accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmil...@apache.org
Subject [accumulo] branch master updated: Removed duplicate calls and implementation of SecureRandom (#617)
Date Thu, 30 Aug 2018 14:33:06 GMT
This is an automated email from the ASF dual-hosted git repository.

mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/master by this push:
     new 80bb2f3  Removed duplicate calls and implementation of SecureRandom (#617)
80bb2f3 is described below

commit 80bb2f387e4b00867abb3cfe8c133b6dffcb21bb
Author: Nick Felts <31989480+PircDef@users.noreply.github.com>
AuthorDate: Thu Aug 30 10:33:03 2018 -0400

    Removed duplicate calls and implementation of SecureRandom (#617)
---
 .../accumulo/core/security/crypto/CryptoUtils.java | 17 +++------
 .../security/crypto/impl/AESCryptoService.java     | 41 +++++++---------------
 2 files changed, 18 insertions(+), 40 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java
index e745f0e..0e69d6c 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java
@@ -37,11 +37,11 @@ public class CryptoUtils {
 
   private static final Logger log = LoggerFactory.getLogger(CryptoUtils.class);
 
-  public static SecureRandom getSha1SecureRandom() {
-    return getSecureRandom("SHA1PRNG", "SUN");
+  public static SecureRandom newSha1SecureRandom() {
+    return newSecureRandom("SHA1PRNG", "SUN");
   }
 
-  public static SecureRandom getSecureRandom(String secureRNG, String secureRNGProvider)
{
+  private static SecureRandom newSecureRandom(String secureRNG, String secureRNGProvider)
{
     SecureRandom secureRandom = null;
     try {
       secureRandom = SecureRandom.getInstance(secureRNG, secureRNGProvider);
@@ -49,15 +49,8 @@ public class CryptoUtils {
       // Immediately seed the generator
       byte[] throwAway = new byte[16];
       secureRandom.nextBytes(throwAway);
-
-    } catch (NoSuchAlgorithmException e) {
-      log.error(String.format("Accumulo configuration file specified a secure"
-          + " random generator \"%s\" that was not found by any provider.", secureRNG));
-      throw new CryptoException(e);
-    } catch (NoSuchProviderException e) {
-      log.error(String.format("Accumulo configuration file specified a secure"
-          + " random provider \"%s\" that does not exist", secureRNGProvider));
-      throw new CryptoException(e);
+    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+      throw new CryptoException("Unable to generate secure random.", e);
     }
     return secureRandom;
   }
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
index e9d16cf..54d5f59 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
@@ -28,7 +28,6 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -66,7 +65,8 @@ public class AESCryptoService implements CryptoService {
   private String encryptingKekId = null;
   private String encryptingKeyManager = null;
   // Lets just load keks for reading once
-  private static HashMap<String,Key> decryptingKeys = new HashMap<>();
+  private HashMap<String,Key> decryptingKeys = null;
+  private SecureRandom sr = null;
 
   @Override
   public void init(Map<String,String> conf) throws CryptoException {
@@ -74,6 +74,8 @@ public class AESCryptoService implements CryptoService {
     String keyMgr = conf.get("instance.crypto.opts.keyManager");
     Objects.requireNonNull(kekId, "Config property instance.crypto.opts.kekId is required.");
     Objects.requireNonNull(keyMgr, "Config property instance.crypto.opts.keyManager is required.");
+    this.sr = CryptoUtils.newSha1SecureRandom();
+    this.decryptingKeys = new HashMap<>();
     switch (keyMgr) {
       case KeyManager.URI:
         this.encryptingKeyManager = keyMgr;
@@ -225,11 +227,11 @@ public class AESCryptoService implements CryptoService {
     return parsed;
   }
 
-  private static Key loadDecryptionKek(ParsedCryptoParameters params) {
+  private Key loadDecryptionKek(ParsedCryptoParameters params) {
     Key ret = null;
     String keyTag = params.getKeyManagerVersion() + "!" + params.getKekId();
-    if (decryptingKeys.get(keyTag) != null) {
-      return (decryptingKeys.get(keyTag));
+    if (this.decryptingKeys.get(keyTag) != null) {
+      return (this.decryptingKeys.get(keyTag));
     }
 
     switch (params.keyManagerVersion) {
@@ -240,7 +242,7 @@ public class AESCryptoService implements CryptoService {
         throw new CryptoException("Unable to load kek: " + params.kekId);
     }
 
-    decryptingKeys.put(keyTag, ret);
+    this.decryptingKeys.put(keyTag, ret);
 
     if (ret == null)
       throw new CryptoException("Unable to load decryption KEK");
@@ -248,21 +250,6 @@ public class AESCryptoService implements CryptoService {
     return (ret);
   }
 
-  private static SecureRandom getSecureRandom(String secureRNG, String secureRNGProvider)
{
-    SecureRandom secureRandom = null;
-    try {
-      secureRandom = SecureRandom.getInstance(secureRNG, secureRNGProvider);
-
-      // Immediately seed the generator
-      byte[] throwAway = new byte[16];
-      secureRandom.nextBytes(throwAway);
-
-    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
-      throw new CryptoException("Unable to generate secure random.", e);
-    }
-    return secureRandom;
-  }
-
   /**
    * This interface lists the methods needed by CryptoModules which are responsible for tracking
    * version and preparing encrypters/decrypters for use.
@@ -273,7 +260,7 @@ public class AESCryptoService implements CryptoService {
     FileDecrypter getDecrypter(Key fek);
   }
 
-  public static class AESGCMCryptoModule implements CryptoModule {
+  public class AESGCMCryptoModule implements CryptoModule {
     private static final String VERSION = "U+1F43B"; // unicode bear emoji rawr
 
     private final Integer GCM_IV_LENGTH_IN_BYTES = 12;
@@ -307,12 +294,11 @@ public class AESCryptoService implements CryptoService {
     public class AESGCMFileEncrypter implements FileEncrypter {
 
       private byte[] firstInitVector;
-      private SecureRandom sr = getSecureRandom("SHA1PRNG", "SUN");
-      private Key fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES);
+      private Key fek;
       private byte[] initVector = new byte[GCM_IV_LENGTH_IN_BYTES];
 
       AESGCMFileEncrypter() {
-
+        fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES);
         sr.nextBytes(initVector);
         firstInitVector = Arrays.copyOf(initVector, initVector.length);
       }
@@ -417,7 +403,7 @@ public class AESCryptoService implements CryptoService {
     }
   }
 
-  public static class AESCBCCryptoModule implements CryptoModule {
+  public class AESCBCCryptoModule implements CryptoModule {
     public static final String VERSION = "U+1f600"; // unicode grinning face emoji
     private final Integer IV_LENGTH_IN_BYTES = 16;
     private final Integer KEY_LENGTH_IN_BYTES = 16;
@@ -445,14 +431,13 @@ public class AESCryptoService implements CryptoService {
 
     public class AESCBCFileEncrypter implements FileEncrypter {
 
-      private SecureRandom sr = getSecureRandom("SHA1PRNG", "SUN");
       private Key fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES);
       private byte[] initVector = new byte[IV_LENGTH_IN_BYTES];
 
       @Override
       public OutputStream encryptStream(OutputStream outputStream) throws CryptoException
{
 
-        CryptoUtils.getSha1SecureRandom().nextBytes(initVector);
+        sr.nextBytes(initVector);
         try {
           outputStream.write(initVector);
         } catch (IOException e) {


Mime
View raw message