EdColeman commented on a change in pull request #2224: URL: https://github.com/apache/accumulo/pull/2224#discussion_r717724234
########## File path: server/base/src/test/java/org/apache/accumulo/server/conf/codec/VersionedPropEncryptCodecTest.java ########## @@ -0,0 +1,251 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.server.conf.codec; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.security.NoSuchAlgorithmException; +import java.time.Instant; +import java.util.Base64; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class VersionedPropEncryptCodecTest { + + private final Logger log = LoggerFactory.getLogger(VersionedPropEncryptCodecTest.class); + + /** + * Perform a round trip - encode, decode set of operations. + * + * @throws Exception + * an exception is a test failure. + */ + @Test + public void roundTripSample() throws Exception { + + // set-up sample "secret" key - for testing only. + final char[] pass = {'a', 'b', 'c'}; + final byte[] salt = {1, 2, 3}; + + VersionedPropEncryptCodec.GCMCipherParams cipherProps = + new VersionedPropEncryptCodec.GCMCipherParams(pass, salt); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, cipherProps.getSecretKey(), cipherProps.getParameterSpec()); + + byte[] payload; + + try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { + + CipherOutputStream cos = new CipherOutputStream(bos, cipher); + + DataOutputStream dos = new DataOutputStream(cos); + + dos.writeUTF("A"); + dos.writeUTF("B"); + dos.writeUTF("C"); + + cos.flush(); + cos.close(); + + payload = bos.toByteArray(); + + log.debug("Output: {}", payload); + + } + + cipher.init(Cipher.DECRYPT_MODE, cipherProps.getSecretKey(), cipherProps.getParameterSpec()); + try (ByteArrayInputStream bis = new ByteArrayInputStream(payload)) { + + // write the property map keys, values. + try (CipherInputStream cis = new CipherInputStream(bis, cipher); + + DataInputStream cdis = new DataInputStream(cis)) { + + assertEquals("A", cdis.readUTF()); + assertEquals("B", cdis.readUTF()); + assertEquals("C", cdis.readUTF()); + } + } + } + + /** + * Validate versioning with something other than default. + */ + @Test + public void roundTripEncryption() throws Exception { + + int aVersion = 13; + Instant now = Instant.now(); + + Map<String,String> p = new HashMap<>(); + p.put("k1", "v1"); + + VersionedProperties vProps = new VersionedProperties(aVersion, now, p); + + final char[] pass = {'a', 'b', 'c'}; + final byte[] salt = {1, 2, 3}; + + VersionedPropCodec encoder = VersionedPropEncryptCodec.codec(false, + new VersionedPropEncryptCodec.GCMCipherParams(pass, salt)); + + byte[] encodedBytes = encoder.toBytes(vProps); + + log.debug("Encoded: {}", encodedBytes); + + VersionedProperties decodedProps = encoder.fromBytes(encodedBytes); + + log.debug("Decoded: {}", decodedProps.print(true)); + + assertEquals(vProps.getProperties(), decodedProps.getProperties()); + + // validate that the expected node version matches original version. + assertEquals(aVersion, vProps.getDataVersion()); + + // validate encoded version incremented. + assertEquals(aVersion + 1, decodedProps.getDataVersion()); + + assertEquals("encoded version should be 1 up", aVersion + 1, decodedProps.getDataVersion()); + assertEquals("version written should be the source next version", vProps.getNextVersion(), + decodedProps.getDataVersion()); + assertEquals("the next version in decoded should be +2", aVersion + 2, + decodedProps.getNextVersion()); + + assertTrue("timestamp should be now or earlier", + vProps.getTimestamp().compareTo(Instant.now()) <= 0); + + } + + /** + * Validate versioning with something other than default. + */ + @Test + public void roundTripEncryptionCompressed() throws Exception { + + int aVersion = 13; + Instant now = Instant.now(); + + // compression friendly + Map<String,String> p = new HashMap<>(); + p.put("accumulo.prop.key_name.1", "value1"); + p.put("accumulo.prop.key_name.2", "value2"); + p.put("accumulo.prop.key_name.3", "value3"); + p.put("accumulo.prop.key_name.4", "value4"); + p.put("accumulo.prop.key_name.5", "value5"); + p.put("accumulo.prop.key_name.6", "value9"); + + VersionedProperties vProps = new VersionedProperties(aVersion, now, p); Review comment: I'm going to leave this for now ########## File path: server/base/src/main/java/org/apache/accumulo/server/conf/codec/VersionedPropCodec.java ########## @@ -0,0 +1,285 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.server.conf.codec; + +import static org.apache.accumulo.server.conf.codec.VersionedProperties.tsFormatter; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.time.Instant; +import java.time.format.DateTimeParseException; +import java.util.HashMap; +import java.util.Map; + +/** + * Abstract class to provide encoding / decoding of versioned properties. This class handles the + * serialization of the metadata and subclasses are required to implement + * {@link #encodePayload(OutputStream, VersionedProperties, EncodingOptions)} and + * {@link #decodePayload(InputStream, EncodingOptions)} to handle any specific implementation + * metadata (optional) and the property map according to the encoding scheme of the subclass. + * <p> + * The basic encoding format: + * <ul> + * <li>encoding metadata - specifies codec to be used</li> + * <li>version metadata - specifies property versioning information</li> + * <li>codec specific metadata (optional)</li> + * <li>the property map</li> + * </ul> + * + */ +public abstract class VersionedPropCodec { + + private final EncodingOptions encodingOpts; + + public VersionedPropCodec(final EncodingOptions encodingOpts) { + this.encodingOpts = encodingOpts; + } + + /** + * The general encoding options that apply to all encodings. + * + * @return the general options. + */ + public EncodingOptions getEncodingOpts() { + return encodingOpts; + } + + /** + * Serialize the versioned properties. The version information on the properties is updated if the + * data is successfully serialized. + * + * @param vProps + * the versioned properties. + * @return a byte array with the serialized properties. + */ + public byte[] toBytes(final VersionedProperties vProps) throws IOException { + + try (ByteArrayOutputStream bos = new ByteArrayOutputStream(); + DataOutputStream dos = new DataOutputStream(bos)) { + + // write encoding metadata + encodingOpts.encode(dos); + + // write version metadata + DataVersionInfo vMetadata = + new DataVersionInfo(vProps.getNextVersion(), vProps.getTimestamp()); + vMetadata.write(dos); + + // delegate property encoding to sub-class + encodePayload(bos, vProps, encodingOpts); + + return bos.toByteArray(); + } + } + + /** + * Encode the properties and optionally any specific encoding metadata that is necessary to decode + * the payload with the scheme chosen. + * + * @param out + * an output stream + * @param vProps + * the versioned properties + * @param encodingOpts + * the general encoding options. + * @throws IOException + * if an error occurs writing to the underlying output stream. + */ + abstract void encodePayload(final OutputStream out, final VersionedProperties vProps, + final EncodingOptions encodingOpts) throws IOException; + + public VersionedProperties fromBytes(final byte[] bytes) throws IOException { + + try (ByteArrayInputStream bis = new ByteArrayInputStream(bytes); + DataInputStream dis = new DataInputStream(bis)) { + + EncodingOptions encodingOpts = new EncodingOptions(dis); + + if (!checkCanDecodeVersion(encodingOpts)) { + throw new IllegalArgumentException( + "Invalid data version - cannot process the version read: " + + encodingOpts.getEncodingVersion()); + } + + DataVersionInfo vMetadata = new DataVersionInfo(dis); + + Map<String,String> props = decodePayload(bis, encodingOpts); + + return new VersionedProperties(vMetadata.getDataVersion(), vMetadata.getTimestamp(), props); + } + } + + abstract boolean checkCanDecodeVersion(final EncodingOptions encodingOpts); + + /** + * Extracts the encoding version from the encoded byte array without fully decoding the payload. + * This is a convenience method if multiple encodings are present, and should only be required if + * upgrading / changing encodings, otherwise a single encoding should be in operation for an + * instance at any given time. + * + * @param bytes + * serialized encoded versioned property byte array. + * @return the encoding version used to serialize the properties. + */ + public static int getEncodingVersion(final byte[] bytes) { + try (ByteArrayInputStream bis = new ByteArrayInputStream(bytes); + DataInputStream dis = new DataInputStream(bis)) { + return new EncodingOptions(dis).getEncodingVersion(); + } catch (NullPointerException | IOException ex) { + throw new IllegalArgumentException("Failed to read encoding version from byte array provided", + ex); + } + } + + /** + * Extracts the data version from the encoded byte array without fully decoding the payload. + * Normally the data version should be obtained from a fully decoded instance of the versioned + * properties. + * <p> + * The cost of reading the byte array from the backing store should be considered verses the + * additional cost of decoding - with a goal of reducing data reads from the store preferred. + * Generally reading from the store will be followed by some sort of usage which would require the + * full decode operation anyway. + * + * @param bytes + * serialized encoded versioned property byte array. + * @return the encoding version used to serialize the properties. + */ + public static int getDataVersion(final byte[] bytes) { + try (ByteArrayInputStream bis = new ByteArrayInputStream(bytes); + DataInputStream dis = new DataInputStream(bis)) { + // skip encoding metadata + new EncodingOptions(dis); + return new DataVersionInfo(dis).getDataVersion(); + } catch (NullPointerException | IOException ex) { + throw new IllegalArgumentException( + "Failed to read data version version from byte array provided", ex); + } + } + + /** + * Decode the payload and any optional encoding specific metadata and return a map of the property + * name, value pairs. + * + * @param inStream + * an input stream + * @param encodingOpts + * the general encoding options. + * @return a map of properties name, value pairs. + * @throws IOException + * if an exception occurs reading from the input stream. + */ + abstract Map<String,String> decodePayload(final InputStream inStream, + final EncodingOptions encodingOpts) throws IOException; + + /** + * Read the property map from a data input stream as UTF strings. The input stream should be + * created configured by sub-classes for the output of the sub-class. If the sub-class uses an + * encoding other that UTF strings, they should override this method. An example would be an + * encoding that uses JSON to encode the map. + * <p> + * The handling the properties as UTF strings is one implementation. Subclasses can implement + * different mechanism if desired, one example might be using a JSON implementation to encode / + * decode the properties. + * + * @param dis + * a data input stream + * @return the property map + * @throws IOException + * if an exception occurs reading from the stream. + */ + Map<String,String> readMapAsUTF(DataInputStream dis) throws IOException { + + Map<String,String> aMap = new HashMap<>(); + int items = dis.readInt(); + + for (int i = 0; i < items; i++) { + String k = dis.readUTF(); + String v = dis.readUTF(); + aMap.put(k, v); + } + return aMap; + } + + /** + * Write the property map to the data output stream. The underlying stream is not closed by this + * method. + * <p> + * The handling the properties as UTF strings is one implementation. Subclasses can implement + * different mechanism if desired, one example might be using a JSON implementation to encode / + * decode the properties. + * + * @param dos + * a data output stream + * @param aMap + * the property map of k, v string pairs. + * @throws IOException + * if an exception occurs. + */ + void writeMapAsUTF(final DataOutputStream dos, final Map<String,String> aMap) throws IOException { + + dos.writeInt(aMap.size()); + + for (Map.Entry<String,String> e : aMap.entrySet()) { + dos.writeUTF(e.getKey()); + dos.writeUTF(e.getValue()); + } + dos.flush(); + } + + /** + * Helper class for reading / writing versioned properties metadata. + */ + static class DataVersionInfo { + private final int dataVersion; + private final Instant timestamp; + Review comment: It is used - its is a holdover an maybe overkill for just the two values - but I like the delegation so that it does not need to be handled in multiple places. Will look at using a static method like previous suggestion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
