This is an automated email from the ASF dual-hosted git repository. srowen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new a46abbc [SPARK-38756][CORE][DOCS] Clean up unused security configuration items in `TransportConf` a46abbc is described below commit a46abbc18d1874148f97b3035c553ffee8494811 Author: yangjie01 <yangji...@baidu.com> AuthorDate: Sat Apr 2 11:40:39 2022 -0500 [SPARK-38756][CORE][DOCS] Clean up unused security configuration items in `TransportConf` ### What changes were proposed in this pull request? There are some configuration items in `TransportConf` already unused after [Update Spark key negotiation protocol](https://github.com/apache/spark/commit/3b0dd14f1c5dd033ad0a6295baa288eda9dfe10a) - `spark.network.crypto.keyFactoryAlgorithm` - `spark.network.crypto.keyLength` - `spark.network.crypto.ivLength` - `spark.network.crypto.keyAlgorithm` so this pr clean up these configuration items from `TransportConf`, ` security.md` and relevant UT `AuthEngineSuite` ### Why are the changes needed? Clean up unused security configuration items. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA Closes #36035 from LuciferYang/unused-security-config. Authored-by: yangjie01 <yangji...@baidu.com> Signed-off-by: Sean Owen <sro...@gmail.com> --- .../apache/spark/network/util/TransportConf.java | 41 ---------------------- .../spark/network/crypto/AuthEngineSuite.java | 15 -------- docs/security.md | 17 --------- 3 files changed, 73 deletions(-) diff --git a/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java b/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java index f73e3ce..57bd494 100644 --- a/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java +++ b/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java @@ -220,47 +220,6 @@ public class TransportConf { } /** - * The key generation algorithm. This should be an algorithm that accepts a "PBEKeySpec" - * as input. The default value (PBKDF2WithHmacSHA1) is available in Java 7. - */ - public String keyFactoryAlgorithm() { - return conf.get("spark.network.crypto.keyFactoryAlgorithm", "PBKDF2WithHmacSHA1"); - } - - /** - * How many iterations to run when generating keys. - * - * See some discussion about this at: http://security.stackexchange.com/q/3959 - * The default value was picked for speed, since it assumes that the secret has good entropy - * (128 bits by default), which is not generally the case with user passwords. - */ - public int keyFactoryIterations() { - return conf.getInt("spark.network.crypto.keyFactoryIterations", 1024); - } - - /** - * Encryption key length, in bits. - */ - public int encryptionKeyLength() { - return conf.getInt("spark.network.crypto.keyLength", 128); - } - - /** - * Initial vector length, in bytes. - */ - public int ivLength() { - return conf.getInt("spark.network.crypto.ivLength", 16); - } - - /** - * The algorithm for generated secret keys. Nobody should really need to change this, - * but configurable just in case. - */ - public String keyAlgorithm() { - return conf.get("spark.network.crypto.keyAlgorithm", "AES"); - } - - /** * Whether to fall back to SASL if the new auth protocol fails. Enabled by default for * backwards compatibility. */ diff --git a/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java b/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java index 33a8ce2..22dbdc7 100644 --- a/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java +++ b/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java @@ -20,10 +20,8 @@ package org.apache.spark.network.crypto; import java.nio.ByteBuffer; import java.nio.channels.WritableByteChannel; import java.security.GeneralSecurityException; -import java.util.Map; import java.util.Random; -import com.google.common.collect.ImmutableMap; import com.google.crypto.tink.subtle.Hex; import io.netty.buffer.ByteBuf; import io.netty.buffer.Unpooled; @@ -188,19 +186,6 @@ public class AuthEngineSuite { } } - @Test(expected = AssertionError.class) - public void testBadKeySize() throws Exception { - Map<String, String> mconf = ImmutableMap.of("spark.network.crypto.keyLength", "42"); - TransportConf conf = new TransportConf("rpc", new MapConfigProvider(mconf)); - - try (AuthEngine engine = new AuthEngine("appId", "secret", conf)) { - engine.challenge(); - fail("Should have failed to create challenge message."); - // Call close explicitly to make sure it's idempotent. - engine.close(); - } - } - @Test public void testEncryptedMessage() throws Exception { try (AuthEngine client = new AuthEngine("appId", "secret", conf); diff --git a/docs/security.md b/docs/security.md index a75ca82..b0bf562 100644 --- a/docs/security.md +++ b/docs/security.md @@ -156,23 +156,6 @@ The following table describes the different options available for configuring th <td>2.2.0</td> </tr> <tr> - <td><code>spark.network.crypto.keyLength</code></td> - <td>128</td> - <td> - The length in bits of the encryption key to generate. Valid values are 128, 192 and 256. - </td> - <td>2.2.0</td> -</tr> -<tr> - <td><code>spark.network.crypto.keyFactoryAlgorithm</code></td> - <td>PBKDF2WithHmacSHA1</td> - <td> - The key factory algorithm to use when generating encryption keys. Should be one of the - algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE being used. - </td> - <td>2.2.0</td> -</tr> -<tr> <td><code>spark.network.crypto.config.*</code></td> <td>None</td> <td> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org