From 46696bd9b0118dc49d4f225d668a7e8cbdd3a6a0 Mon Sep 17 00:00:00 2001
From: dineshchitlangia <dineshchitlangia@gmail.com>
Date: Fri, 30 Aug 2019 12:55:36 -0400
Subject: [PATCH] HDDS-2014. Create Symmetric Key for GDPR (#1362)

---
 .../org/apache/hadoop/ozone/OzoneConsts.java  |  9 +++
 .../ozone/security/GDPRSymmetricKey.java      | 81 +++++++++++++++++++
 .../ozone/security/TestGDPRSymmetricKey.java  | 66 +++++++++++++++
 3 files changed, 156 insertions(+)
 create mode 100644 hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java
 create mode 100644 hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java

diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
index 80e9260c715..398cce2efc8 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
@@ -312,4 +312,13 @@ private OzoneConsts() {
   public static final int S3_BUCKET_MIN_LENGTH = 3;
   public static final int S3_BUCKET_MAX_LENGTH = 64;
 
+  //GDPR
+  public static final String GDPR_ALGORITHM_NAME = "AES";
+  public static final int GDPR_RANDOM_SECRET_LENGTH = 32;
+  public static final String GDPR_CHARSET = "UTF-8";
+  public static final String GDPR_LENGTH = "length";
+  public static final String GDPR_SECRET = "secret";
+  public static final String GDPR_ALGORITHM = "algorithm";
+
+
 }
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java
new file mode 100644
index 00000000000..77acf54bb74
--- /dev/null
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.security;
+
+import com.google.common.base.Preconditions;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.ozone.OzoneConsts;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Symmetric Key structure for GDPR.
+ */
+public class GDPRSymmetricKey {
+
+  private SecretKeySpec secretKey;
+  private Cipher cipher;
+  private String algorithm;
+  private String secret;
+
+  public SecretKeySpec getSecretKey() {
+    return secretKey;
+  }
+
+  public Cipher getCipher() {
+    return cipher;
+  }
+
+  /**
+   * Default constructor creates key with default values.
+   * @throws Exception
+   */
+  public GDPRSymmetricKey() throws Exception {
+    algorithm = OzoneConsts.GDPR_ALGORITHM_NAME;
+    secret = RandomStringUtils
+        .randomAlphabetic(OzoneConsts.GDPR_RANDOM_SECRET_LENGTH);
+    this.secretKey = new SecretKeySpec(
+        secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
+    this.cipher = Cipher.getInstance(algorithm);
+  }
+
+  /**
+   * Overloaded constructor creates key with specified values.
+   * @throws Exception
+   */
+  public GDPRSymmetricKey(String secret, String algorithm) throws Exception {
+    Preconditions.checkArgument(secret.length() == 32,
+        "Secret must be exactly 32 characters");
+    this.secret = secret;
+    this.algorithm = algorithm;
+    this.secretKey = new SecretKeySpec(
+        secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
+    this.cipher = Cipher.getInstance(algorithm);
+  }
+
+  public Map<String, String> getKeyDetails() {
+    Map<String, String> keyDetail = new HashMap<>();
+    keyDetail.put(OzoneConsts.GDPR_SECRET, this.secret);
+    keyDetail.put(OzoneConsts.GDPR_ALGORITHM, this.algorithm);
+    return keyDetail;
+  }
+
+}
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java
new file mode 100644
index 00000000000..4f06eabd194
--- /dev/null
+++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.security;
+
+import org.apache.hadoop.ozone.OzoneConsts;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Tests GDPRSymmetricKey structure.
+ */
+public class TestGDPRSymmetricKey {
+
+  @Test
+  public void testKeyGenerationWithDefaults() throws Exception {
+    GDPRSymmetricKey gkey = new GDPRSymmetricKey();
+
+    Assert.assertTrue(gkey.getCipher().getAlgorithm()
+        .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
+
+    gkey.getKeyDetails().forEach(
+        (k, v) -> Assert.assertTrue(v.length() > 0));
+  }
+
+  @Test
+  public void testKeyGenerationWithValidInput() throws Exception {
+    GDPRSymmetricKey gkey = new GDPRSymmetricKey(
+        "ApacheHadoopOzoneIsAnObjectStore",
+        OzoneConsts.GDPR_ALGORITHM_NAME);
+
+    Assert.assertTrue(gkey.getCipher().getAlgorithm()
+        .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
+
+    gkey.getKeyDetails().forEach(
+        (k, v) -> Assert.assertTrue(v.length() > 0));
+  }
+
+  @Test
+  public void testKeyGenerationWithInvalidInput() throws Exception {
+    GDPRSymmetricKey gkey = null;
+    try{
+      gkey = new GDPRSymmetricKey("ozone",
+          OzoneConsts.GDPR_ALGORITHM_NAME);
+    } catch (IllegalArgumentException ex) {
+      Assert.assertTrue(ex.getMessage()
+          .equalsIgnoreCase("Secret must be exactly 32 characters"));
+      Assert.assertTrue(gkey == null);
+    }
+  }
+
+
+}