[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV
[ https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14013366#comment-14013366 ] Alejandro Abdelnur commented on HADOOP-10635: - LGTM, +1. I would do a minor change before committing, I'd move the DEFAULT_SECURE_RANDOM_ALG constant to CommonConfigurationKeysPublic.java. Add a method to CryptoCodec to generate SRNs for IV --- Key: HADOOP-10635 URL: https://issues.apache.org/jira/browse/HADOOP-10635 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: 3.0.0 Attachments: HADOOP-10635.1.patch, HADOOP-10635.patch SRN generators are provided by crypto libraries. the CryptoCodec gives access to a crypto library, thus it makes sense to expose the SRN generator on the CryptoCodec API. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV
[ https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14013369#comment-14013369 ] Yi Liu commented on HADOOP-10635: - Thanks Alejandro :-) Add a method to CryptoCodec to generate SRNs for IV --- Key: HADOOP-10635 URL: https://issues.apache.org/jira/browse/HADOOP-10635 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: 3.0.0 Attachments: HADOOP-10635.1.patch, HADOOP-10635.patch SRN generators are provided by crypto libraries. the CryptoCodec gives access to a crypto library, thus it makes sense to expose the SRN generator on the CryptoCodec API. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV
[ https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012441#comment-14012441 ] Charles Lamb commented on HADOOP-10635: --- In general this looks good. I have a few little nits. For ternary constructs, I believe the standard is to put the ? and : at the end of the line rather than the start of the line below. So, thing ? yes : no; s/jce/JCE/ In generateSecureRandom, byte[] data could benefit from a final. It's a shame that HadoopIllegalArgumentException can't be used to wrap the GeneralSecurityException. Do you want to take the exception message from the GSE and include it in the HIAE message text to give the user some idea of what may be going on? Add a method to CryptoCodec to generate SRNs for IV --- Key: HADOOP-10635 URL: https://issues.apache.org/jira/browse/HADOOP-10635 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: 3.0.0 Attachments: HADOOP-10635.patch SRN generators are provided by crypto libraries. the CryptoCodec gives access to a crypto library, thus it makes sense to expose the SRN generator on the CryptoCodec API. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV
[ https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012634#comment-14012634 ] Alejandro Abdelnur commented on HADOOP-10635: - How about making the SR algorithm configurable with SHA1PRNG as default? Regarding the HadoopIllegalArgumentException, I'd say use JDK IllegalArgumentException and pass the GSEx as cause. Please add a simple testcase. Add a method to CryptoCodec to generate SRNs for IV --- Key: HADOOP-10635 URL: https://issues.apache.org/jira/browse/HADOOP-10635 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: 3.0.0 Attachments: HADOOP-10635.patch SRN generators are provided by crypto libraries. the CryptoCodec gives access to a crypto library, thus it makes sense to expose the SRN generator on the CryptoCodec API. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10635) Add a method to CryptoCodec to generate SRNs for IV
[ https://issues.apache.org/jira/browse/HADOOP-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14012075#comment-14012075 ] Alejandro Abdelnur commented on HADOOP-10635: - Adding a method {{byte[] generateSecureRandom(int bytes)}} would do the trick, then the impl could get a SecureRandom instance from the same provider used to get the cipher. Add a method to CryptoCodec to generate SRNs for IV --- Key: HADOOP-10635 URL: https://issues.apache.org/jira/browse/HADOOP-10635 Project: Hadoop Common Issue Type: Sub-task Components: security Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) Reporter: Alejandro Abdelnur Assignee: Yi Liu Fix For: 3.0.0 SRN generators are provided by crypto libraries. the CryptoCodec gives access to a crypto library, thus it makes sense to expose the SRN generator on the CryptoCodec API. -- This message was sent by Atlassian JIRA (v6.2#6252)