[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV

2014-05-30 Thread Alejandro Abdelnur (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14013366#comment-14013366
 ] 

Alejandro Abdelnur commented on HADOOP-10635:
-

LGTM, +1. I would do a minor change before committing, I'd move the 
DEFAULT_SECURE_RANDOM_ALG constant to CommonConfigurationKeysPublic.java.

 Add a method to CryptoCodec to generate SRNs for IV
 ---

 Key: HADOOP-10635
 URL: https://issues.apache.org/jira/browse/HADOOP-10635
 Project: Hadoop Common
  Issue Type: Sub-task
  Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
 Fix For: 3.0.0

 Attachments: HADOOP-10635.1.patch, HADOOP-10635.patch


 SRN generators are provided by crypto libraries. the CryptoCodec gives access 
 to a crypto library, thus it makes sense to expose the SRN generator on the 
 CryptoCodec API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV

2014-05-30 Thread Yi Liu (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14013369#comment-14013369
 ] 

Yi Liu commented on HADOOP-10635:
-

Thanks Alejandro :-)

 Add a method to CryptoCodec to generate SRNs for IV
 ---

 Key: HADOOP-10635
 URL: https://issues.apache.org/jira/browse/HADOOP-10635
 Project: Hadoop Common
  Issue Type: Sub-task
  Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
 Fix For: 3.0.0

 Attachments: HADOOP-10635.1.patch, HADOOP-10635.patch


 SRN generators are provided by crypto libraries. the CryptoCodec gives access 
 to a crypto library, thus it makes sense to expose the SRN generator on the 
 CryptoCodec API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV

2014-05-29 Thread Charles Lamb (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012441#comment-14012441
 ] 

Charles Lamb commented on HADOOP-10635:
---

In general this looks good. I have a few little nits. For ternary constructs, I 
believe the standard is to put the ? and : at the end of the line rather than 
the start of the line below.  So,

thing ?
yes :
no;

s/jce/JCE/

In generateSecureRandom, byte[] data could benefit from a final.

It's a shame that HadoopIllegalArgumentException can't be used to wrap the 
GeneralSecurityException. Do you want to take the exception message from the 
GSE and include it in the HIAE message text to give the user some idea of what 
may be going on?


 Add a method to CryptoCodec to generate SRNs for IV
 ---

 Key: HADOOP-10635
 URL: https://issues.apache.org/jira/browse/HADOOP-10635
 Project: Hadoop Common
  Issue Type: Sub-task
  Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
 Fix For: 3.0.0

 Attachments: HADOOP-10635.patch


 SRN generators are provided by crypto libraries. the CryptoCodec gives access 
 to a crypto library, thus it makes sense to expose the SRN generator on the 
 CryptoCodec API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV

2014-05-29 Thread Alejandro Abdelnur (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012634#comment-14012634
 ] 

Alejandro Abdelnur commented on HADOOP-10635:
-

How about making the SR algorithm configurable with SHA1PRNG as default?

Regarding the HadoopIllegalArgumentException, I'd say use JDK 
IllegalArgumentException and pass the GSEx as cause.

Please add a simple testcase. 



 Add a method to CryptoCodec to generate SRNs for IV
 ---

 Key: HADOOP-10635
 URL: https://issues.apache.org/jira/browse/HADOOP-10635
 Project: Hadoop Common
  Issue Type: Sub-task
  Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
 Fix For: 3.0.0

 Attachments: HADOOP-10635.patch


 SRN generators are provided by crypto libraries. the CryptoCodec gives access 
 to a crypto library, thus it makes sense to expose the SRN generator on the 
 CryptoCodec API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV

2014-05-28 Thread Alejandro Abdelnur (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012075#comment-14012075
 ] 

Alejandro Abdelnur commented on HADOOP-10635:
-

Adding a method {{byte[] generateSecureRandom(int bytes)}} would do the trick, 
then the impl could get a SecureRandom instance from the same provider used to 
get the cipher.

 Add a method to CryptoCodec to generate SRNs for IV
 ---

 Key: HADOOP-10635
 URL: https://issues.apache.org/jira/browse/HADOOP-10635
 Project: Hadoop Common
  Issue Type: Sub-task
  Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Alejandro Abdelnur
Assignee: Yi Liu
 Fix For: 3.0.0


 SRN generators are provided by crypto libraries. the CryptoCodec gives access 
 to a crypto library, thus it makes sense to expose the SRN generator on the 
 CryptoCodec API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)