Example 11 with SecureRandom
use of java.security.SecureRandom in project hadoop by apache.
the class TestProxyUsers method loadTest.
public static void loadTest(String ipString, int testRange) {
Configuration conf = new Configuration();
conf.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
conf.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), ipString);
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
// First try proxying a group that's allowed
UserGroupInformation realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
long startTime = System.nanoTime();
SecureRandom sr = new SecureRandom();
for (int i = 1; i < 1000000; i++) {
try {
ProxyUsers.authorize(proxyUserUgi, "1.2.3." + sr.nextInt(testRange));
} catch (AuthorizationException e) {
}
}
long stopTime = System.nanoTime();
long elapsedTime = stopTime - startTime;
System.out.println(elapsedTime / 1000000 + " ms");
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
SecureRandom(java.security.SecureRandom)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 12 with SecureRandom
use of java.security.SecureRandom in project hbase by apache.
the class TestEncryptionUtil method testKeyWrapping.
// There does not seem to be a ready way to test either getKeyFromBytesOrMasterKey
// or createEncryptionContext, and the existing code under MobUtils appeared to be
// untested. Not ideal!
@Test
public void testKeyWrapping() throws Exception {
// set up the key provider for testing to resolve a key for our test subject
// we don't need HBaseConfiguration for this
Configuration conf = new Configuration();
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
// generate a test key
byte[] keyBytes = new byte[AES.KEY_LENGTH];
new SecureRandom().nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Key key = new SecretKeySpec(keyBytes, algorithm);
// wrap the test key
byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
assertNotNull(wrappedKeyBytes);
// unwrap
Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
assertNotNull(unwrappedKey);
// only secretkeyspec supported for now
assertTrue(unwrappedKey instanceof SecretKeySpec);
// did we get back what we wrapped?
assertTrue("Unwrapped key bytes do not match original", Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
// unwrap with an incorrect key
try {
EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);
fail("Unwrap with incorrect key did not throw KeyException");
} catch (KeyException e) {
// expected
}
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
Key(java.security.Key)
KeyException(java.security.KeyException)
Test(org.junit.Test)
Example 13 with SecureRandom
use of java.security.SecureRandom in project hbase by apache.
the class TestEncryptionUtil method testWALKeyWrappingWithIncorrectKey.
@Test(expected = KeyException.class)
public void testWALKeyWrappingWithIncorrectKey() throws Exception {
// set up the key provider for testing to resolve a key for our test subject
// we don't need HBaseConfiguration for this
Configuration conf = new Configuration();
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
// generate a test key
byte[] keyBytes = new byte[AES.KEY_LENGTH];
new SecureRandom().nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Key key = new SecretKeySpec(keyBytes, algorithm);
// wrap the test key
byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
assertNotNull(wrappedKeyBytes);
// unwrap with an incorrect key
EncryptionUtil.unwrapWALKey(conf, "other", wrappedKeyBytes);
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
Key(java.security.Key)
Test(org.junit.Test)
Example 14 with SecureRandom
use of java.security.SecureRandom in project kafka by apache.
the class TestSslUtils method generateCertificate.
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error occurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
EOFException(java.io.EOFException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 15 with SecureRandom
use of java.security.SecureRandom in project hbase by apache.
the class TestHBaseFsckEncryption method setUp.
@Before
public void setUp() throws Exception {
conf = TEST_UTIL.getConfiguration();
conf.setInt("hfile.format.version", 3);
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
// Create the test encryption key
SecureRandom rng = new SecureRandom();
byte[] keyBytes = new byte[AES.KEY_LENGTH];
rng.nextBytes(keyBytes);
String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
cfKey = new SecretKeySpec(keyBytes, algorithm);
// Start the minicluster
TEST_UTIL.startMiniCluster(3);
// Create the table
htd = new HTableDescriptor(TableName.valueOf("default", "TestHBaseFsckEncryption"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
hcd.setEncryptionType(algorithm);
hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName()), cfKey));
htd.addFamily(hcd);
TEST_UTIL.getAdmin().createTable(htd);
TEST_UTIL.waitTableAvailable(htd.getName(), 5000);
}
Also used :
HColumnDescriptor(org.apache.hadoop.hbase.HColumnDescriptor)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SecureRandom(java.security.SecureRandom)
KeyProviderForTesting(org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting)
HTableDescriptor(org.apache.hadoop.hbase.HTableDescriptor)
Before(org.junit.Before)
Aggregations
SecureRandom (java.security.SecureRandom)639
SSLContext (javax.net.ssl.SSLContext)94
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)87
IOException (java.io.IOException)68
Test (org.junit.Test)62
SecretKey (javax.crypto.SecretKey)59
KeyGenerator (javax.crypto.KeyGenerator)53
X509Certificate (java.security.cert.X509Certificate)50
TrustManager (javax.net.ssl.TrustManager)50
Cipher (javax.crypto.Cipher)43
X509TrustManager (javax.net.ssl.X509TrustManager)40
KeyPairGenerator (java.security.KeyPairGenerator)38
BigInteger (java.math.BigInteger)35
InvalidKeyException (java.security.InvalidKeyException)34
CertificateException (java.security.cert.CertificateException)33
KeyPair (java.security.KeyPair)30
KeyStore (java.security.KeyStore)29
Random (java.util.Random)28
SecretKeySpec (javax.crypto.spec.SecretKeySpec)28
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)27
