[GitHub] [hbase] wchevreuil commented on a change in pull request #2539: HBASE-25181 Configure hash algorithm in wrapped encryption keys

Tue, 13 Oct 2020 03:34:40 -0700 


wchevreuil commented on a change in pull request #2539:
URL: https://github.com/apache/hbase/pull/2539#discussion_r503838423



##########
File path: 
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
##########
@@ -127,96 +128,48 @@ public static Cipher getCipher(Configuration conf, String 
name) {
   }
 
   /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(String... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(byte[]... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (byte[] arg: args) {
-        md.update(arg);
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the Hash Algorithm defined in the crypto configuration.
    */
-  public static byte[] hash256(String... args) {
-    byte[] result = new byte[32];
-    try {
-      MessageDigest md = MessageDigest.getInstance("SHA-256");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
+  public static String getConfiguredHashAlgorithm(Configuration conf) {
+    return conf.get(HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY,
+                    HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT).trim();
   }
 
   /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the hash of the supplied argument, using the hash algorithm
+   * specified in the given config.
    */
-  public static byte[] hash256(byte[]... args) {
-    byte[] result = new byte[32];
+  public static byte[] computeHash(Configuration conf, byte[] arg) {

Review comment:
       We don't need more than one arg anymore? Not even for the original 
supported SHA-256 one?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to