More aggressive checking of AWS key quality upon startup in the GATK

public/java/src/org/broadinstitute/sting/gatk/GenomeAnalysisEngine.java

@@ -47,6 +47,7 @@ import org.broadinstitute.sting.gatk.io.OutputTracker;
 import org.broadinstitute.sting.gatk.io.stubs.Stub;
 import org.broadinstitute.sting.gatk.iterators.ReadTransformer;
 import org.broadinstitute.sting.gatk.iterators.ReadTransformersMode;
+import org.broadinstitute.sting.gatk.phonehome.GATKRunReport;
 import org.broadinstitute.sting.gatk.refdata.tracks.RMDTrackBuilder;
 import org.broadinstitute.sting.gatk.refdata.utils.RMDTriplet;
 import org.broadinstitute.sting.gatk.resourcemanagement.ThreadAllocation;
@@ -222,6 +223,9 @@ public class GenomeAnalysisEngine {
      * @return the value of this traversal.
      */
     public Object execute() {
+        // first thing is to make sure the AWS keys can be decrypted
+        GATKRunReport.checkAWSAreValid();
+
         //HeapSizeMonitor monitor = new HeapSizeMonitor();
         //monitor.start();
         setStartTime(new java.util.Date());

public/java/src/org/broadinstitute/sting/gatk/phonehome/GATKRunReport.java

@@ -73,6 +73,9 @@ import java.util.zip.GZIPOutputStream;
  * GATK run report database.
  */
 public class GATKRunReport {
+    protected final static String AWS_ACCESS_KEY_MD5 = "c0f0afa1ff5ba41d9bf216cfcdbf26bf";
+    protected final static String AWS_SECRET_KEY_MD5 = "db2f13b3a7c98ad24e28783733ec4a62";
+
     /**
      * The root file system directory where we keep common report data
      */
@@ -358,6 +361,28 @@ public class GATKRunReport {
         return getAWSKey("GATK_AWS_secret.key");
     }
 
+    /**
+     * Check that the AWS keys can be decrypted and are what we expect them to be
+     *
+     * @throws ReviewedStingException if anything goes wrong
+     */
+    public static void checkAWSAreValid() {
+        try {
+            final String accessKeyMD5 = Utils.calcMD5(getAWSAccessKey());
+            final String secretKeyMD5 = Utils.calcMD5(getAWSSecretKey());
+
+            if ( ! AWS_ACCESS_KEY_MD5.equals(accessKeyMD5) ) {
+                throw new ReviewedStingException("Invalid AWS access key found, expected MD5 " + AWS_ACCESS_KEY_MD5 + " but got " + accessKeyMD5);
+            }
+            if ( ! AWS_SECRET_KEY_MD5.equals(secretKeyMD5) ) {
+                throw new ReviewedStingException("Invalid AWS secret key found, expected MD5 " + AWS_SECRET_KEY_MD5 + " but got " + secretKeyMD5);
+            }
+
+        } catch ( Exception e ) {
+            throw new ReviewedStingException("Couldn't decrypt AWS keys, something is wrong with the GATK distribution");
+        }
+    }
+
     private class S3PutRunnable implements Runnable {
 
         public AtomicBoolean isSuccess;

public/java/src/org/broadinstitute/sting/utils/BaseUtils.java

@@ -1,27 +1,27 @@
 /*
-* Copyright (c) 2012 The Broad Institute
+ * Copyright (c) 2012 The Broad Institute
-* 
+ *
-* Permission is hereby granted, free of charge, to any person
+ * Permission is hereby granted, free of charge, to any person
-* obtaining a copy of this software and associated documentation
+ * obtaining a copy of this software and associated documentation
-* files (the "Software"), to deal in the Software without
+ * files (the "Software"), to deal in the Software without
-* restriction, including without limitation the rights to use,
+ * restriction, including without limitation the rights to use,
-* copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
-* copies of the Software, and to permit persons to whom the
+ * copies of the Software, and to permit persons to whom the
-* Software is furnished to do so, subject to the following
+ * Software is furnished to do so, subject to the following
-* conditions:
+ * conditions:
-* 
+ *
-* The above copyright notice and this permission notice shall be
+ * The above copyright notice and this permission notice shall be
-* included in all copies or substantial portions of the Software.
+ * included in all copies or substantial portions of the Software.
-* 
+ *
-* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
-* THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-*/
+ */
 
 package org.broadinstitute.sting.utils;
 

public/java/test/org/broadinstitute/sting/gatk/phonehome/GATKRunReportUnitTest.java

@@ -36,12 +36,12 @@ import java.security.NoSuchAlgorithmException;
 public class GATKRunReportUnitTest extends BaseTest {
     @Test
     public void testAccessKey() throws Exception {
-        testAWSKey(GATKRunReport.getAWSAccessKey(), "c0f0afa1ff5ba41d9bf216cfcdbf26bf");
+        testAWSKey(GATKRunReport.getAWSAccessKey(), GATKRunReport.AWS_ACCESS_KEY_MD5);
     }
 
     @Test
     public void testSecretKey() throws Exception {
-        testAWSKey(GATKRunReport.getAWSSecretKey(), "db2f13b3a7c98ad24e28783733ec4a62");
+        testAWSKey(GATKRunReport.getAWSSecretKey(), GATKRunReport.AWS_SECRET_KEY_MD5);
     }
 
     private void testAWSKey(final String accessKey, final String expectedMD5) throws Exception {

public/java/test/org/broadinstitute/sting/utils/BaseUtilsUnitTest.java

@@ -1,27 +1,27 @@
 /*
-* Copyright (c) 2012 The Broad Institute
+ * Copyright (c) 2012 The Broad Institute
-* 
+ *
-* Permission is hereby granted, free of charge, to any person
+ * Permission is hereby granted, free of charge, to any person
-* obtaining a copy of this software and associated documentation
+ * obtaining a copy of this software and associated documentation
-* files (the "Software"), to deal in the Software without
+ * files (the "Software"), to deal in the Software without
-* restriction, including without limitation the rights to use,
+ * restriction, including without limitation the rights to use,
-* copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
-* copies of the Software, and to permit persons to whom the
+ * copies of the Software, and to permit persons to whom the
-* Software is furnished to do so, subject to the following
+ * Software is furnished to do so, subject to the following
-* conditions:
+ * conditions:
-* 
+ *
-* The above copyright notice and this permission notice shall be
+ * The above copyright notice and this permission notice shall be
-* included in all copies or substantial portions of the Software.
+ * included in all copies or substantial portions of the Software.
-* 
+ *
-* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
-* THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-*/
+ */
 
 package org.broadinstitute.sting.utils;