From 46696bd9b0118dc49d4f225d668a7e8cbdd3a6a0 Mon Sep 17 00:00:00 2001 From: dineshchitlangia Date: Fri, 30 Aug 2019 12:55:36 -0400 Subject: [PATCH] HDDS-2014. Create Symmetric Key for GDPR (#1362) --- .../org/apache/hadoop/ozone/OzoneConsts.java | 9 +++ .../ozone/security/GDPRSymmetricKey.java | 81 +++++++++++++++++++ .../ozone/security/TestGDPRSymmetricKey.java | 66 +++++++++++++++ 3 files changed, 156 insertions(+) create mode 100644 hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java create mode 100644 hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java index 80e9260c715..398cce2efc8 100644 --- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java @@ -312,4 +312,13 @@ public final class OzoneConsts { public static final int S3_BUCKET_MIN_LENGTH = 3; public static final int S3_BUCKET_MAX_LENGTH = 64; + //GDPR + public static final String GDPR_ALGORITHM_NAME = "AES"; + public static final int GDPR_RANDOM_SECRET_LENGTH = 32; + public static final String GDPR_CHARSET = "UTF-8"; + public static final String GDPR_LENGTH = "length"; + public static final String GDPR_SECRET = "secret"; + public static final String GDPR_ALGORITHM = "algorithm"; + + } diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java new file mode 100644 index 00000000000..77acf54bb74 --- /dev/null +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java @@ -0,0 +1,81 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.hadoop.ozone.security; + +import com.google.common.base.Preconditions; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.hadoop.ozone.OzoneConsts; + +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; + +/** + * Symmetric Key structure for GDPR. + */ +public class GDPRSymmetricKey { + + private SecretKeySpec secretKey; + private Cipher cipher; + private String algorithm; + private String secret; + + public SecretKeySpec getSecretKey() { + return secretKey; + } + + public Cipher getCipher() { + return cipher; + } + + /** + * Default constructor creates key with default values. + * @throws Exception + */ + public GDPRSymmetricKey() throws Exception { + algorithm = OzoneConsts.GDPR_ALGORITHM_NAME; + secret = RandomStringUtils + .randomAlphabetic(OzoneConsts.GDPR_RANDOM_SECRET_LENGTH); + this.secretKey = new SecretKeySpec( + secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm); + this.cipher = Cipher.getInstance(algorithm); + } + + /** + * Overloaded constructor creates key with specified values. + * @throws Exception + */ + public GDPRSymmetricKey(String secret, String algorithm) throws Exception { + Preconditions.checkArgument(secret.length() == 32, + "Secret must be exactly 32 characters"); + this.secret = secret; + this.algorithm = algorithm; + this.secretKey = new SecretKeySpec( + secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm); + this.cipher = Cipher.getInstance(algorithm); + } + + public Map getKeyDetails() { + Map keyDetail = new HashMap<>(); + keyDetail.put(OzoneConsts.GDPR_SECRET, this.secret); + keyDetail.put(OzoneConsts.GDPR_ALGORITHM, this.algorithm); + return keyDetail; + } + +} diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java new file mode 100644 index 00000000000..4f06eabd194 --- /dev/null +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java @@ -0,0 +1,66 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.hadoop.ozone.security; + +import org.apache.hadoop.ozone.OzoneConsts; +import org.junit.Assert; +import org.junit.Test; + +/** + * Tests GDPRSymmetricKey structure. + */ +public class TestGDPRSymmetricKey { + + @Test + public void testKeyGenerationWithDefaults() throws Exception { + GDPRSymmetricKey gkey = new GDPRSymmetricKey(); + + Assert.assertTrue(gkey.getCipher().getAlgorithm() + .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME)); + + gkey.getKeyDetails().forEach( + (k, v) -> Assert.assertTrue(v.length() > 0)); + } + + @Test + public void testKeyGenerationWithValidInput() throws Exception { + GDPRSymmetricKey gkey = new GDPRSymmetricKey( + "ApacheHadoopOzoneIsAnObjectStore", + OzoneConsts.GDPR_ALGORITHM_NAME); + + Assert.assertTrue(gkey.getCipher().getAlgorithm() + .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME)); + + gkey.getKeyDetails().forEach( + (k, v) -> Assert.assertTrue(v.length() > 0)); + } + + @Test + public void testKeyGenerationWithInvalidInput() throws Exception { + GDPRSymmetricKey gkey = null; + try{ + gkey = new GDPRSymmetricKey("ozone", + OzoneConsts.GDPR_ALGORITHM_NAME); + } catch (IllegalArgumentException ex) { + Assert.assertTrue(ex.getMessage() + .equalsIgnoreCase("Secret must be exactly 32 characters")); + Assert.assertTrue(gkey == null); + } + } + + +}