hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject [4/4] hbase git commit: HBASE-13002 Make encryption cipher configurable
Date Wed, 18 Feb 2015 19:43:20 GMT
HBASE-13002 Make encryption cipher configurable

Signed-off-by: Andrew Purtell <apurtell@apache.org>

Conflicts:
	hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
	hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
	hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/489fc4c7
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/489fc4c7
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/489fc4c7

Branch: refs/heads/0.98
Commit: 489fc4c7e9a97438a9b69cd650df6b51da3811b7
Parents: f83c67c
Author: Ashish Singhi <ashish.singhi@huawei.com>
Authored: Wed Feb 18 11:42:23 2015 -0800
Committer: Andrew Purtell <apurtell@apache.org>
Committed: Wed Feb 18 11:42:23 2015 -0800

----------------------------------------------------------------------
 .../hadoop/hbase/security/EncryptionUtil.java   | 20 +++++++------
 .../hbase/security/TestEncryptionUtil.java      |  4 ++-
 .../org/apache/hadoop/hbase/HConstants.java     | 12 +++++++-
 .../hadoop/hbase/io/crypto/Encryption.java      | 31 +++++++++++++++++---
 .../hbase/io/crypto/TestCipherProvider.java     |  8 +++--
 .../hadoop/hbase/io/crypto/TestEncryption.java  |  7 +++--
 .../hadoop/hbase/regionserver/HStore.java       |  4 +--
 .../wal/SecureProtobufLogWriter.java            |  7 ++---
 .../hbase/io/hfile/TestHFileEncryption.java     |  4 ++-
 .../regionserver/TestEncryptionKeyRotation.java | 14 ++++++---
 .../TestEncryptionRandomKeying.java             |  4 ++-
 .../hadoop/hbase/util/TestEncryptionTest.java   |  6 ++--
 .../hbase/util/TestHBaseFsckEncryption.java     |  6 ++--
 13 files changed, 91 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
index f446c66..485388e 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
@@ -63,8 +63,7 @@ public class EncryptionUtil {
 
   /**
    * Protect a key by encrypting it with the secret key of the given subject.
-   * The configuration must be set up correctly for key alias resolution. Keys
-   * are always wrapped using AES.
+   * The configuration must be set up correctly for key alias resolution.
    * @param conf configuration
    * @param subject subject key alias
    * @param key the key
@@ -72,10 +71,12 @@ public class EncryptionUtil {
    */
   public static byte[] wrapKey(Configuration conf, String subject, Key key)
       throws IOException {
-    // Wrap the key with AES
-    Cipher cipher = Encryption.getCipher(conf, "AES");
+    // Wrap the key with the configured encryption algorithm.
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    Cipher cipher = Encryption.getCipher(conf, algorithm);
     if (cipher == null) {
-      throw new RuntimeException("Cipher 'AES' not available");
+      throw new RuntimeException("Cipher '" + algorithm + "' not available");
     }
     EncryptionProtos.WrappedKey.Builder builder = EncryptionProtos.WrappedKey.newBuilder();
     builder.setAlgorithm(key.getAlgorithm());
@@ -100,8 +101,7 @@ public class EncryptionUtil {
 
   /**
    * Unwrap a key by decrypting it with the secret key of the given subject.
-   * The configuration must be set up correctly for key alias resolution. Keys
-   * are always unwrapped using AES.
+   * The configuration must be set up correctly for key alias resolution.
    * @param conf configuration
    * @param subject subject key alias
    * @param value the encrypted key bytes
@@ -113,9 +113,11 @@ public class EncryptionUtil {
       throws IOException, KeyException {
     EncryptionProtos.WrappedKey wrappedKey = EncryptionProtos.WrappedKey.PARSER
         .parseDelimitedFrom(new ByteArrayInputStream(value));
-    Cipher cipher = Encryption.getCipher(conf, "AES");
+    String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY,
+      HConstants.CIPHER_AES);
+    Cipher cipher = Encryption.getCipher(conf, algorithm);
     if (cipher == null) {
-      throw new RuntimeException("Algorithm 'AES' not available");
+      throw new RuntimeException("Cipher '" + algorithm + "' not available");
     }
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     byte[] iv = wrappedKey.hasIv() ? wrappedKey.getIv().toByteArray() : null;

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
b/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
index e5e7b78..7aea5d9 100644
--- a/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
+++ b/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
@@ -47,7 +47,9 @@ public class TestEncryptionUtil {
     // generate a test key
     byte[] keyBytes = new byte[AES.KEY_LENGTH];
     new SecureRandom().nextBytes(keyBytes);
-    Key key = new SecretKeySpec(keyBytes, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    Key key = new SecretKeySpec(keyBytes, algorithm);
 
     // wrap the test key
     byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
index 880f244..632f01a 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
@@ -1005,6 +1005,9 @@ public final class HConstants {
 
   public static final long NO_NONCE = 0;
 
+  /** Default cipher for encryption */
+  public static final String CIPHER_AES = "AES";
+
   /** Configuration key for the crypto algorithm provider, a class name */
   @InterfaceStability.Unstable
   public static final String CRYPTO_CIPHERPROVIDER_CONF_KEY = "hbase.crypto.cipherprovider";
@@ -1035,7 +1038,14 @@ public final class HConstants {
   @InterfaceStability.Unstable
   public static final String CRYPTO_WAL_KEY_NAME_CONF_KEY = "hbase.crypto.wal.key.name";
 
-  /** Configuration key for enabling HLog encryption, a boolean */
+  /** Configuration key for the algorithm used for creating jks key, a string */
+  public static final String CRYPTO_KEY_ALGORITHM_CONF_KEY = "hbase.crypto.key.algorithm";
+
+  /** Configuration key for the name of the alternate cipher algorithm for the cluster, a
string */
+  public static final String CRYPTO_ALTERNATE_KEY_ALGORITHM_CONF_KEY =
+      "hbase.crypto.alternate.key.algorithm";
+
+  /** Configuration key for enabling WAL encryption, a boolean */
   public static final String ENABLE_WAL_ENCRYPTION = "hbase.regionserver.wal.encryption";
 
   /** Configuration key for setting RPC codec class name */

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
b/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
index 8c37ba2..fd36315 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
@@ -466,9 +466,8 @@ public final class Encryption {
    * @param iv the initialization vector, can be null
    * @throws IOException
    */
-  public static void decryptWithSubjectKey(OutputStream out, InputStream in,
-      int outLen, String subject, Configuration conf, Cipher cipher,
-      byte[] iv) throws IOException {
+  public static void decryptWithSubjectKey(OutputStream out, InputStream in, int outLen,
+      String subject, Configuration conf, Cipher cipher, byte[] iv) throws IOException {
     Key key = getSecretKeyForSubject(subject, conf);
     if (key == null) {
       throw new IOException("No key found for subject '" + subject + "'");
@@ -476,7 +475,31 @@ public final class Encryption {
     Decryptor d = cipher.getDecryptor();
     d.setKey(key);
     d.setIv(iv); // can be null
-    decrypt(out, in, outLen, d);
+    try {
+      decrypt(out, in, outLen, d);
+    } catch (IOException e) {
+      // If the current cipher algorithm fails to unwrap, try the alternate cipher algorithm,
if one
+      // is configured
+      String alternateAlgorithm = conf.get(HConstants.CRYPTO_ALTERNATE_KEY_ALGORITHM_CONF_KEY);
+      if (alternateAlgorithm != null) {
+        if (LOG.isDebugEnabled()) {
+          LOG.debug("Unable to decrypt data with current cipher algorithm '"
+              + conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES)
+              + "'. Trying with the alternate cipher algorithm '" + alternateAlgorithm
+              + "' configured.");
+        }
+        Cipher alterCipher = Encryption.getCipher(conf, alternateAlgorithm);
+        if (alterCipher == null) {
+          throw new RuntimeException("Cipher '" + alternateAlgorithm + "' not available");
+        }
+        d = alterCipher.getDecryptor();
+        d.setKey(key);
+        d.setIv(iv); // can be null
+        decrypt(out, in, outLen, d);
+      } else {
+        throw new IOException(e);
+      }
+    }
   }
 
   private static ClassLoader getClassLoaderForClass(Class<?> c) {

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
index 6a3468e..f4a4cb7 100644
--- a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
+++ b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
@@ -140,11 +140,13 @@ public class TestCipherProvider {
     Configuration conf = HBaseConfiguration.create();
     CipherProvider provider = Encryption.getCipherProvider(conf);
     assertTrue(provider instanceof DefaultCipherProvider);
-    assertTrue(Arrays.asList(provider.getSupportedCiphers()).contains("AES"));
-    Cipher a = Encryption.getCipher(conf, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    assertTrue(Arrays.asList(provider.getSupportedCiphers()).contains(algorithm));
+    Cipher a = Encryption.getCipher(conf, algorithm);
     assertNotNull(a);
     assertTrue(a.getProvider() instanceof DefaultCipherProvider);
-    assertEquals(a.getName(), "AES");
+    assertEquals(a.getName(), algorithm);
     assertEquals(a.getKeyLength(), AES.KEY_LENGTH);
   }
 

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
index d9e51c1..e31ab49 100644
--- a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
+++ b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
@@ -28,6 +28,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseConfiguration;
+import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.testclassification.SmallTests;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.junit.Test;
@@ -87,8 +88,10 @@ public class TestEncryption {
     LOG.info("checkTransformSymmetry: AES, plaintext length = " + plaintext.length);
 
     Configuration conf = HBaseConfiguration.create();
-    Cipher aes = Encryption.getCipher(conf, "AES");
-    Key key = new SecretKeySpec(keyBytes, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    Cipher aes = Encryption.getCipher(conf, algorithm);
+    Key key = new SecretKeySpec(keyBytes, algorithm);
 
     Encryptor e = aes.getEncryptor();
     e.setKey(key);

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
index 92b9f81..d74ef6c 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
@@ -309,7 +309,7 @@ public class HStore implements Store {
         // Use the algorithm the key wants
         cipher = Encryption.getCipher(conf, key.getAlgorithm());
         if (cipher == null) {
-          throw new RuntimeException("Cipher '" + cipher + "' is not available");
+          throw new RuntimeException("Cipher '" + key.getAlgorithm() + "' is not available");
         }
         // Fail if misconfigured
         // We use the encryption type specified in the column schema as a sanity check on
@@ -323,7 +323,7 @@ public class HStore implements Store {
         // Family does not provide key material, create a random key
         cipher = Encryption.getCipher(conf, cipherName);
         if (cipher == null) {
-          throw new RuntimeException("Cipher '" + cipher + "' is not available");
+          throw new RuntimeException("Cipher '" + cipherName + "' is not available");
         }
         key = cipher.getRandomKey();
       }

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
index 8182127..433cde7 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
@@ -43,8 +43,6 @@ import org.apache.hadoop.hbase.security.User;
 public class SecureProtobufLogWriter extends ProtobufLogWriter {
 
   private static final Log LOG = LogFactory.getLog(SecureProtobufLogWriter.class);
-  private static final String DEFAULT_CIPHER = "AES";
-
   private Encryptor encryptor = null;
 
   @Override
@@ -56,8 +54,9 @@ public class SecureProtobufLogWriter extends ProtobufLogWriter {
       EncryptionTest.testCipherProvider(conf);
 
       // Get an instance of our cipher
-      Cipher cipher = Encryption.getCipher(conf,
-        conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, DEFAULT_CIPHER));
+      final String cipherName =
+          conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+      Cipher cipher = Encryption.getCipher(conf, cipherName);
       if (cipher == null) {
         throw new RuntimeException("Cipher '" + cipher + "' is not available");
       }

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
index 0f32011..28bec56 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
@@ -68,7 +68,9 @@ public class TestHFileEncryption {
     fs = FileSystem.get(conf);
 
     cryptoContext = Encryption.newContext(conf);
-    Cipher aes = Encryption.getCipher(conf, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    Cipher aes = Encryption.getCipher(conf, algorithm);
     assertNotNull(aes);
     cryptoContext.setCipher(aes);
     byte[] key = new byte[aes.getKeyLength()];

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
index 9b5f287..32f0ad9 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
@@ -65,9 +65,11 @@ public class TestEncryptionKeyRotation {
     SecureRandom rng = new SecureRandom();
     byte[] keyBytes = new byte[AES.KEY_LENGTH];
     rng.nextBytes(keyBytes);
-    initialCFKey = new SecretKeySpec(keyBytes, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    initialCFKey = new SecretKeySpec(keyBytes, algorithm);
     rng.nextBytes(keyBytes);
-    secondCFKey = new SecretKeySpec(keyBytes, "AES");
+    secondCFKey = new SecretKeySpec(keyBytes, algorithm);
   }
 
   @BeforeClass
@@ -93,7 +95,9 @@ public class TestEncryptionKeyRotation {
     HTableDescriptor htd = new HTableDescriptor(TableName.valueOf("default",
       "testCFKeyRotation"));
     HColumnDescriptor hcd = new HColumnDescriptor("cf");
-    hcd.setEncryptionType("AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    hcd.setEncryptionType(algorithm);
     hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, "hbase", initialCFKey));
     htd.addFamily(hcd);
 
@@ -152,7 +156,9 @@ public class TestEncryptionKeyRotation {
     HTableDescriptor htd = new HTableDescriptor(TableName.valueOf("default",
       "testMasterKeyRotation"));
     HColumnDescriptor hcd = new HColumnDescriptor("cf");
-    hcd.setEncryptionType("AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    hcd.setEncryptionType(algorithm);
     hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, "hbase", initialCFKey));
     htd.addFamily(hcd);
 

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
index 4024f2d..850709d 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
@@ -90,7 +90,9 @@ public class TestEncryptionRandomKeying {
     // Specify an encryption algorithm without a key
     htd = new HTableDescriptor(TableName.valueOf("default", "TestEncryptionRandomKeying"));
     HColumnDescriptor hcd = new HColumnDescriptor("cf");
-    hcd.setEncryptionType("AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    hcd.setEncryptionType(algorithm);
     htd.addFamily(hcd);
 
     // Start the minicluster

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
index f42bb2e..cf9dbee 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
@@ -74,10 +74,12 @@ public class TestEncryptionTest {
   public void testTestCipher() {
     Configuration conf = HBaseConfiguration.create();
     conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
     try {
-      EncryptionTest.testEncryption(conf, "AES", null);
+      EncryptionTest.testEncryption(conf, algorithm, null);
     } catch (Exception e) {
-      fail("Test for cipher AES should have succeeded");
+      fail("Test for cipher " + algorithm + " should have succeeded");
     }
     try {
       EncryptionTest.testEncryption(conf, "foobar", null);

http://git-wip-us.apache.org/repos/asf/hbase/blob/489fc4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
index 0f37990..beaa6f7 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
@@ -76,7 +76,9 @@ public class TestHBaseFsckEncryption {
     SecureRandom rng = new SecureRandom();
     byte[] keyBytes = new byte[AES.KEY_LENGTH];
     rng.nextBytes(keyBytes);
-    cfKey = new SecretKeySpec(keyBytes, "AES");
+    String algorithm =
+        conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+    cfKey = new SecretKeySpec(keyBytes,algorithm);
 
     // Start the minicluster
     TEST_UTIL.startMiniCluster(3);
@@ -84,7 +86,7 @@ public class TestHBaseFsckEncryption {
     // Create the table
     htd = new HTableDescriptor(TableName.valueOf("default", "TestHBaseFsckEncryption"));
     HColumnDescriptor hcd = new HColumnDescriptor("cf");
-    hcd.setEncryptionType("AES");
+    hcd.setEncryptionType(algorithm);
     hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf,
       conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName()),
       cfKey));


Mime
View raw message