accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmil...@apache.org
Subject [accumulo] branch master updated: Remove key provider from crypto (#692)
Date Fri, 12 Oct 2018 18:10:10 GMT
This is an automated email from the ASF dual-hosted git repository.

mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/master by this push:
     new 9247fbe  Remove key provider from crypto (#692)
9247fbe is described below

commit 9247fbeadeb9c63e040947e0d7649de95e2252a2
Author: Mike Miller <mmiller@apache.org>
AuthorDate: Fri Oct 12 14:10:06 2018 -0400

    Remove key provider from crypto (#692)
    
    * Removed hard coded SunJCE key provider from AESKeyUtils
    * Removed key.provider property from AESCryptoService
    * Added null check to end of init
---
 .../core/security/crypto/impl/AESCryptoService.java         | 12 ++++++------
 .../accumulo/core/security/crypto/impl/AESKeyUtils.java     | 13 +++++--------
 .../java/org/apache/accumulo/core/file/rfile/RFileTest.java |  3 +--
 .../accumulo/test/functional/WriteAheadLogEncryptedIT.java  |  3 +--
 4 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
index 8a734b4..917ebfe 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java
@@ -72,12 +72,11 @@ public class AESCryptoService implements CryptoService {
 
   @Override
   public void init(Map<String,String> conf) throws CryptoException {
-    String keyLocation = conf.get("instance.crypto.opts.key.location");
-    String keyMgr = conf.get("instance.crypto.opts.key.provider");
+    String keyLocation = conf.get("instance.crypto.opts.key.uri");
+    // get key from URI for now, keyMgr framework could be expanded on in the future
+    String keyMgr = "uri";
     Objects.requireNonNull(keyLocation,
-        "Config property instance.crypto.opts.key.location is required.");
-    Objects.requireNonNull(keyMgr,
-        "Config property instance.crypto.opts.key.provider is required.");
+        "Config property instance.crypto.opts.key.uri is required.");
     this.sr = CryptoUtils.newSha1SecureRandom();
     this.decryptingKeys = new HashMap<>();
     switch (keyMgr) {
@@ -89,7 +88,8 @@ public class AESCryptoService implements CryptoService {
       default:
         throw new CryptoException("Unrecognized key manager");
     }
-
+    Objects.requireNonNull(this.encryptingKek,
+        "Encrypting Key Encryption Key was null, init failed");
   }
 
   @Override
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
index 09ccccc..6e6c838 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESKeyUtils.java
@@ -24,7 +24,6 @@ import java.nio.file.Paths;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
@@ -40,7 +39,6 @@ public class AESKeyUtils {
 
   public static final String URI = "uri";
   public static final String KEY_WRAP_TRANSFORM = "AESWrap";
-  public static final String KEY_PROVIDER = "SunJCE";
 
   public static Key generateKey(SecureRandom sr, int size) {
     byte[] bytes = new byte[size];
@@ -53,11 +51,10 @@ public class AESKeyUtils {
   public static Key unwrapKey(byte[] fek, Key kek) {
     Key result = null;
     try {
-      Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM, KEY_PROVIDER);
+      Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
       c.init(Cipher.UNWRAP_MODE, kek);
       result = c.unwrap(fek, "AES", Cipher.SECRET_KEY);
-    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException
-        | NoSuchPaddingException e) {
+    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
       throw new CryptoException("Unable to unwrap file encryption key", e);
     }
     return result;
@@ -68,11 +65,11 @@ public class AESKeyUtils {
   public static byte[] wrapKey(Key fek, Key kek) {
     byte[] result = null;
     try {
-      Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM, KEY_PROVIDER);
+      Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
       c.init(Cipher.WRAP_MODE, kek);
       result = c.wrap(fek);
-    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException
-        | NoSuchPaddingException | IllegalBlockSizeException e) {
+    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException
+        | IllegalBlockSizeException e) {
       throw new CryptoException("Unable to wrap file encryption key", e);
     }
 
diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
index ad61f2e..8917469 100644
--- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
@@ -1787,8 +1787,7 @@ public class RFileTest {
       case CryptoTest.CRYPTO_ON_CONF:
         cfg.set(Property.INSTANCE_CRYPTO_SERVICE,
             "org.apache.accumulo.core.security.crypto.impl.AESCryptoService");
-        cfg.set(INSTANCE_CRYPTO_PREFIX.getKey() + "key.location", CryptoTest.keyPath);
-        cfg.set(INSTANCE_CRYPTO_PREFIX.getKey() + "key.provider", "uri");
+        cfg.set(INSTANCE_CRYPTO_PREFIX.getKey() + "key.uri", CryptoTest.keyPath);
     }
     return cfg;
   }
diff --git a/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
b/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
index 64c17f0..999987a 100644
--- a/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
+++ b/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
@@ -47,8 +47,7 @@ public class WriteAheadLogEncryptedIT extends AccumuloClusterHarness {
         + "/target/mini-tests/WriteAheadLogEncryptedIT-testkeyfile";
     cfg.setProperty(Property.INSTANCE_CRYPTO_SERVICE,
         "org.apache.accumulo.core.security.crypto.impl.AESCryptoService");
-    cfg.setProperty(INSTANCE_CRYPTO_PREFIX.getKey() + "key.location", keyPath);
-    cfg.setProperty(INSTANCE_CRYPTO_PREFIX.getKey() + "key.provider", "uri");
+    cfg.setProperty(INSTANCE_CRYPTO_PREFIX.getKey() + "key.uri", keyPath);
 
     cfg.setProperty(Property.TSERV_WALOG_MAX_SIZE, "2M");
     cfg.setProperty(Property.GC_CYCLE_DELAY, "1");


Mime
View raw message