Example 1 with SecretKeySpec
use of javax.crypto.spec.SecretKeySpec in project hadoop by apache.
the class AbstractJavaKeyStoreProvider method innerSetCredential.
CredentialEntry innerSetCredential(String alias, char[] material) throws IOException {
writeLock.lock();
try {
keyStore.setKeyEntry(alias, new SecretKeySpec(new String(material).getBytes("UTF-8"), "AES"), password, null);
} catch (KeyStoreException e) {
throw new IOException("Can't store credential " + alias + " in " + this, e);
} finally {
writeLock.unlock();
}
changed = true;
return new CredentialEntry(alias, material);
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Example 2 with SecretKeySpec
use of javax.crypto.spec.SecretKeySpec in project hbase by apache.
the class TestEncryptionUtil method testKeyWrapping.
// There does not seem to be a ready way to test either getKeyFromBytesOrMasterKey
// or createEncryptionContext, and the existing code under MobUtils appeared to be
// untested. Not ideal!
@Test
public void testKeyWrapping() throws Exception {
// set up the key provider for testing to resolve a key for our test subject
// we don't need HBaseConfiguration for this
Configuration conf = new Configuration();
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
// generate a test key
byte[] keyBytes = new byte[AES.KEY_LENGTH];
new SecureRandom().nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Key key = new SecretKeySpec(keyBytes, algorithm);
// wrap the test key
byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
assertNotNull(wrappedKeyBytes);
// unwrap
Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
assertNotNull(unwrappedKey);
// only secretkeyspec supported for now
assertTrue(unwrappedKey instanceof SecretKeySpec);
// did we get back what we wrapped?
assertTrue("Unwrapped key bytes do not match original", Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
// unwrap with an incorrect key
try {
EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);
fail("Unwrap with incorrect key did not throw KeyException");
} catch (KeyException e) {
// expected
}
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
Key(java.security.Key)
KeyException(java.security.KeyException)
Test(org.junit.Test)
Example 3 with SecretKeySpec
use of javax.crypto.spec.SecretKeySpec in project hbase by apache.
the class TestEncryptionUtil method testWALKeyWrappingWithIncorrectKey.
@Test(expected = KeyException.class)
public void testWALKeyWrappingWithIncorrectKey() throws Exception {
// set up the key provider for testing to resolve a key for our test subject
// we don't need HBaseConfiguration for this
Configuration conf = new Configuration();
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
// generate a test key
byte[] keyBytes = new byte[AES.KEY_LENGTH];
new SecureRandom().nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Key key = new SecretKeySpec(keyBytes, algorithm);
// wrap the test key
byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
assertNotNull(wrappedKeyBytes);
// unwrap with an incorrect key
EncryptionUtil.unwrapWALKey(conf, "other", wrappedKeyBytes);
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
Key(java.security.Key)
Test(org.junit.Test)
Example 4 with SecretKeySpec
use of javax.crypto.spec.SecretKeySpec in project hbase by apache.
the class TestEncryption method checkTransformSymmetry.
private void checkTransformSymmetry(byte[] keyBytes, byte[] iv, byte[] plaintext) throws Exception {
LOG.info("checkTransformSymmetry: AES, plaintext length = " + plaintext.length);
Configuration conf = HBaseConfiguration.create();
String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Cipher aes = Encryption.getCipher(conf, algorithm);
Key key = new SecretKeySpec(keyBytes, algorithm);
Encryptor e = aes.getEncryptor();
e.setKey(key);
e.setIv(iv);
e.reset();
ByteArrayOutputStream encOut = new ByteArrayOutputStream();
Encryption.encrypt(encOut, plaintext, 0, plaintext.length, e);
byte[] encrypted = encOut.toByteArray();
Decryptor d = aes.getDecryptor();
d.setKey(key);
d.setIv(iv);
d.reset();
ByteArrayInputStream encIn = new ByteArrayInputStream(encrypted);
ByteArrayOutputStream decOut = new ByteArrayOutputStream();
Encryption.decrypt(decOut, encIn, plaintext.length, d);
byte[] result = decOut.toByteArray();
assertEquals("Decrypted result has different length than plaintext", result.length, plaintext.length);
assertTrue("Transformation was not symmetric", Bytes.equals(result, plaintext));
}
Also used :
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Key(java.security.Key)
Example 5 with SecretKeySpec
use of javax.crypto.spec.SecretKeySpec in project hbase by apache.
the class TestHBaseFsckEncryption method setUp.
@Before
public void setUp() throws Exception {
conf = TEST_UTIL.getConfiguration();
conf.setInt("hfile.format.version", 3);
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
// Create the test encryption key
SecureRandom rng = new SecureRandom();
byte[] keyBytes = new byte[AES.KEY_LENGTH];
rng.nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
cfKey = new SecretKeySpec(keyBytes, algorithm);
// Start the minicluster
TEST_UTIL.startMiniCluster(3);
// Create the table
htd = new HTableDescriptor(TableName.valueOf("default", "TestHBaseFsckEncryption"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
hcd.setEncryptionType(algorithm);
hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName()), cfKey));
htd.addFamily(hcd);
TEST_UTIL.getAdmin().createTable(htd);
TEST_UTIL.waitTableAvailable(htd.getName(), 5000);
}
Also used :
HColumnDescriptor(org.apache.hadoop.hbase.HColumnDescriptor)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
HTableDescriptor(org.apache.hadoop.hbase.HTableDescriptor)
Before(org.junit.Before)
Aggregations
SecretKeySpec (javax.crypto.spec.SecretKeySpec)432
Cipher (javax.crypto.Cipher)165
SecretKey (javax.crypto.SecretKey)128
Mac (javax.crypto.Mac)101
IvParameterSpec (javax.crypto.spec.IvParameterSpec)95
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)80
InvalidKeyException (java.security.InvalidKeyException)55
IOException (java.io.IOException)39
SecureRandom (java.security.SecureRandom)28
UnsupportedEncodingException (java.io.UnsupportedEncodingException)27
Key (java.security.Key)27
GeneralSecurityException (java.security.GeneralSecurityException)25
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)25
BadPaddingException (javax.crypto.BadPaddingException)23
MessageDigest (java.security.MessageDigest)22
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)21
Test (org.junit.Test)19
PrivateKey (java.security.PrivateKey)18
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)17
PublicKey (java.security.PublicKey)16
