HDDS-2014. Create Symmetric Key for GDPR (#1362)

hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java

@@ -312,4 +312,13 @@ public final class OzoneConsts {
   public static final int S3_BUCKET_MIN_LENGTH = 3;
   public static final int S3_BUCKET_MAX_LENGTH = 64;
 
+  //GDPR
+  public static final String GDPR_ALGORITHM_NAME = "AES";
+  public static final int GDPR_RANDOM_SECRET_LENGTH = 32;
+  public static final String GDPR_CHARSET = "UTF-8";
+  public static final String GDPR_LENGTH = "length";
+  public static final String GDPR_SECRET = "secret";
+  public static final String GDPR_ALGORITHM = "algorithm";
+
+
 }

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java

@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.security;
+
+import com.google.common.base.Preconditions;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.ozone.OzoneConsts;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Symmetric Key structure for GDPR.
+ */
+public class GDPRSymmetricKey {
+
+  private SecretKeySpec secretKey;
+  private Cipher cipher;
+  private String algorithm;
+  private String secret;
+
+  public SecretKeySpec getSecretKey() {
+    return secretKey;
+  }
+
+  public Cipher getCipher() {
+    return cipher;
+  }
+
+  /**
+   * Default constructor creates key with default values.
+   * @throws Exception
+   */
+  public GDPRSymmetricKey() throws Exception {
+    algorithm = OzoneConsts.GDPR_ALGORITHM_NAME;
+    secret = RandomStringUtils
+        .randomAlphabetic(OzoneConsts.GDPR_RANDOM_SECRET_LENGTH);
+    this.secretKey = new SecretKeySpec(
+        secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
+    this.cipher = Cipher.getInstance(algorithm);
+  }
+
+  /**
+   * Overloaded constructor creates key with specified values.
+   * @throws Exception
+   */
+  public GDPRSymmetricKey(String secret, String algorithm) throws Exception {
+    Preconditions.checkArgument(secret.length() == 32,
+        "Secret must be exactly 32 characters");
+    this.secret = secret;
+    this.algorithm = algorithm;
+    this.secretKey = new SecretKeySpec(
+        secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
+    this.cipher = Cipher.getInstance(algorithm);
+  }
+
+  public Map<String, String> getKeyDetails() {
+    Map<String, String> keyDetail = new HashMap<>();
+    keyDetail.put(OzoneConsts.GDPR_SECRET, this.secret);
+    keyDetail.put(OzoneConsts.GDPR_ALGORITHM, this.algorithm);
+    return keyDetail;
+  }
+
+}

hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java

@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.security;
+
+import org.apache.hadoop.ozone.OzoneConsts;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Tests GDPRSymmetricKey structure.
+ */
+public class TestGDPRSymmetricKey {
+
+  @Test
+  public void testKeyGenerationWithDefaults() throws Exception {
+    GDPRSymmetricKey gkey = new GDPRSymmetricKey();
+
+    Assert.assertTrue(gkey.getCipher().getAlgorithm()
+        .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
+
+    gkey.getKeyDetails().forEach(
+        (k, v) -> Assert.assertTrue(v.length() > 0));
+  }
+
+  @Test
+  public void testKeyGenerationWithValidInput() throws Exception {
+    GDPRSymmetricKey gkey = new GDPRSymmetricKey(
+        "ApacheHadoopOzoneIsAnObjectStore",
+        OzoneConsts.GDPR_ALGORITHM_NAME);
+
+    Assert.assertTrue(gkey.getCipher().getAlgorithm()
+        .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
+
+    gkey.getKeyDetails().forEach(
+        (k, v) -> Assert.assertTrue(v.length() > 0));
+  }
+
+  @Test
+  public void testKeyGenerationWithInvalidInput() throws Exception {
+    GDPRSymmetricKey gkey = null;
+    try{
+      gkey = new GDPRSymmetricKey("ozone",
+          OzoneConsts.GDPR_ALGORITHM_NAME);
+    } catch (IllegalArgumentException ex) {
+      Assert.assertTrue(ex.getMessage()
+          .equalsIgnoreCase("Secret must be exactly 32 characters"));
+      Assert.assertTrue(gkey == null);
+    }
+  }
+
+
+}