accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ktur...@apache.org
Subject [accumulo] 03/03: ACCUMULO-4733 Enabled configuring crypto security provider
Date Thu, 09 Nov 2017 21:54:53 GMT
This is an automated email from the ASF dual-hosted git repository.

kturner pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git

commit 314f9f2b2f70d28a52cb699e1c65b85e4d6be7e3
Author: Nick <31989480+PircDef@users.noreply.github.com>
AuthorDate: Tue Oct 31 14:34:04 2017 -0400

    ACCUMULO-4733 Enabled configuring crypto security provider
    
    By default uses system provider unless one is specified
---
 .../org/apache/accumulo/core/conf/Property.java     |  3 +++
 .../CachingHDFSSecretKeyEncryptionStrategy.java     |  3 ++-
 .../core/security/crypto/CryptoModuleFactory.java   |  1 +
 .../security/crypto/CryptoModuleParameters.java     | 21 +++++++++++++++++++++
 .../core/security/crypto/DefaultCryptoModule.java   |  4 ++--
 .../security/crypto/DefaultCryptoModuleUtils.java   | 11 +++++++++--
 .../NonCachingSecretKeyEncryptionStrategy.java      |  3 ++-
 .../accumulo/core/security/crypto/CryptoTest.java   |  1 +
 core/src/test/resources/crypto-on-accumulo-site.xml |  4 ++++
 9 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index f0e2338..48a4796 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -67,6 +67,9 @@ public enum Property {
   CRYPTO_CIPHER_KEY_LENGTH("crypto.cipher.key.length", "128", PropertyType.STRING,
       "Specifies the key length *in bits* to use for the symmetric key, should probably be
128 or 256 unless you really know what you're doing"),
   @Experimental
+  CRYPTO_SECURITY_PROVIDER("crypto.security.provider", "", PropertyType.STRING,
+      "States the security provider to use, and defaults to the system configured provider"),
+  @Experimental
   CRYPTO_SECURE_RNG("crypto.secure.rng", "SHA1PRNG", PropertyType.STRING,
       "States the secure random number generator to use, and defaults to the built-in Sun
SHA1PRNG"),
   @Experimental
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
index ed6d6a5..1fa659a 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
@@ -69,7 +69,8 @@ public class CachingHDFSSecretKeyEncryptionStrategy implements SecretKeyEncrypti
   }
 
   private void doKeyEncryptionOperation(int encryptionMode, CryptoModuleParameters params)
throws IOException {
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()),
+        params.getSecurityProvider());
 
     try {
       cipher.init(encryptionMode, new SecretKeySpec(secretKeyCache.getKeyEncryptionKey(),
params.getKeyAlgorithmName()));
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
index e56ee92..251a605 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
@@ -273,6 +273,7 @@ public class CryptoModuleFactory {
         .getKey())));
     params.setRandomNumberGenerator(cryptoOpts.get(Property.CRYPTO_SECURE_RNG.getKey()));
     params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
+    params.setSecurityProvider(cryptoOpts.get(Property.CRYPTO_SECURITY_PROVIDER.getKey()));
     String blockStreamSize = cryptoOpts.get(Property.CRYPTO_BLOCK_STREAM_SIZE.getKey());
     if (blockStreamSize != null)
       params.setBlockStreamSize(Integer.parseInt(blockStreamSize));
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
index b5a1ae4..04d8107 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
@@ -204,6 +204,26 @@ public class CryptoModuleParameters {
   }
 
   /**
+   * Gets the security provider name.
+   *
+   * @see CryptoParameters#setSecurityProvider(String)
+   * @return the security provider name
+   */
+  public String getSecurityProvider() {
+    return securityProvider;
+  }
+
+  /**
+   * Sets the name of the security provider to use for crypto.
+   *
+   * @param securityProvider
+   *          the name of the provider to use
+   */
+  public void setSecurityProvider(String securityProvider) {
+    this.securityProvider = securityProvider;
+  }
+
+  /**
    * Gets the key encryption strategy class.
    *
    * @see CryptoModuleParameters#setKeyEncryptionStrategyClass(String)
@@ -580,6 +600,7 @@ public class CryptoModuleParameters {
   private int keyLength = 0;
   private String randomNumberGenerator = null;
   private String randomNumberGeneratorProvider = null;
+  private String securityProvider = null;
 
   private String keyEncryptionStrategyClass;
   private byte[] encryptedKey;
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
index 1798e89..c97e7f5 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
@@ -66,7 +66,7 @@ public class DefaultCryptoModule implements CryptoModule {
       params.setSecureRandom(secureRandom);
     }
 
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getCipherSuite());
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getCipherSuite(), params.getSecurityProvider());
 
     if (params.getInitializationVector() == null) {
       try {
@@ -367,7 +367,7 @@ public class DefaultCryptoModule implements CryptoModule {
       throw new RuntimeException("CryptoModuleParameters object failed validation for decrypt");
     }
 
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getCipherSuite());
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getCipherSuite(), params.getSecurityProvider());
 
     try {
       cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(params.getPlaintextKey(), params.getKeyAlgorithmName()),
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
index 1a33915..015ffca 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
@@ -50,20 +50,27 @@ public class DefaultCryptoModuleUtils {
     return secureRandom;
   }
 
-  public static Cipher getCipher(String cipherSuite) {
+  public static Cipher getCipher(String cipherSuite, String securityProvider) {
     Cipher cipher = null;
 
     if (cipherSuite.equals("NullCipher")) {
       cipher = new NullCipher();
     } else {
       try {
-        cipher = Cipher.getInstance(cipherSuite);
+        if (securityProvider == null || securityProvider.equals("")) {
+          cipher = Cipher.getInstance(cipherSuite);
+        } else {
+          cipher = Cipher.getInstance(cipherSuite, securityProvider);
+        }
       } catch (NoSuchAlgorithmException e) {
         log.error(String.format("Accumulo configuration file contained a cipher suite \"%s\"
that was not recognized by any providers", cipherSuite));
         throw new RuntimeException(e);
       } catch (NoSuchPaddingException e) {
         log.error(String.format("Accumulo configuration file contained a cipher, \"%s\" with
a padding that was not recognized by any providers", cipherSuite));
         throw new RuntimeException(e);
+      } catch (NoSuchProviderException e) {
+        log.error(String.format("Accumulo configuration file contained a provider, \"%s\"
an unrecognized provider", securityProvider));
+        throw new RuntimeException(e);
       }
     }
     return cipher;
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
index 2d2d2f7..fa2ee70 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
@@ -78,7 +78,8 @@ public class NonCachingSecretKeyEncryptionStrategy implements SecretKeyEncryptio
       byte[] keyEncryptionKey = new byte[keyEncryptionKeyLength];
       int bytesRead = in.read(keyEncryptionKey);
 
-      Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
+      Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()),
+          params.getSecurityProvider());
 
       // check if the number of bytes read into the array is the same as the value of the
length field,
       if (bytesRead == keyEncryptionKeyLength) {
diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
index 4467828..1e29757 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
@@ -98,6 +98,7 @@ public class CryptoTest {
     assertEquals(128, params.getKeyLength());
     assertEquals("SHA1PRNG", params.getRandomNumberGenerator());
     assertEquals("SUN", params.getRandomNumberGeneratorProvider());
+    assertEquals("SunJCE", params.getSecurityProvider());
     assertEquals("org.apache.accumulo.core.security.crypto.CachingHDFSSecretKeyEncryptionStrategy",
params.getKeyEncryptionStrategyClass());
   }
 
diff --git a/core/src/test/resources/crypto-on-accumulo-site.xml b/core/src/test/resources/crypto-on-accumulo-site.xml
index f5824c4..6d9ef13 100644
--- a/core/src/test/resources/crypto-on-accumulo-site.xml
+++ b/core/src/test/resources/crypto-on-accumulo-site.xml
@@ -100,6 +100,10 @@
       <value>SUN</value>
     </property>
     <property>
+      <name>crypto.security.provider</name>
+      <value>SunJCE</value>
+    </property>
+    <property>
       <name>crypto.secret.key.encryption.strategy.class</name>
       <value>org.apache.accumulo.core.security.crypto.CachingHDFSSecretKeyEncryptionStrategy</value>
     </property>

-- 
To stop receiving notification emails like this one, please contact
"commits@accumulo.apache.org" <commits@accumulo.apache.org>.

Mime
View raw message