Example 1 with FileDecrypter
use of org.apache.accumulo.core.spi.crypto.FileDecrypter in project accumulo by apache.
the class CryptoTest method decrypt.
private void decrypt(byte[] resultingBytes, Scope scope, ConfigMode configMode) throws Exception {
try (DataInputStream dataIn = new DataInputStream(new ByteArrayInputStream(resultingBytes))) {
AccumuloConfiguration conf = getAccumuloConfig(configMode);
CryptoService cs = CryptoServiceFactory.newInstance(conf, ClassloaderType.JAVA);
FileDecrypter decrypter = getFileDecrypter(cs, scope, dataIn);
try (DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(dataIn))) {
String markerString = decrypted.readUTF();
int markerInt = decrypted.readInt();
assertEquals(MARKER_STRING, markerString);
assertEquals(MARKER_INT, markerInt);
}
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService)
CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService)
CryptoUtils.getFileDecrypter(org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)
FileDecrypter(org.apache.accumulo.core.spi.crypto.FileDecrypter)
DataInputStream(java.io.DataInputStream)
AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration)
Example 2 with FileDecrypter
use of org.apache.accumulo.core.spi.crypto.FileDecrypter in project accumulo by apache.
the class CryptoTest method simpleGCMTest.
@Test
public void simpleGCMTest() throws Exception {
AccumuloConfiguration conf = getAccumuloConfig(ConfigMode.CRYPTO_ON);
CryptoService cs = new AESCryptoService();
cs.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
CryptoEnvironment encEnv = new CryptoEnvironmentImpl(Scope.RFILE, null);
FileEncrypter encrypter = cs.getFileEncrypter(encEnv);
byte[] params = encrypter.getDecryptionParameters();
assertNotNull(params);
ByteArrayOutputStream out = new ByteArrayOutputStream();
DataOutputStream dataOut = new DataOutputStream(out);
CryptoUtils.writeParams(params, dataOut);
OutputStream encrypted = encrypter.encryptStream(dataOut);
assertNotNull(encrypted);
DataOutputStream cipherOut = new DataOutputStream(encrypted);
cipherOut.writeUTF(MARKER_STRING);
cipherOut.close();
dataOut.close();
encrypted.close();
out.close();
byte[] cipherText = out.toByteArray();
// decrypt
ByteArrayInputStream in = new ByteArrayInputStream(cipherText);
FileDecrypter decrypter = getFileDecrypter(cs, Scope.RFILE, new DataInputStream(in));
DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(in));
String plainText = decrypted.readUTF();
decrypted.close();
in.close();
assertEquals(MARKER_STRING, new String(plainText));
}
Also used :
CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment)
DataOutputStream(java.io.DataOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
CryptoUtils.getFileDecrypter(org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)
FileDecrypter(org.apache.accumulo.core.spi.crypto.FileDecrypter)
DataOutputStream(java.io.DataOutputStream)
NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DataInputStream(java.io.DataInputStream)
FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter)
AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService)
AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService)
CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration)
Test(org.junit.jupiter.api.Test)
Example 3 with FileDecrypter
use of org.apache.accumulo.core.spi.crypto.FileDecrypter in project accumulo by apache.
the class DfsLogger method getDecryptingStream.
/**
* Reads the WAL file header, and returns a decrypting stream which wraps the original stream. If
* the file is not encrypted, the original stream is returned.
*
* @throws LogHeaderIncompleteException
* if the header cannot be fully read (can happen if the tserver died before finishing)
*/
public static DataInputStream getDecryptingStream(FSDataInputStream input, AccumuloConfiguration conf) throws LogHeaderIncompleteException, IOException {
DataInputStream decryptingInput;
byte[] magic4 = DfsLogger.LOG_FILE_HEADER_V4.getBytes(UTF_8);
byte[] magic3 = DfsLogger.LOG_FILE_HEADER_V3.getBytes(UTF_8);
if (magic4.length != magic3.length)
throw new AssertionError("Always expect log file headers to be same length : " + magic4.length + " != " + magic3.length);
byte[] magicBuffer = new byte[magic4.length];
try {
input.readFully(magicBuffer);
if (Arrays.equals(magicBuffer, magic4)) {
CryptoService cryptoService = CryptoServiceFactory.newInstance(conf, ClassloaderType.ACCUMULO);
FileDecrypter decrypter = CryptoUtils.getFileDecrypter(cryptoService, Scope.WAL, input);
log.debug("Using {} for decrypting WAL", cryptoService.getClass().getSimpleName());
decryptingInput = cryptoService instanceof NoCryptoService ? input : new DataInputStream(decrypter.decryptStream(input));
} else if (Arrays.equals(magicBuffer, magic3)) {
// Read logs files from Accumulo 1.9
String cryptoModuleClassname = input.readUTF();
if (!cryptoModuleClassname.equals("NullCryptoModule")) {
throw new IllegalArgumentException("Old encryption modules not supported at this time. Unsupported module : " + cryptoModuleClassname);
}
decryptingInput = input;
} else {
throw new IllegalArgumentException("Unsupported write ahead log version " + new String(magicBuffer));
}
} catch (EOFException e) {
// A TabletServer might have died before the (complete) header was written
throw new LogHeaderIncompleteException(e);
}
return decryptingInput;
}
Also used :
NoCryptoService(org.apache.accumulo.core.spi.crypto.NoCryptoService)
CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService)
NoCryptoService(org.apache.accumulo.core.spi.crypto.NoCryptoService)
FileDecrypter(org.apache.accumulo.core.spi.crypto.FileDecrypter)
EOFException(java.io.EOFException)
FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream)
DataInputStream(java.io.DataInputStream)
Aggregations
DataInputStream (java.io.DataInputStream)3
CryptoService (org.apache.accumulo.core.spi.crypto.CryptoService)3
FileDecrypter (org.apache.accumulo.core.spi.crypto.FileDecrypter)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
AccumuloConfiguration (org.apache.accumulo.core.conf.AccumuloConfiguration)2
CryptoUtils.getFileDecrypter (org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)2
AESCryptoService (org.apache.accumulo.core.spi.crypto.AESCryptoService)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
DataOutputStream (java.io.DataOutputStream)1
EOFException (java.io.EOFException)1
OutputStream (java.io.OutputStream)1
NoFlushOutputStream (org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)1
CryptoEnvironment (org.apache.accumulo.core.spi.crypto.CryptoEnvironment)1
FileEncrypter (org.apache.accumulo.core.spi.crypto.FileEncrypter)1
NoCryptoService (org.apache.accumulo.core.spi.crypto.NoCryptoService)1
FSDataInputStream (org.apache.hadoop.fs.FSDataInputStream)1
FSDataOutputStream (org.apache.hadoop.fs.FSDataOutputStream)1
Test (org.junit.jupiter.api.Test)1
