[GitHub] mikewalch commented on a change in pull request #560: Provide new Crypto interface & impl

GitBox Fri, 13 Jul 2018 10:06:35 -0700

mikewalch commented on a change in pull request #560: Provide new Crypto 
interface & impl
URL: https://github.com/apache/accumulo/pull/560#discussion_r202414607


 ##########
 File path: 
core/src/test/java/org/apache/accumulo/core/security/crypto/CryptoTest.java
 ##########
 @@ -17,652 +17,271 @@
 
 package org.apache.accumulo.core.security.crypto;
 
-import static org.junit.Assert.assertArrayEquals;
+import static 
org.apache.accumulo.core.file.rfile.RFileTest.setAndGetAccumuloConfig;
+import static org.apache.accumulo.core.security.crypto.CryptoEnvironment.Scope;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNotSame;
-import static org.junit.Assert.assertTrue;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.DataInputStream;
 import java.io.DataOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
+import java.io.OutputStream;
+import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Map.Entry;
-import java.util.Random;
-
-import javax.crypto.AEADBadTagException;
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
+import java.util.Map;
 
+import org.apache.accumulo.core.client.Scanner;
+import org.apache.accumulo.core.client.rfile.RFile;
+import org.apache.accumulo.core.client.rfile.RFileWriter;
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.ConfigurationCopy;
 import org.apache.accumulo.core.conf.DefaultConfiguration;
 import org.apache.accumulo.core.conf.Property;
+import org.apache.accumulo.core.data.Key;
+import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.security.crypto.impl.AESCryptoService;
+import org.apache.accumulo.core.security.crypto.impl.NoCryptoService;
+import org.apache.accumulo.core.util.CachedConfiguration;
+import org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader;
 import org.apache.hadoop.conf.Configuration;
-import org.junit.Rule;
+import org.apache.hadoop.fs.FSDataOutputStream;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
-
-import com.google.common.primitives.Bytes;
 
 public class CryptoTest {
 
-  private static final int MARKER_INT = 0xCADEFEDD;
-  private static final String MARKER_STRING = "1 2 3 a b c";
+  public static final int MARKER_INT = 0xCADEFEDD;
+  public static final String MARKER_STRING = "1 2 3 4 5 6 7 8 a b c d e f g h 
";
   public static final String CRYPTO_ON_CONF = "crypto-on-accumulo-site.xml";
   public static final String CRYPTO_OFF_CONF = "crypto-off-accumulo-site.xml";
-  // @formatter:off
-  public static final String CRYPTO_ON_KEK_OFF_CONF =
-    "crypto-on-no-key-encryption-accumulo-site.xml";
-  // @formatter:on
-
-  // Used for kek file testing
-  private static File kekWorks;
-  private static File kekTooLong;
-  private static File kekTooShort;
-
-  @Rule
-  public ExpectedException exception = ExpectedException.none();
-
-  @Test
-  public void testNoCryptoStream() throws IOException {
-    AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_OFF_CONF);
-
-    CryptoModuleParameters params = CryptoModuleFactory
-        .createParamsObjectFromAccumuloConfiguration(conf);
-
-    assertNotNull(params);
-    assertEquals("NullCipher", params.getCipherSuite());
-
-    CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
-    assertNotNull(cryptoModule);
-    assertTrue(cryptoModule instanceof CryptoModuleFactory.NullCryptoModule);
-
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-
-    params.setPlaintextOutputStream(out);
-
-    params = cryptoModule.getEncryptingOutputStream(params);
-    assertNotNull(params.getEncryptedOutputStream());
-    assertEquals(out, params.getEncryptedOutputStream());
-  }
-
-  @Test
-  public void testCryptoModuleParamsParsing() {
-    AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);
 
-    CryptoModuleParameters params = CryptoModuleFactory
-        .createParamsObjectFromAccumuloConfiguration(conf);
-
-    assertNotNull(params);
-    assertEquals("AES/GCM/NoPadding", params.getCipherSuite());
-    assertEquals("AES/CBC/NoPadding",
-        params.getAllOptions().get(Property.CRYPTO_WAL_CIPHER_SUITE.getKey()));
-    assertEquals("GCM", params.getCipherSuiteEncryptionMode());
-    assertEquals("AES", params.getKeyAlgorithmName());
-    assertEquals(128, params.getKeyLength());
-    assertEquals("SHA1PRNG", params.getRandomNumberGenerator());
-    assertEquals("SUN", params.getRandomNumberGeneratorProvider());
-    assertEquals("SunJCE", params.getSecurityProvider());
-    
assertEquals("org.apache.accumulo.core.security.crypto.CachingHDFSSecretKeyEncryptionStrategy",
-        params.getKeyEncryptionStrategyClass());
-  }
-
-  @Test
-  public void testCryptoModuleDoesntLeakSensitive() throws IOException {
-    AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);
-
-    CryptoModuleParameters params = CryptoModuleFactory
-        .createParamsObjectFromAccumuloConfiguration(conf);
-    ByteArrayOutputStream baos = new ByteArrayOutputStream();
-    params.setPlaintextOutputStream(baos);
-
-    CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
-
-    cryptoModule.getEncryptingOutputStream(params);
-    params.getEncryptedOutputStream().close();
-
-    // If we get here, we have encrypted bytes
-    byte[] streamBytes = baos.toByteArray();
-    for (Property prop : Property.values()) {
-      if (prop.isSensitive()) {
-        byte[] toCheck = prop.getKey().getBytes();
-        assertEquals(-1, Bytes.indexOf(streamBytes, toCheck));
-      }
+  @BeforeClass
+  public static void setupKeyFile() throws Exception {
+    FileSystem fs = FileSystem.getLocal(CachedConfiguration.getInstance());
+    String file = "/tmp/testAESFile";
+    Path aesPath = new Path(file);
+    fs.delete(aesPath, true);
+    fs.createNewFile(aesPath);
+    try (FSDataOutputStream out = fs.create(aesPath)) {
+      out.writeUTF("sixteenbytekey"); // 14 + 2 from writeUTF
     }
-
   }
 
-  @Test
-  public void testCryptoModuleParamsValidation1() throws IOException {
-    AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);
-
-    CryptoModuleParameters params = CryptoModuleFactory
-        .createParamsObjectFromAccumuloConfiguration(conf);
-    CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
-
-    assertTrue(cryptoModule instanceof DefaultCryptoModule);
-
-    exception.expect(RuntimeException.class);
-    cryptoModule.getEncryptingOutputStream(params);
+  @AfterClass
+  public static void cleanupKeyFile() throws Exception {
+    FileSystem fs = FileSystem.getLocal(CachedConfiguration.getInstance());
+    String file = "/tmp/testAESFile";
+    Path aesPath = new Path(file);
+    fs.delete(aesPath, true);
   }
 
   @Test
-  public void testCryptoModuleParamsValidation2() throws IOException {
+  public void simpleGCMTest() throws Exception {
     AccumuloConfiguration conf = setAndGetAccumuloConfig(CRYPTO_ON_CONF);
+    CryptoService cryptoService = CryptoServiceFactory.getConfigured(conf);
+    CryptoEnvironment env = new CryptoEnvironment(Scope.RFILE,
+        conf.getAllPropertiesWithPrefix(Property.TABLE_PREFIX));
+    FileEncrypter encrypter = cryptoService.getFileEncrypter(env);
+    String params = encrypter.getParameters();
 
-    CryptoModuleParameters params = CryptoModuleFactory
-        .createParamsObjectFromAccumuloConfiguration(conf);
-    CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(conf);
-
-    assertTrue(cryptoModule instanceof DefaultCryptoModule);
-
-    exception.expect(RuntimeException.class);
-    cryptoModule.getDecryptingInputStream(params);
-  }
-
-  private String getStringifiedBytes(String s) throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
-    DataOutputStream dataOut = new DataOutputStream(out);
+    OutputStream encrypted = encrypter.encryptStream(out);
+    // System.out.println("after enc out Bytes written " + out.size());
 
 Review comment:
   Should remove these or convert to `log.trace` or `log.debug`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

[GitHub] mikewalch commented on a change in pull request #560: Provide new Crypto interface & impl

Reply via email to