AtomicBoolean();

    /** */
    private final AtomicBoolean simulateSetMasterKeyError = new AtomicBoolean();

    /** The first handlered failure. */
    private final AtomicReference<Throwable> failure = new AtomicReference<>();

    /** {@inheritDoc} */
    @Override protected IgniteConfiguration getConfiguration(String name) throws Exception {
        IgniteConfiguration cfg = super.getConfiguration(name);

        TestKeystoreEncryptionSpi encSpi = new TestKeystoreEncryptionSpi();

        encSpi.setKeyStorePath(keystorePath());
        encSpi.setKeyStorePassword(keystorePassword());

        cfg.setEncryptionSpi(encSpi);

        cfg.setFailureHandler(new TestFailureHandler());

        return cfg;
    }

    /** @throws Exception If failed. */
    @Test
    public void testRejectMasterKeyChangeWithKeyConsistencyProblems() throws Exception {
        T2<IgniteEx, IgniteEx> grids = startTestGrids(true);

        simulateOtherDigest.set(true);

        assertTrue(checkMasterKeyName(DEFAULT_MASTER_KEY_NAME));

        assertThrowsAnyCause(log, () -> grids.get1().encryption().changeMasterKey(MASTER_KEY_NAME_2).get(),
            IgniteException.class, "Master key digest consistency check failed");

        assertTrue(checkMasterKeyName(DEFAULT_MASTER_KEY_NAME));

        simulateOtherDigest.set(false);

        simulateSetMasterKeyError.set(true);

        assertThrowsAnyCause(log, () -> grids.get1().encryption().changeMasterKey(MASTER_KEY_NAME_2).get(),
            IgniteSpiException.class, "Test error.");

        assertTrue(checkMasterKeyName(DEFAULT_MASTER_KEY_NAME));

        simulateSetMasterKeyError.set(false);

        grids.get2().encryption().changeMasterKey(MASTER_KEY_NAME_2).get();

        assertTrue(checkMasterKeyName(MASTER_KEY_NAME_2));
    }

    /** @throws Exception If failed. */
    @Test
    public void testFailureHandledOnFailPerformMasterKeyChange() throws Exception {
        T2<IgniteEx, IgniteEx> grids = startTestGrids(true);

        assertTrue(checkMasterKeyName(DEFAULT_MASTER_KEY_NAME));

        grids.get2().context().discovery().setCustomEventListener(FullMessage.class,
            (topVer, snd, msg) -> simulateSetMasterKeyError.set(true));

        // Expected successful completing the future in case of successful completition of prepare phase and fail
        // of the perform phase.
        grids.get1().encryption().changeMasterKey(MASTER_KEY_NAME_2).get();

        assertNotNull(failure.get());

        assertTrue(X.hasCause(failure.get(), "Test error.", IgniteSpiException.class));
    }

    /** {@inheritDoc} */
    @Override protected void beforeTestsStarted() throws Exception {
        cleanPersistenceDir();
    }

    /** {@inheritDoc} */
    @Override protected void afterTest() throws Exception {
        stopAllGrids();

        cleanPersistenceDir();

        simulateOtherDigest.set(false);
        simulateSetMasterKeyError.set(false);
    }

    /** */
    private class TestKeystoreEncryptionSpi extends KeystoreEncryptionSpi {
        /** {@inheritDoc} */
        @Override public byte[] masterKeyDigest() {
            if (simulateOtherDigest.get() && ignite.name().equals(GRID_1)) {
                byte[] digest = super.masterKeyDigest();

                digest[0] += 1;

                return digest;
            }

            return super.masterKeyDigest();
        }

        /** {@inheritDoc} */
        @Override public void setMasterKeyName(String name) {
            if (simulateSetMasterKeyError.get() && ignite.name().equals(GRID_1))
                throw new IgniteSpiException("Test error.");

            super.setMasterKeyName(name);
        }
    }

    /** */
    private class TestFailureHandler extends AbstractFailureHandler {
        /** {@inheritDoc} */
        @Override protected boolean handle(Ignite ignite, FailureContext failureCtx) {
            failure.compareAndSet(null, failureCtx.error());

            return true;
        }
    }
}