[GitHub] [hbase] wchevreuil commented on a change in pull request #2539: HBASE-25181 Configure hash algorithm in wrapped encryption keys

GitBox Wed, 14 Oct 2020 02:51:03 -0700


wchevreuil commented on a change in pull request #2539:
URL: https://github.com/apache/hbase/pull/2539#discussion_r504548093




##########
File path: 
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
##########
@@ -127,96 +128,48 @@ public static Cipher getCipher(Configuration conf, String 
name) {
   }
 
   /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(String... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the MD5 digest of the concatenation of the supplied arguments.
-   */
-  public static byte[] hash128(byte[]... args) {
-    byte[] result = new byte[16];
-    try {
-      MessageDigest md = MessageDigest.getInstance("MD5");
-      for (byte[] arg: args) {
-        md.update(arg);
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the Hash Algorithm defined in the crypto configuration.
    */
-  public static byte[] hash256(String... args) {
-    byte[] result = new byte[32];
-    try {
-      MessageDigest md = MessageDigest.getInstance("SHA-256");
-      for (String arg: args) {
-        md.update(Bytes.toBytes(arg));
-      }
-      md.digest(result, 0, result.length);
-      return result;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    } catch (DigestException e) {
-      throw new RuntimeException(e);
-    }
+  public static String getConfiguredHashAlgorithm(Configuration conf) {
+    return conf.get(HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY,
+                    HConstants.CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT).trim();
   }
 
   /**
-   * Return the SHA-256 digest of the concatenation of the supplied arguments.
+   * Returns the hash of the supplied argument, using the hash algorithm
+   * specified in the given config.
    */
-  public static byte[] hash256(byte[]... args) {
-    byte[] result = new byte[32];
+  public static byte[] computeHash(Configuration conf, byte[] arg) {

Review comment:
       > I'm not sure about deprecation. If these are used outside of the scope 
of HFile / WALFile encryption by other projects, then we can even keep them in 
the long term.
   
   If you feel those could/should be removed, it's fine to do so, but to be in 
line with our [compatibility 
promises](https://hbase.apache.org/book.html#hbase.versioning) (see "Client API 
compatibility" bullet), we need to deprecate those for a whole major release, 
before removing them.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [hbase] wchevreuil commented on a change in pull request #2539: HBASE-25181 Configure hash algorithm in wrapped encryption keys

Reply via email to