- Properly configures cryptofs in MockFSDirectoryFactory tests

- Properly releases system resourcess in CryptoDirectory

Signed-off-by: Olasoji Denloye <olasoji.denloye@intel.com>

server/src/main/java/org/opensearch/index/store/CryptoDirectory.java

@@ -162,7 +162,7 @@ public IndexInput openInput(String name, IOContext context) throws IOException {
         ensureOpen();
         ensureCanRead(name);
         Path path = getDirectory().resolve(name);
-        FileChannel fc = FileChannel.open(path, StandardOpenOption.READ);
+        FileChannel fc = null;
         boolean success = false;
         try {
             Cipher cipher = CipherFactory.getCipher(provider);
@@ -180,12 +180,13 @@ public IndexInput openInput(String name, IOContext context) throws IOException {
                 );
                 success = true;
             } else {
+                fc = FileChannel.open(path, StandardOpenOption.READ);
                 indexInput = new DecryptingFSIndexInput("DecryptingFSIndexInput(path=\"" + path + "\")", fc, context, cipher, this);
                 success = true;
             }
             return indexInput;
         } finally {
-            if (success == false) {
+            if (success == false && fc != null) {
                 IOUtils.closeWhileHandlingException(fc);
             }
         }
@@ -258,6 +259,7 @@ public synchronized void close() throws IOException {
         out.close();
         isOpen = false;
         deletePendingFiles();
+        IOUtils.close(delegate);
         dataKey = null;
     }
 

server/src/main/java/org/opensearch/index/store/LocalKeyStoreManager.java

@@ -33,6 +33,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
 import java.security.cert.CertificateException;
@@ -80,7 +81,8 @@ private LocalKeyStoreManager(String keyStorePath, String alias, Supplier<String>
             keystore.load(in, pass.get().toCharArray());
             this.alias = alias;
             this.keyPass = pass;
-        } catch (java.security.AccessControlException | KeyStoreException | CertificateException | NoSuchAlgorithmException e) {
+        } catch (java.security.AccessControlException | KeyStoreException | CertificateException | NoSuchAlgorithmException
+            | NoSuchFileException e) {
             throw new IOException("Failed to open local keystore.", e);
         }
     }

test/framework/src/main/java/org/opensearch/test/store/MockFSDirectoryFactory.java

@@ -44,6 +44,7 @@
 import org.opensearch.cluster.metadata.IndexMetadata;
 import org.opensearch.common.io.stream.BytesStreamOutput;
 import org.opensearch.common.lucene.Lucene;
+import org.opensearch.common.Randomness;
 import org.opensearch.common.settings.Setting;
 import org.opensearch.common.settings.Setting.Property;
 import org.opensearch.common.settings.Settings;
@@ -60,14 +61,24 @@
 
 import java.io.Closeable;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.io.PrintStream;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.StandardOpenOption;
+import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Random;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import javax.crypto.SecretKey;
+import java.security.cert.CertificateException;
+import java.security.NoSuchAlgorithmException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
 public class MockFSDirectoryFactory implements IndexStorePlugin.DirectoryFactory {
     public static final List<IndexModule.Type> FILE_SYSTEM_BASED_STORE_TYPES = Arrays.stream(IndexModule.Type.values())
         .filter(t -> (t == IndexModule.Type.REMOTE_SNAPSHOT) == false)
@@ -165,6 +176,7 @@ private Directory wrap(Directory dir, Random random, Settings indexSettings, Sha
     }
 
     private Directory randomDirectoryService(Random random, IndexSettings indexSettings, ShardPath path) throws IOException {
+        final String KEYSTORE_PATH = OpenSearchTestCase.createTempDir().toString() + "/keystore.ks";
         final IndexMetadata build = IndexMetadata.builder(indexSettings.getIndexMetadata())
             .settings(
                 Settings.builder()
@@ -175,12 +187,38 @@ private Directory randomDirectoryService(Random random, IndexSettings indexSetti
                         IndexModule.INDEX_STORE_TYPE_SETTING.getKey(),
                         RandomPicks.randomFrom(random, FILE_SYSTEM_BASED_STORE_TYPES).getSettingsKey()
                     )
+                    .put(FsDirectoryFactory.INDEX_KMS_ALIAS_SETTING.getKey(), "cryptotest")
+                    .put(FsDirectoryFactory.INDEX_KMS_PASSWORD_SETTING.getKey(), "cryptopass")
+                    .put(FsDirectoryFactory.INDEX_KMS_PATH_SETTING.getKey(), KEYSTORE_PATH)
             )
             .build();
         final IndexSettings newIndexSettings = new IndexSettings(build, indexSettings.getNodeSettings());
+        if (newIndexSettings.getValue(IndexModule.INDEX_STORE_TYPE_SETTING).equals("cryptofs")) {
+            createCryptoKeystore(KEYSTORE_PATH);
+        }
         return new FsDirectoryFactory().newDirectory(newIndexSettings, path);
     }
 
+    private void createCryptoKeystore(String keyStorePath) throws IOException {
+        try {
+            KeyStore keystore = KeyStore.getInstance("PKCS12");
+            byte[] keyMaterial = new byte[32];
+            java.util.Random rnd = Randomness.get();
+            rnd.nextBytes(keyMaterial);
+            SecretKey master = new javax.crypto.spec.SecretKeySpec(keyMaterial, "AES");
+            String alias = "cryptotest";
+            String keyPass = "cryptopass";
+            keystore.load(null, keyPass.toCharArray());
+            keystore.setEntry(alias, new KeyStore.SecretKeyEntry(master), new KeyStore.PasswordProtection(keyPass.toCharArray()));
+            try (OutputStream os = Files.newOutputStream(Path.of(keyStorePath), StandardOpenOption.CREATE)) {
+                keystore.store(os, keyPass.toCharArray());
+            }
+
+        } catch (java.security.AccessControlException | KeyStoreException | CertificateException | NoSuchAlgorithmException e) {
+            throw new IOException(e.getMessage());
+        }
+    }
+
     public static final class OpenSearchMockDirectoryWrapper extends MockDirectoryWrapper {
 
         private final boolean crash;