Refactor Crypto packages (#1956)
* Move AESCryptoService and NoCryptoService into public spi package
* Move CryptoEnvironmentImpl into core.crypto package with other server crypto stuff
* Make AESCryptoUtils static methods on AESCryptoService
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 04015e3..c757648 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -176,7 +176,7 @@
"Sensitive properties related to on-disk file encryption."),
@Experimental
INSTANCE_CRYPTO_SERVICE("instance.crypto.service",
- "org.apache.accumulo.core.cryptoImpl.NoCryptoService", PropertyType.CLASSNAME,
+ "org.apache.accumulo.core.spi.crypto.NoCryptoService", PropertyType.CLASSNAME,
"The class which executes on-disk file encryption. The default does nothing. To enable "
+ "encryption, replace this classname with an implementation of the"
+ "org.apache.accumulo.core.spi.crypto.CryptoService interface."),
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/CryptoEnvironmentImpl.java b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoEnvironmentImpl.java
similarity index 96%
rename from core/src/main/java/org/apache/accumulo/core/cryptoImpl/CryptoEnvironmentImpl.java
rename to core/src/main/java/org/apache/accumulo/core/crypto/CryptoEnvironmentImpl.java
index 17863be..ba2deae 100644
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/CryptoEnvironmentImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoEnvironmentImpl.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.accumulo.core.cryptoImpl;
+package org.apache.accumulo.core.crypto;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
diff --git a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoServiceFactory.java b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoServiceFactory.java
index f3c8737..1415b0d 100644
--- a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoServiceFactory.java
+++ b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoServiceFactory.java
@@ -21,8 +21,8 @@
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.DefaultConfiguration;
import org.apache.accumulo.core.conf.Property;
-import org.apache.accumulo.core.cryptoImpl.NoCryptoService;
import org.apache.accumulo.core.spi.crypto.CryptoService;
+import org.apache.accumulo.core.spi.crypto.NoCryptoService;
public class CryptoServiceFactory {
diff --git a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
index 703a0eb..53fff25 100644
--- a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
@@ -26,7 +26,6 @@
import java.security.SecureRandom;
import java.util.Objects;
-import org.apache.accumulo.core.cryptoImpl.CryptoEnvironmentImpl;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
import org.apache.accumulo.core.spi.crypto.CryptoService;
import org.apache.accumulo.core.spi.crypto.CryptoService.CryptoException;
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESKeyUtils.java b/core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESKeyUtils.java
deleted file mode 100644
index 8b0e942..0000000
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESKeyUtils.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.accumulo.core.cryptoImpl;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.accumulo.core.spi.crypto.CryptoService.CryptoException;
-
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
-public class AESKeyUtils {
-
- public static final String URI = "uri";
- public static final String KEY_WRAP_TRANSFORM = "AESWrap";
-
- public static Key generateKey(SecureRandom sr, int size) {
- byte[] bytes = new byte[size];
- sr.nextBytes(bytes);
- return new SecretKeySpec(bytes, "AES");
- }
-
- @SuppressFBWarnings(value = "CIPHER_INTEGRITY",
- justification = "integrity not needed for key wrap")
- public static Key unwrapKey(byte[] fek, Key kek) {
- Key result = null;
- try {
- Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
- c.init(Cipher.UNWRAP_MODE, kek);
- result = c.unwrap(fek, "AES", Cipher.SECRET_KEY);
- } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
- throw new CryptoException("Unable to unwrap file encryption key", e);
- }
- return result;
- }
-
- @SuppressFBWarnings(value = "CIPHER_INTEGRITY",
- justification = "integrity not needed for key wrap")
- public static byte[] wrapKey(Key fek, Key kek) {
- byte[] result = null;
- try {
- Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
- c.init(Cipher.WRAP_MODE, kek);
- result = c.wrap(fek);
- } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException
- | IllegalBlockSizeException e) {
- throw new CryptoException("Unable to wrap file encryption key", e);
- }
-
- return result;
- }
-
- @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "keyId specified by admin")
- public static SecretKeySpec loadKekFromUri(String keyId) {
- URI uri;
- SecretKeySpec key = null;
- try {
- uri = new URI(keyId);
- key = new SecretKeySpec(Files.readAllBytes(Paths.get(uri.getPath())), "AES");
- } catch (URISyntaxException | IOException | IllegalArgumentException e) {
- throw new CryptoException("Unable to load key encryption key.", e);
- }
-
- return key;
-
- }
-}
diff --git a/core/src/main/java/org/apache/accumulo/core/file/rfile/PrintInfo.java b/core/src/main/java/org/apache/accumulo/core/file/rfile/PrintInfo.java
index 96b49d6..4423a0c 100644
--- a/core/src/main/java/org/apache/accumulo/core/file/rfile/PrintInfo.java
+++ b/core/src/main/java/org/apache/accumulo/core/file/rfile/PrintInfo.java
@@ -29,7 +29,6 @@
import org.apache.accumulo.core.crypto.CryptoServiceFactory;
import org.apache.accumulo.core.crypto.CryptoServiceFactory.ClassloaderType;
import org.apache.accumulo.core.crypto.CryptoUtils;
-import org.apache.accumulo.core.cryptoImpl.NoFileEncrypter;
import org.apache.accumulo.core.data.ByteSequence;
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Range;
@@ -38,6 +37,7 @@
import org.apache.accumulo.core.file.blockfile.impl.CachableBlockFile.CachableBuilder;
import org.apache.accumulo.core.file.rfile.RFile.Reader;
import org.apache.accumulo.core.file.rfile.bcfile.Utils;
+import org.apache.accumulo.core.spi.crypto.NoFileEncrypter;
import org.apache.accumulo.core.summary.SummaryReader;
import org.apache.accumulo.core.util.LocalityGroupUtil;
import org.apache.accumulo.start.spi.KeywordExecutable;
diff --git a/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java b/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java
index 1d9fff3..eddf315 100644
--- a/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java
+++ b/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java
@@ -34,10 +34,8 @@
import java.util.Map;
import java.util.TreeMap;
+import org.apache.accumulo.core.crypto.CryptoEnvironmentImpl;
import org.apache.accumulo.core.crypto.CryptoUtils;
-import org.apache.accumulo.core.cryptoImpl.CryptoEnvironmentImpl;
-import org.apache.accumulo.core.cryptoImpl.NoFileDecrypter;
-import org.apache.accumulo.core.cryptoImpl.NoFileEncrypter;
import org.apache.accumulo.core.file.rfile.bcfile.Compression.Algorithm;
import org.apache.accumulo.core.file.rfile.bcfile.Utils.Version;
import org.apache.accumulo.core.file.streams.BoundedRangeFileInputStream;
@@ -48,6 +46,8 @@
import org.apache.accumulo.core.spi.crypto.CryptoService;
import org.apache.accumulo.core.spi.crypto.FileDecrypter;
import org.apache.accumulo.core.spi.crypto.FileEncrypter;
+import org.apache.accumulo.core.spi.crypto.NoFileDecrypter;
+import org.apache.accumulo.core.spi.crypto.NoFileEncrypter;
import org.apache.accumulo.core.util.ratelimit.RateLimiter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESCryptoService.java b/core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java
similarity index 86%
rename from core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESCryptoService.java
rename to core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java
index 60aee63..95d10a4 100644
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/AESCryptoService.java
+++ b/core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.accumulo.core.cryptoImpl;
+package org.apache.accumulo.core.spi.crypto;
import static java.nio.charset.StandardCharsets.UTF_8;
@@ -27,6 +27,10 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -40,19 +44,17 @@
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
+import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.crypto.CryptoUtils;
import org.apache.accumulo.core.crypto.streams.BlockedInputStream;
import org.apache.accumulo.core.crypto.streams.BlockedOutputStream;
import org.apache.accumulo.core.crypto.streams.DiscardCloseOutputStream;
import org.apache.accumulo.core.crypto.streams.RFileCipherOutputStream;
-import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
-import org.apache.accumulo.core.spi.crypto.CryptoService;
-import org.apache.accumulo.core.spi.crypto.FileDecrypter;
-import org.apache.accumulo.core.spi.crypto.FileEncrypter;
import org.apache.commons.io.IOUtils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -65,6 +67,8 @@
// Hard coded NoCryptoService.VERSION - this permits the removal of NoCryptoService from the
// core jar, allowing use of only one crypto service
private static final String NO_CRYPTO_VERSION = "U+1F47B";
+ public static final String URI = "uri";
+ public static final String KEY_WRAP_TRANSFORM = "AESWrap";
private Key encryptingKek = null;
private String keyLocation = null;
@@ -83,10 +87,10 @@
this.sr = CryptoUtils.newSha1SecureRandom();
this.decryptingKeys = new HashMap<>();
switch (keyMgr) {
- case AESKeyUtils.URI:
+ case URI:
this.keyManager = keyMgr;
this.keyLocation = keyLocation;
- this.encryptingKek = AESKeyUtils.loadKekFromUri(keyLocation);
+ this.encryptingKek = loadKekFromUri(keyLocation);
break;
default:
throw new CryptoException("Unrecognized key manager");
@@ -121,7 +125,7 @@
ParsedCryptoParameters parsed = parseCryptoParameters(decryptionParams);
Key kek = loadDecryptionKek(parsed);
- Key fek = AESKeyUtils.unwrapKey(parsed.getEncFek(), kek);
+ Key fek = unwrapKey(parsed.getEncFek(), kek);
switch (parsed.getCryptoServiceVersion()) {
case AESCBCCryptoModule.VERSION:
cm = new AESCBCCryptoModule(this.encryptingKek, this.keyLocation, this.keyManager);
@@ -195,7 +199,7 @@
params.writeUTF(version);
params.writeUTF(encryptingKeyManager);
params.writeUTF(encryptingKekId);
- byte[] wrappedFek = AESKeyUtils.wrapKey(fek, encryptingKek);
+ byte[] wrappedFek = wrapKey(fek, encryptingKek);
params.writeInt(wrappedFek.length);
params.write(wrappedFek);
@@ -234,8 +238,8 @@
}
switch (params.keyManagerVersion) {
- case AESKeyUtils.URI:
- ret = AESKeyUtils.loadKekFromUri(params.kekId);
+ case URI:
+ ret = loadKekFromUri(params.kekId);
break;
default:
throw new CryptoException("Unable to load kek: " + params.kekId);
@@ -296,7 +300,7 @@
private final byte[] initVector = new byte[GCM_IV_LENGTH_IN_BYTES];
AESGCMFileEncrypter() {
- this.fek = AESKeyUtils.generateKey(sr, KEY_LENGTH_IN_BYTES);
+ this.fek = generateKey(sr, KEY_LENGTH_IN_BYTES);
sr.nextBytes(this.initVector);
this.firstInitVector = Arrays.copyOf(this.initVector, this.initVector.length);
}
@@ -429,7 +433,7 @@
@SuppressFBWarnings(value = "CIPHER_INTEGRITY", justification = "CBC is provided for WALs")
public class AESCBCFileEncrypter implements FileEncrypter {
- private Key fek = AESKeyUtils.generateKey(sr, KEY_LENGTH_IN_BYTES);
+ private Key fek = generateKey(sr, KEY_LENGTH_IN_BYTES);
private byte[] initVector = new byte[IV_LENGTH_IN_BYTES];
@Override
@@ -492,4 +496,55 @@
}
}
}
+
+ public static Key generateKey(SecureRandom sr, int size) {
+ byte[] bytes = new byte[size];
+ sr.nextBytes(bytes);
+ return new SecretKeySpec(bytes, "AES");
+ }
+
+ @SuppressFBWarnings(value = "CIPHER_INTEGRITY",
+ justification = "integrity not needed for key wrap")
+ public static Key unwrapKey(byte[] fek, Key kek) {
+ Key result = null;
+ try {
+ Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
+ c.init(Cipher.UNWRAP_MODE, kek);
+ result = c.unwrap(fek, "AES", Cipher.SECRET_KEY);
+ } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
+ throw new CryptoException("Unable to unwrap file encryption key", e);
+ }
+ return result;
+ }
+
+ @SuppressFBWarnings(value = "CIPHER_INTEGRITY",
+ justification = "integrity not needed for key wrap")
+ public static byte[] wrapKey(Key fek, Key kek) {
+ byte[] result = null;
+ try {
+ Cipher c = Cipher.getInstance(KEY_WRAP_TRANSFORM);
+ c.init(Cipher.WRAP_MODE, kek);
+ result = c.wrap(fek);
+ } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException
+ | IllegalBlockSizeException e) {
+ throw new CryptoException("Unable to wrap file encryption key", e);
+ }
+
+ return result;
+ }
+
+ @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "keyId specified by admin")
+ public static Key loadKekFromUri(String keyId) {
+ java.net.URI uri;
+ SecretKeySpec key = null;
+ try {
+ uri = new URI(keyId);
+ key = new SecretKeySpec(Files.readAllBytes(Paths.get(uri.getPath())), "AES");
+ } catch (URISyntaxException | IOException | IllegalArgumentException e) {
+ throw new CryptoException("Unable to load key encryption key.", e);
+ }
+
+ return key;
+
+ }
}
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoCryptoService.java b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoCryptoService.java
similarity index 82%
rename from core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoCryptoService.java
rename to core/src/main/java/org/apache/accumulo/core/spi/crypto/NoCryptoService.java
index 21e61f5..669af43 100644
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoCryptoService.java
+++ b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoCryptoService.java
@@ -16,15 +16,10 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.accumulo.core.cryptoImpl;
+package org.apache.accumulo.core.spi.crypto;
import java.util.Map;
-import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
-import org.apache.accumulo.core.spi.crypto.CryptoService;
-import org.apache.accumulo.core.spi.crypto.FileDecrypter;
-import org.apache.accumulo.core.spi.crypto.FileEncrypter;
-
/**
* The default encryption strategy which does nothing.
*/
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileDecrypter.java b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileDecrypter.java
similarity index 86%
rename from core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileDecrypter.java
rename to core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileDecrypter.java
index f48bf92..e9860b7 100644
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileDecrypter.java
+++ b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileDecrypter.java
@@ -16,13 +16,10 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.accumulo.core.cryptoImpl;
+package org.apache.accumulo.core.spi.crypto;
import java.io.InputStream;
-import org.apache.accumulo.core.spi.crypto.CryptoService;
-import org.apache.accumulo.core.spi.crypto.FileDecrypter;
-
public class NoFileDecrypter implements FileDecrypter {
@Override
public InputStream decryptStream(InputStream inputStream) throws CryptoService.CryptoException {
diff --git a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileEncrypter.java b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileEncrypter.java
similarity index 88%
rename from core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileEncrypter.java
rename to core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileEncrypter.java
index ed36937..a980c73 100644
--- a/core/src/main/java/org/apache/accumulo/core/cryptoImpl/NoFileEncrypter.java
+++ b/core/src/main/java/org/apache/accumulo/core/spi/crypto/NoFileEncrypter.java
@@ -16,15 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.accumulo.core.cryptoImpl;
+package org.apache.accumulo.core.spi.crypto;
import static java.nio.charset.StandardCharsets.UTF_8;
import java.io.OutputStream;
-import org.apache.accumulo.core.spi.crypto.CryptoService;
-import org.apache.accumulo.core.spi.crypto.FileEncrypter;
-
public class NoFileEncrypter implements FileEncrypter {
@Override
diff --git a/core/src/test/java/org/apache/accumulo/core/conf/SiteConfigurationTest.java b/core/src/test/java/org/apache/accumulo/core/conf/SiteConfigurationTest.java
index f7dc1aa..cc0b00e 100644
--- a/core/src/test/java/org/apache/accumulo/core/conf/SiteConfigurationTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/conf/SiteConfigurationTest.java
@@ -62,7 +62,7 @@
assertEquals("", conf.get(Property.INSTANCE_VOLUMES));
assertEquals("120s", conf.get(Property.GENERAL_RPC_TIMEOUT));
assertEquals("1G", conf.get(Property.TSERV_WALOG_MAX_SIZE));
- assertEquals("org.apache.accumulo.core.cryptoImpl.NoCryptoService",
+ assertEquals("org.apache.accumulo.core.spi.crypto.NoCryptoService",
conf.get(Property.INSTANCE_CRYPTO_SERVICE));
}
@@ -76,7 +76,7 @@
assertEquals("hdfs://localhost:8020/accumulo123", conf.get(Property.INSTANCE_VOLUMES));
assertEquals("123s", conf.get(Property.GENERAL_RPC_TIMEOUT));
assertEquals("256M", conf.get(Property.TSERV_WALOG_MAX_SIZE));
- assertEquals("org.apache.accumulo.core.cryptoImpl.AESCryptoService",
+ assertEquals("org.apache.accumulo.core.spi.crypto.AESCryptoService",
conf.get(Property.INSTANCE_CRYPTO_SERVICE));
assertEquals(System.getenv("USER"), conf.get("general.test.user.name"));
assertEquals("/tmp/test/dir", conf.get("general.test.user.dir"));
diff --git a/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
index 94336db..5568a8d 100644
--- a/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
@@ -58,11 +58,9 @@
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.crypto.CryptoServiceFactory.ClassloaderType;
import org.apache.accumulo.core.crypto.streams.NoFlushOutputStream;
-import org.apache.accumulo.core.cryptoImpl.AESCryptoService;
-import org.apache.accumulo.core.cryptoImpl.AESKeyUtils;
-import org.apache.accumulo.core.cryptoImpl.CryptoEnvironmentImpl;
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.spi.crypto.AESCryptoService;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment.Scope;
import org.apache.accumulo.core.spi.crypto.CryptoService;
@@ -267,7 +265,7 @@
aconf.set(e.getKey(), e.getValue());
}
aconf.set(Property.INSTANCE_CRYPTO_SERVICE,
- "org.apache.accumulo.core.cryptoImpl.AESCryptoService");
+ "org.apache.accumulo.core.spi.crypto.AESCryptoService");
String configuredClass = aconf.get(Property.INSTANCE_CRYPTO_SERVICE.getKey());
Class<? extends CryptoService> clazz =
ClassLoaderUtil.loadClass(configuredClass, CryptoService.class);
@@ -297,7 +295,7 @@
@SuppressFBWarnings(value = "CIPHER_INTEGRITY", justification = "CBC is being tested")
private void verifyKeySizeForCBC(SecureRandom sr, int sizeInBytes)
throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
- java.security.Key key = AESKeyUtils.generateKey(sr, sizeInBytes);
+ java.security.Key key = AESCryptoService.generateKey(sr, sizeInBytes);
Cipher.getInstance("AES/CBC/NoPadding").init(Cipher.ENCRYPT_MODE, key);
}
@@ -305,11 +303,11 @@
public void testAESKeyUtilsWrapAndUnwrap()
throws NoSuchAlgorithmException, NoSuchProviderException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
- java.security.Key kek = AESKeyUtils.generateKey(sr, 16);
- java.security.Key fek = AESKeyUtils.generateKey(sr, 16);
- byte[] wrapped = AESKeyUtils.wrapKey(fek, kek);
+ java.security.Key kek = AESCryptoService.generateKey(sr, 16);
+ java.security.Key fek = AESCryptoService.generateKey(sr, 16);
+ byte[] wrapped = AESCryptoService.wrapKey(fek, kek);
assertFalse(Arrays.equals(fek.getEncoded(), wrapped));
- java.security.Key unwrapped = AESKeyUtils.unwrapKey(wrapped, kek);
+ java.security.Key unwrapped = AESCryptoService.unwrapKey(wrapped, kek);
assertEquals(unwrapped, fek);
}
@@ -317,19 +315,19 @@
public void testAESKeyUtilsFailUnwrapWithWrongKEK()
throws NoSuchAlgorithmException, NoSuchProviderException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
- java.security.Key kek = AESKeyUtils.generateKey(sr, 16);
- java.security.Key fek = AESKeyUtils.generateKey(sr, 16);
+ java.security.Key kek = AESCryptoService.generateKey(sr, 16);
+ java.security.Key fek = AESCryptoService.generateKey(sr, 16);
byte[] wrongBytes = kek.getEncoded();
wrongBytes[0]++;
java.security.Key wrongKek = new SecretKeySpec(wrongBytes, "AES");
- byte[] wrapped = AESKeyUtils.wrapKey(fek, kek);
- assertThrows(CryptoException.class, () -> AESKeyUtils.unwrapKey(wrapped, wrongKek));
+ byte[] wrapped = AESCryptoService.wrapKey(fek, kek);
+ assertThrows(CryptoException.class, () -> AESCryptoService.unwrapKey(wrapped, wrongKek));
}
@Test
public void testAESKeyUtilsLoadKekFromUri() throws IOException {
- SecretKeySpec fileKey = AESKeyUtils.loadKekFromUri(keyPath);
+ java.security.Key fileKey = AESCryptoService.loadKekFromUri(keyPath);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
dos.writeUTF("sixteenbytekey");
@@ -339,13 +337,13 @@
@Test
public void testAESKeyUtilsLoadKekFromUriInvalidUri() {
- assertThrows(CryptoException.class, () -> AESKeyUtils.loadKekFromUri(
+ assertThrows(CryptoException.class, () -> AESCryptoService.loadKekFromUri(
System.getProperty("user.dir") + "/target/CryptoTest-testkeyfile-doesnt-exist"));
}
@Test
public void testAESKeyUtilsLoadKekFromEmptyFile() {
- assertThrows(CryptoException.class, () -> AESKeyUtils.loadKekFromUri(emptyKeyPath));
+ assertThrows(CryptoException.class, () -> AESCryptoService.loadKekFromUri(emptyKeyPath));
}
private ArrayList<Key> testData() {
diff --git a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
index 617ca93..f0cee84 100644
--- a/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/file/rfile/RFileTest.java
@@ -1801,7 +1801,7 @@
switch (cryptoOn) {
case CryptoTest.CRYPTO_ON_CONF:
cfg.set(Property.INSTANCE_CRYPTO_SERVICE,
- "org.apache.accumulo.core.cryptoImpl.AESCryptoService");
+ "org.apache.accumulo.core.spi.crypto.AESCryptoService");
cfg.set(INSTANCE_CRYPTO_PREFIX.getKey() + "key.uri", CryptoTest.keyPath);
}
return cfg;
diff --git a/core/src/test/resources/accumulo2.properties b/core/src/test/resources/accumulo2.properties
index adfbe13..a6328d9 100644
--- a/core/src/test/resources/accumulo2.properties
+++ b/core/src/test/resources/accumulo2.properties
@@ -18,7 +18,7 @@
#
general.rpc.timeout=123s
-instance.crypto.service=org.apache.accumulo.core.cryptoImpl.AESCryptoService
+instance.crypto.service=org.apache.accumulo.core.spi.crypto.AESCryptoService
instance.secret=mysecret
instance.volumes=hdfs://localhost:8020/accumulo123
instance.zookeeper.host=myhost123:2181
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
index 7e2b410..e9b5d4e 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
@@ -46,18 +46,18 @@
import org.apache.accumulo.core.client.Durability;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
+import org.apache.accumulo.core.crypto.CryptoEnvironmentImpl;
import org.apache.accumulo.core.crypto.CryptoServiceFactory;
import org.apache.accumulo.core.crypto.CryptoServiceFactory.ClassloaderType;
import org.apache.accumulo.core.crypto.CryptoUtils;
import org.apache.accumulo.core.crypto.streams.NoFlushOutputStream;
-import org.apache.accumulo.core.cryptoImpl.CryptoEnvironmentImpl;
-import org.apache.accumulo.core.cryptoImpl.NoCryptoService;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
import org.apache.accumulo.core.spi.crypto.CryptoEnvironment.Scope;
import org.apache.accumulo.core.spi.crypto.CryptoService;
import org.apache.accumulo.core.spi.crypto.FileDecrypter;
import org.apache.accumulo.core.spi.crypto.FileEncrypter;
+import org.apache.accumulo.core.spi.crypto.NoCryptoService;
import org.apache.accumulo.core.util.Pair;
import org.apache.accumulo.core.util.threads.Threads;
import org.apache.accumulo.server.ServerConstants;
diff --git a/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java b/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
index d7d54c6..d17f521 100644
--- a/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
+++ b/test/src/main/java/org/apache/accumulo/test/functional/WriteAheadLogEncryptedIT.java
@@ -43,7 +43,7 @@
String keyPath =
System.getProperty("user.dir") + "/target/mini-tests/WriteAheadLogEncryptedIT-testkeyfile";
cfg.setProperty(Property.INSTANCE_CRYPTO_SERVICE,
- "org.apache.accumulo.core.cryptoImpl.AESCryptoService");
+ "org.apache.accumulo.core.spi.crypto.AESCryptoService");
cfg.setProperty(INSTANCE_CRYPTO_PREFIX.getKey() + "key.uri", keyPath);
WriteAheadLogIT.setupConfig(cfg, hadoopCoreSite);