From commits-return-22057-archive-asf-public=cust-asf.ponee.io@accumulo.apache.org Thu Aug 30 16:33:08 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 3E344180656 for ; Thu, 30 Aug 2018 16:33:08 +0200 (CEST) Received: (qmail 44269 invoked by uid 500); 30 Aug 2018 14:33:07 -0000 Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list commits@accumulo.apache.org Received: (qmail 44260 invoked by uid 99); 30 Aug 2018 14:33:07 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Aug 2018 14:33:07 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id C7A7F81F3E; Thu, 30 Aug 2018 14:33:06 +0000 (UTC) Date: Thu, 30 Aug 2018 14:33:06 +0000 To: "commits@accumulo.apache.org" Subject: [accumulo] branch master updated: Removed duplicate calls and implementation of SecureRandom (#617) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <153563958673.16562.16687484297007546575@gitbox.apache.org> From: mmiller@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: accumulo X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 5e8d0675be5deea15b85dc37c4938ce6fb468c49 X-Git-Newrev: 80bb2f387e4b00867abb3cfe8c133b6dffcb21bb X-Git-Rev: 80bb2f387e4b00867abb3cfe8c133b6dffcb21bb X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. mmiller pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/accumulo.git The following commit(s) were added to refs/heads/master by this push: new 80bb2f3 Removed duplicate calls and implementation of SecureRandom (#617) 80bb2f3 is described below commit 80bb2f387e4b00867abb3cfe8c133b6dffcb21bb Author: Nick Felts <31989480+PircDef@users.noreply.github.com> AuthorDate: Thu Aug 30 10:33:03 2018 -0400 Removed duplicate calls and implementation of SecureRandom (#617) --- .../accumulo/core/security/crypto/CryptoUtils.java | 17 +++------ .../security/crypto/impl/AESCryptoService.java | 41 +++++++--------------- 2 files changed, 18 insertions(+), 40 deletions(-) diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java index e745f0e..0e69d6c 100644 --- a/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java +++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoUtils.java @@ -37,11 +37,11 @@ public class CryptoUtils { private static final Logger log = LoggerFactory.getLogger(CryptoUtils.class); - public static SecureRandom getSha1SecureRandom() { - return getSecureRandom("SHA1PRNG", "SUN"); + public static SecureRandom newSha1SecureRandom() { + return newSecureRandom("SHA1PRNG", "SUN"); } - public static SecureRandom getSecureRandom(String secureRNG, String secureRNGProvider) { + private static SecureRandom newSecureRandom(String secureRNG, String secureRNGProvider) { SecureRandom secureRandom = null; try { secureRandom = SecureRandom.getInstance(secureRNG, secureRNGProvider); @@ -49,15 +49,8 @@ public class CryptoUtils { // Immediately seed the generator byte[] throwAway = new byte[16]; secureRandom.nextBytes(throwAway); - - } catch (NoSuchAlgorithmException e) { - log.error(String.format("Accumulo configuration file specified a secure" - + " random generator \"%s\" that was not found by any provider.", secureRNG)); - throw new CryptoException(e); - } catch (NoSuchProviderException e) { - log.error(String.format("Accumulo configuration file specified a secure" - + " random provider \"%s\" that does not exist", secureRNGProvider)); - throw new CryptoException(e); + } catch (NoSuchAlgorithmException | NoSuchProviderException e) { + throw new CryptoException("Unable to generate secure random.", e); } return secureRandom; } diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java index e9d16cf..54d5f59 100644 --- a/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java +++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/impl/AESCryptoService.java @@ -28,7 +28,6 @@ import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.util.Arrays; import java.util.HashMap; @@ -66,7 +65,8 @@ public class AESCryptoService implements CryptoService { private String encryptingKekId = null; private String encryptingKeyManager = null; // Lets just load keks for reading once - private static HashMap decryptingKeys = new HashMap<>(); + private HashMap decryptingKeys = null; + private SecureRandom sr = null; @Override public void init(Map conf) throws CryptoException { @@ -74,6 +74,8 @@ public class AESCryptoService implements CryptoService { String keyMgr = conf.get("instance.crypto.opts.keyManager"); Objects.requireNonNull(kekId, "Config property instance.crypto.opts.kekId is required."); Objects.requireNonNull(keyMgr, "Config property instance.crypto.opts.keyManager is required."); + this.sr = CryptoUtils.newSha1SecureRandom(); + this.decryptingKeys = new HashMap<>(); switch (keyMgr) { case KeyManager.URI: this.encryptingKeyManager = keyMgr; @@ -225,11 +227,11 @@ public class AESCryptoService implements CryptoService { return parsed; } - private static Key loadDecryptionKek(ParsedCryptoParameters params) { + private Key loadDecryptionKek(ParsedCryptoParameters params) { Key ret = null; String keyTag = params.getKeyManagerVersion() + "!" + params.getKekId(); - if (decryptingKeys.get(keyTag) != null) { - return (decryptingKeys.get(keyTag)); + if (this.decryptingKeys.get(keyTag) != null) { + return (this.decryptingKeys.get(keyTag)); } switch (params.keyManagerVersion) { @@ -240,7 +242,7 @@ public class AESCryptoService implements CryptoService { throw new CryptoException("Unable to load kek: " + params.kekId); } - decryptingKeys.put(keyTag, ret); + this.decryptingKeys.put(keyTag, ret); if (ret == null) throw new CryptoException("Unable to load decryption KEK"); @@ -248,21 +250,6 @@ public class AESCryptoService implements CryptoService { return (ret); } - private static SecureRandom getSecureRandom(String secureRNG, String secureRNGProvider) { - SecureRandom secureRandom = null; - try { - secureRandom = SecureRandom.getInstance(secureRNG, secureRNGProvider); - - // Immediately seed the generator - byte[] throwAway = new byte[16]; - secureRandom.nextBytes(throwAway); - - } catch (NoSuchAlgorithmException | NoSuchProviderException e) { - throw new CryptoException("Unable to generate secure random.", e); - } - return secureRandom; - } - /** * This interface lists the methods needed by CryptoModules which are responsible for tracking * version and preparing encrypters/decrypters for use. @@ -273,7 +260,7 @@ public class AESCryptoService implements CryptoService { FileDecrypter getDecrypter(Key fek); } - public static class AESGCMCryptoModule implements CryptoModule { + public class AESGCMCryptoModule implements CryptoModule { private static final String VERSION = "U+1F43B"; // unicode bear emoji rawr private final Integer GCM_IV_LENGTH_IN_BYTES = 12; @@ -307,12 +294,11 @@ public class AESCryptoService implements CryptoService { public class AESGCMFileEncrypter implements FileEncrypter { private byte[] firstInitVector; - private SecureRandom sr = getSecureRandom("SHA1PRNG", "SUN"); - private Key fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES); + private Key fek; private byte[] initVector = new byte[GCM_IV_LENGTH_IN_BYTES]; AESGCMFileEncrypter() { - + fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES); sr.nextBytes(initVector); firstInitVector = Arrays.copyOf(initVector, initVector.length); } @@ -417,7 +403,7 @@ public class AESCryptoService implements CryptoService { } } - public static class AESCBCCryptoModule implements CryptoModule { + public class AESCBCCryptoModule implements CryptoModule { public static final String VERSION = "U+1f600"; // unicode grinning face emoji private final Integer IV_LENGTH_IN_BYTES = 16; private final Integer KEY_LENGTH_IN_BYTES = 16; @@ -445,14 +431,13 @@ public class AESCryptoService implements CryptoService { public class AESCBCFileEncrypter implements FileEncrypter { - private SecureRandom sr = getSecureRandom("SHA1PRNG", "SUN"); private Key fek = KeyManager.generateKey(sr, KEY_LENGTH_IN_BYTES); private byte[] initVector = new byte[IV_LENGTH_IN_BYTES]; @Override public OutputStream encryptStream(OutputStream outputStream) throws CryptoException { - CryptoUtils.getSha1SecureRandom().nextBytes(initVector); + sr.nextBytes(initVector); try { outputStream.write(initVector); } catch (IOException e) {