Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDDS-2227. GDPR key generation could benefit from secureRandom. (#1574)

This commit is contained in:
Anu Engineer 2019-10-02 12:34:53 -07:00 committed by GitHub
parent ffd4e52725
commit 685918ef41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
View File

@ -94,6 +94,7 @@ import javax.crypto.CipherOutputStream;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.*; import java.util.*;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -587,7 +588,7 @@ public class RpcClient implements ClientProtocol {
if(Boolean.valueOf(metadata.get(OzoneConsts.GDPR_FLAG))){ if(Boolean.valueOf(metadata.get(OzoneConsts.GDPR_FLAG))){
try{ try{
GDPRSymmetricKey gKey = new GDPRSymmetricKey(); GDPRSymmetricKey gKey = new GDPRSymmetricKey(new SecureRandom());
metadata.putAll(gKey.getKeyDetails()); metadata.putAll(gKey.getKeyDetails());
}catch (Exception e) { }catch (Exception e) {
if(e instanceof InvalidKeyException && if(e instanceof InvalidKeyException &&

8
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java
View File

@ -20,6 +20,7 @@ import com.google.common.base.Preconditions;
import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.ozone.OzoneConsts; import org.apache.hadoop.ozone.OzoneConsts;
import java.security.SecureRandom;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -48,10 +49,11 @@ public class GDPRSymmetricKey {
* Default constructor creates key with default values. * Default constructor creates key with default values.
* @throws Exception * @throws Exception
*/ */
public GDPRSymmetricKey() throws Exception { public GDPRSymmetricKey(SecureRandom secureRandom) throws Exception {
algorithm = OzoneConsts.GDPR_ALGORITHM_NAME; algorithm = OzoneConsts.GDPR_ALGORITHM_NAME;
secret = RandomStringUtils secret = RandomStringUtils.random(
.randomAlphabetic(OzoneConsts.GDPR_DEFAULT_RANDOM_SECRET_LENGTH); OzoneConsts.GDPR_DEFAULT_RANDOM_SECRET_LENGTH,
0, 0, true, true, null, secureRandom);
this.secretKey = new SecretKeySpec( this.secretKey = new SecretKeySpec(
secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm); secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
this.cipher = Cipher.getInstance(algorithm); this.cipher = Cipher.getInstance(algorithm);

4
hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java
View File

@ -21,6 +21,8 @@ import org.apache.hadoop.ozone.OzoneConsts;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import java.security.SecureRandom;
/** /**
* Tests GDPRSymmetricKey structure. * Tests GDPRSymmetricKey structure.
*/ */
@ -28,7 +30,7 @@ public class TestGDPRSymmetricKey {
@Test @Test
public void testKeyGenerationWithDefaults() throws Exception { public void testKeyGenerationWithDefaults() throws Exception {
GDPRSymmetricKey gkey = new GDPRSymmetricKey(); GDPRSymmetricKey gkey = new GDPRSymmetricKey(new SecureRandom());
Assert.assertTrue(gkey.getCipher().getAlgorithm() Assert.assertTrue(gkey.getCipher().getAlgorithm()
.equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME)); .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));