Create CryptoUtils getFileDecrypter method (#1951)
* Organize some of the crypto code in anticipation of improvements
* Move some crypto logic into new CryptoUtils getFileDecrypter method
diff --git a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
index 585b30d..703a0eb 100644
--- a/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
+++ b/core/src/main/java/org/apache/accumulo/core/crypto/CryptoUtils.java
@@ -26,7 +26,11 @@
import java.security.SecureRandom;
import java.util.Objects;
+import org.apache.accumulo.core.cryptoImpl.CryptoEnvironmentImpl;
+import org.apache.accumulo.core.spi.crypto.CryptoEnvironment;
+import org.apache.accumulo.core.spi.crypto.CryptoService;
import org.apache.accumulo.core.spi.crypto.CryptoService.CryptoException;
+import org.apache.accumulo.core.spi.crypto.FileDecrypter;
import org.apache.commons.io.IOUtils;
public class CryptoUtils {
@@ -61,6 +65,17 @@
}
/**
+ * Read the decryption parameters from the DataInputStream and get the FileDecrypter associated
+ * with the provided CryptoService and CryptoEnvironment.Scope.
+ */
+ public static FileDecrypter getFileDecrypter(CryptoService cs, CryptoEnvironment.Scope scope,
+ DataInputStream in) throws IOException {
+ byte[] decryptionParams = readParams(in);
+ CryptoEnvironment decEnv = new CryptoEnvironmentImpl(scope, decryptionParams);
+ return cs.getFileDecrypter(decEnv);
+ }
+
+ /**
* Write the decryption parameters to the DataOutputStream
*/
public static void writeParams(byte[] decryptionParams, DataOutputStream out) throws IOException {
diff --git a/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java b/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
index b0d75f4..94336db 100644
--- a/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
+++ b/core/src/test/java/org/apache/accumulo/core/crypto/CryptoTest.java
@@ -18,6 +18,7 @@
*/
package org.apache.accumulo.core.crypto;
+import static org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter;
import static org.apache.accumulo.core.file.rfile.RFileTest.getAccumuloConfig;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -108,10 +109,10 @@
public void simpleGCMTest() throws Exception {
AccumuloConfiguration conf = getAccumuloConfig(CRYPTO_ON_CONF);
- CryptoService cryptoService = new AESCryptoService();
- cryptoService.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
+ CryptoService cs = new AESCryptoService();
+ cs.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
CryptoEnvironment encEnv = new CryptoEnvironmentImpl(Scope.RFILE, null);
- FileEncrypter encrypter = cryptoService.getFileEncrypter(encEnv);
+ FileEncrypter encrypter = cs.getFileEncrypter(encEnv);
byte[] params = encrypter.getDecryptionParameters();
assertNotNull(params);
@@ -134,9 +135,7 @@
// decrypt
ByteArrayInputStream in = new ByteArrayInputStream(cipherText);
- params = CryptoUtils.readParams(new DataInputStream(in));
- CryptoEnvironment decEnv = new CryptoEnvironmentImpl(Scope.RFILE, params);
- FileDecrypter decrypter = cryptoService.getFileDecrypter(decEnv);
+ FileDecrypter decrypter = getFileDecrypter(cs, Scope.RFILE, new DataInputStream(in));
DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(in));
String plainText = decrypted.readUTF();
decrypted.close();
@@ -385,13 +384,9 @@
private void decrypt(byte[] resultingBytes, Scope scope, String configFile) throws Exception {
try (DataInputStream dataIn = new DataInputStream(new ByteArrayInputStream(resultingBytes))) {
- byte[] params = CryptoUtils.readParams(dataIn);
-
AccumuloConfiguration conf = getAccumuloConfig(configFile);
- CryptoService cryptoService = CryptoServiceFactory.newInstance(conf, ClassloaderType.JAVA);
- CryptoEnvironment env = new CryptoEnvironmentImpl(scope, params);
-
- FileDecrypter decrypter = cryptoService.getFileDecrypter(env);
+ CryptoService cs = CryptoServiceFactory.newInstance(conf, ClassloaderType.JAVA);
+ FileDecrypter decrypter = getFileDecrypter(cs, scope, dataIn);
try (DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(dataIn))) {
String markerString = decrypted.readUTF();
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
index 9dd0252..7e2b410 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/log/DfsLogger.java
@@ -358,12 +358,9 @@
try {
input.readFully(magicBuffer);
if (Arrays.equals(magicBuffer, magic4)) {
- byte[] params = CryptoUtils.readParams(input);
CryptoService cryptoService =
CryptoServiceFactory.newInstance(conf, ClassloaderType.ACCUMULO);
- CryptoEnvironment env = new CryptoEnvironmentImpl(Scope.WAL, params);
-
- FileDecrypter decrypter = cryptoService.getFileDecrypter(env);
+ FileDecrypter decrypter = CryptoUtils.getFileDecrypter(cryptoService, Scope.WAL, input);
log.debug("Using {} for decrypting WAL", cryptoService.getClass().getSimpleName());
decryptingInput = cryptoService instanceof NoCryptoService ? input
: new DataInputStream(decrypter.decryptStream(input));
