accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] keith-turner closed pull request #318: ACCUMULO-4733 Implement configurable security provider for crypto
Date Thu, 01 Jan 1970 00:00:00 GMT
keith-turner closed pull request #318: ACCUMULO-4733 Implement configurable security provider
for crypto
URL: https://github.com/apache/accumulo/pull/318
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index e08df9e363..6980af1232 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -59,6 +59,9 @@
   CRYPTO_CIPHER_KEY_LENGTH("crypto.cipher.key.length", "128", PropertyType.STRING,
       "Specifies the key length *in bits* to use for the symmetric key, should probably be
128 or 256 unless you really know what you're doing"),
   @Experimental
+  CRYPTO_SECURITY_PROVIDER("crypto.security.provider", "", PropertyType.STRING,
+      "States the security provider to use, and defaults to the system configured provider"),
+  @Experimental
   CRYPTO_SECURE_RNG("crypto.secure.rng", "SHA1PRNG", PropertyType.STRING,
       "States the secure random number generator to use, and defaults to the built-in Sun
SHA1PRNG"),
   @Experimental
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
index 7b79d99ec4..10feb2ae14 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.java
@@ -69,7 +69,8 @@ public CryptoModuleParameters decryptSecretKey(CryptoModuleParameters context)
{
   }
 
   private void doKeyEncryptionOperation(int encryptionMode, CryptoModuleParameters params)
throws IOException {
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()),
+        params.getSecurityProvider());
 
     try {
       cipher.init(encryptionMode, new SecretKeySpec(secretKeyCache.getKeyEncryptionKey(),
params.getAlgorithmName()));
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
index 6a295adbce..c2954248e5 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java
@@ -286,6 +286,7 @@ public static CryptoModuleParameters fillParamsObjectFromStringMap(CryptoModuleP
     params.setPadding(cipherTransformParts[2]);
     params.setRandomNumberGenerator(cryptoOpts.get(Property.CRYPTO_SECURE_RNG.getKey()));
     params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
+    params.setSecurityProvider(cryptoOpts.get(Property.CRYPTO_SECURITY_PROVIDER.getKey()));
     String blockStreamSize = cryptoOpts.get(Property.CRYPTO_BLOCK_STREAM_SIZE.getKey());
     if (blockStreamSize != null)
       params.setBlockStreamSize(Integer.parseInt(blockStreamSize));
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
index a7bb93dfdd..b1d5024982 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleParameters.java
@@ -232,6 +232,26 @@ public void setRandomNumberGeneratorProvider(String randomNumberGeneratorProvide
   }
 
   /**
+   * Gets the security provider name.
+   *
+   * @see CryptoParameters#setSecurityProvider(String)
+   * @return the security provider name
+   */
+  public String getSecurityProvider() {
+    return securityProvider;
+  }
+
+  /**
+   * Sets the name of the security provider to use for crypto.
+   *
+   * @param securityProvider
+   *          the name of the provider to use
+   */
+  public void setSecurityProvider(String securityProvider) {
+    this.securityProvider = securityProvider;
+  }
+
+  /**
    * Gets the key encryption strategy class.
    *
    * @see CryptoModuleParameters#setKeyEncryptionStrategyClass(String)
@@ -609,6 +629,7 @@ public void setAllOptions(Map<String,String> allOptions) {
   private int keyLength = 0;
   private String randomNumberGenerator = null;
   private String randomNumberGeneratorProvider = null;
+  private String securityProvider = null;
 
   private String keyEncryptionStrategyClass;
   private byte[] encryptedKey;
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
index 7609bb0f63..9302bc8625 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java
@@ -68,7 +68,7 @@ public CryptoModuleParameters initializeCipher(CryptoModuleParameters params)
{
       params.setSecureRandom(secureRandom);
     }
 
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(cipherTransformation);
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(cipherTransformation, params.getSecurityProvider());
 
     if (params.getInitializationVector() == null) {
       try {
@@ -383,7 +383,7 @@ public CryptoModuleParameters getDecryptingInputStream(CryptoModuleParameters
pa
       throw new RuntimeException("CryptoModuleParameters object failed validation for decrypt");
     }
 
-    Cipher cipher = DefaultCryptoModuleUtils.getCipher(getCipherTransformation(params));
+    Cipher cipher = DefaultCryptoModuleUtils.getCipher(getCipherTransformation(params), params.getSecurityProvider());
 
     try {
       cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()),
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
index 1a33915f28..015ffca435 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModuleUtils.java
@@ -50,20 +50,27 @@ public static SecureRandom getSecureRandom(String secureRNG, String secureRNGPro
     return secureRandom;
   }
 
-  public static Cipher getCipher(String cipherSuite) {
+  public static Cipher getCipher(String cipherSuite, String securityProvider) {
     Cipher cipher = null;
 
     if (cipherSuite.equals("NullCipher")) {
       cipher = new NullCipher();
     } else {
       try {
-        cipher = Cipher.getInstance(cipherSuite);
+        if (securityProvider == null || securityProvider.equals("")) {
+          cipher = Cipher.getInstance(cipherSuite);
+        } else {
+          cipher = Cipher.getInstance(cipherSuite, securityProvider);
+        }
       } catch (NoSuchAlgorithmException e) {
         log.error(String.format("Accumulo configuration file contained a cipher suite \"%s\"
that was not recognized by any providers", cipherSuite));
         throw new RuntimeException(e);
       } catch (NoSuchPaddingException e) {
         log.error(String.format("Accumulo configuration file contained a cipher, \"%s\" with
a padding that was not recognized by any providers", cipherSuite));
         throw new RuntimeException(e);
+      } catch (NoSuchProviderException e) {
+        log.error(String.format("Accumulo configuration file contained a provider, \"%s\"
an unrecognized provider", securityProvider));
+        throw new RuntimeException(e);
       }
     }
     return cipher;
diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
index 5c9ca8cdce..aff4c3861a 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java
@@ -78,7 +78,8 @@ private void doKeyEncryptionOperation(int encryptionMode, CryptoModuleParameters
       byte[] keyEncryptionKey = new byte[keyEncryptionKeyLength];
       int bytesRead = in.read(keyEncryptionKey);
 
-      Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
+      Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()),
+          params.getSecurityProvider());
 
       // check if the number of bytes read into the array is the same as the value of the
length field,
       if (bytesRead == keyEncryptionKeyLength) {
diff --git a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
index a32a465dee..fa55c8ddec 100644
--- a/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
@@ -101,6 +101,7 @@ public void testCryptoModuleParamsParsing() {
     assertEquals(128, params.getKeyLength());
     assertEquals("SHA1PRNG", params.getRandomNumberGenerator());
     assertEquals("SUN", params.getRandomNumberGeneratorProvider());
+    assertEquals("SunJCE", params.getSecurityProvider());
     assertEquals("org.apache.accumulo.core.security.crypto.CachingHDFSSecretKeyEncryptionStrategy",
params.getKeyEncryptionStrategyClass());
   }
 
diff --git a/core/src/test/resources/crypto-on-accumulo-site.xml b/core/src/test/resources/crypto-on-accumulo-site.xml
index ebfc9ae4c0..ae268184b3 100644
--- a/core/src/test/resources/crypto-on-accumulo-site.xml
+++ b/core/src/test/resources/crypto-on-accumulo-site.xml
@@ -96,6 +96,10 @@
       <value>SUN</value>
     </property>
     <property>
+      <name>crypto.security.provider</name>
+      <value>SunJCE</value>
+    </property>
+    <property>
       <name>crypto.secret.key.encryption.strategy.class</name>
       <value>org.apache.accumulo.core.security.crypto.CachingHDFSSecretKeyEncryptionStrategy</value>
     </property>


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message