| <!DOCTYPE HTML> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc (17) --> |
| <title>Source code</title> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| <meta name="description" content="source: package: org.apache.hadoop.hbase.security, class: TestEncryptionUtil"> |
| <meta name="generator" content="javadoc/SourceToHTMLConverter"> |
| <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body class="source-page"> |
| <main role="main"> |
| <div class="source-container"> |
| <pre><span class="source-line-no">001</span><span id="line-1">/*</span> |
| <span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span> |
| <span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span> |
| <span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span> |
| <span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span> |
| <span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span> |
| <span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span> |
| <span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span> |
| <span class="source-line-no">009</span><span id="line-9"> *</span> |
| <span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span> |
| <span class="source-line-no">011</span><span id="line-11"> *</span> |
| <span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span> |
| <span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span> |
| <span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span> |
| <span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span> |
| <span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span> |
| <span class="source-line-no">017</span><span id="line-17"> */</span> |
| <span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.security;</span> |
| <span class="source-line-no">019</span><span id="line-19"></span> |
| <span class="source-line-no">020</span><span id="line-20">import static org.junit.Assert.assertNotNull;</span> |
| <span class="source-line-no">021</span><span id="line-21">import static org.junit.Assert.assertTrue;</span> |
| <span class="source-line-no">022</span><span id="line-22">import static org.junit.Assert.fail;</span> |
| <span class="source-line-no">023</span><span id="line-23"></span> |
| <span class="source-line-no">024</span><span id="line-24">import java.security.Key;</span> |
| <span class="source-line-no">025</span><span id="line-25">import java.security.KeyException;</span> |
| <span class="source-line-no">026</span><span id="line-26">import javax.crypto.spec.SecretKeySpec;</span> |
| <span class="source-line-no">027</span><span id="line-27">import org.apache.hadoop.conf.Configuration;</span> |
| <span class="source-line-no">028</span><span id="line-28">import org.apache.hadoop.hbase.HBaseClassTestRule;</span> |
| <span class="source-line-no">029</span><span id="line-29">import org.apache.hadoop.hbase.HConstants;</span> |
| <span class="source-line-no">030</span><span id="line-30">import org.apache.hadoop.hbase.io.crypto.Encryption;</span> |
| <span class="source-line-no">031</span><span id="line-31">import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;</span> |
| <span class="source-line-no">032</span><span id="line-32">import org.apache.hadoop.hbase.io.crypto.aes.AES;</span> |
| <span class="source-line-no">033</span><span id="line-33">import org.apache.hadoop.hbase.testclassification.ClientTests;</span> |
| <span class="source-line-no">034</span><span id="line-34">import org.apache.hadoop.hbase.testclassification.SmallTests;</span> |
| <span class="source-line-no">035</span><span id="line-35">import org.apache.hadoop.hbase.util.Bytes;</span> |
| <span class="source-line-no">036</span><span id="line-36">import org.junit.ClassRule;</span> |
| <span class="source-line-no">037</span><span id="line-37">import org.junit.Test;</span> |
| <span class="source-line-no">038</span><span id="line-38">import org.junit.experimental.categories.Category;</span> |
| <span class="source-line-no">039</span><span id="line-39"></span> |
| <span class="source-line-no">040</span><span id="line-40">@Category({ ClientTests.class, SmallTests.class })</span> |
| <span class="source-line-no">041</span><span id="line-41">public class TestEncryptionUtil {</span> |
| <span class="source-line-no">042</span><span id="line-42"></span> |
| <span class="source-line-no">043</span><span id="line-43"> private static final String INVALID_HASH_ALG = "this-hash-algorithm-not-exists hopefully... :)";</span> |
| <span class="source-line-no">044</span><span id="line-44"> private static final String DEFAULT_HASH_ALGORITHM = "use-default";</span> |
| <span class="source-line-no">045</span><span id="line-45"></span> |
| <span class="source-line-no">046</span><span id="line-46"> @ClassRule</span> |
| <span class="source-line-no">047</span><span id="line-47"> public static final HBaseClassTestRule CLASS_RULE =</span> |
| <span class="source-line-no">048</span><span id="line-48"> HBaseClassTestRule.forClass(TestEncryptionUtil.class);</span> |
| <span class="source-line-no">049</span><span id="line-49"></span> |
| <span class="source-line-no">050</span><span id="line-50"> // There does not seem to be a ready way to test either getKeyFromBytesOrMasterKey</span> |
| <span class="source-line-no">051</span><span id="line-51"> // or createEncryptionContext, and the existing code under MobUtils appeared to be</span> |
| <span class="source-line-no">052</span><span id="line-52"> // untested. Not ideal!</span> |
| <span class="source-line-no">053</span><span id="line-53"></span> |
| <span class="source-line-no">054</span><span id="line-54"> @Test</span> |
| <span class="source-line-no">055</span><span id="line-55"> public void testKeyWrappingUsingHashAlgDefault() throws Exception {</span> |
| <span class="source-line-no">056</span><span id="line-56"> testKeyWrapping(DEFAULT_HASH_ALGORITHM);</span> |
| <span class="source-line-no">057</span><span id="line-57"> }</span> |
| <span class="source-line-no">058</span><span id="line-58"></span> |
| <span class="source-line-no">059</span><span id="line-59"> @Test</span> |
| <span class="source-line-no">060</span><span id="line-60"> public void testKeyWrappingUsingHashAlgMD5() throws Exception {</span> |
| <span class="source-line-no">061</span><span id="line-61"> testKeyWrapping("MD5");</span> |
| <span class="source-line-no">062</span><span id="line-62"> }</span> |
| <span class="source-line-no">063</span><span id="line-63"></span> |
| <span class="source-line-no">064</span><span id="line-64"> @Test</span> |
| <span class="source-line-no">065</span><span id="line-65"> public void testKeyWrappingUsingHashAlgSHA256() throws Exception {</span> |
| <span class="source-line-no">066</span><span id="line-66"> testKeyWrapping("SHA-256");</span> |
| <span class="source-line-no">067</span><span id="line-67"> }</span> |
| <span class="source-line-no">068</span><span id="line-68"></span> |
| <span class="source-line-no">069</span><span id="line-69"> @Test</span> |
| <span class="source-line-no">070</span><span id="line-70"> public void testKeyWrappingUsingHashAlgSHA384() throws Exception {</span> |
| <span class="source-line-no">071</span><span id="line-71"> testKeyWrapping("SHA-384");</span> |
| <span class="source-line-no">072</span><span id="line-72"> }</span> |
| <span class="source-line-no">073</span><span id="line-73"></span> |
| <span class="source-line-no">074</span><span id="line-74"> @Test(expected = RuntimeException.class)</span> |
| <span class="source-line-no">075</span><span id="line-75"> public void testKeyWrappingWithInvalidHashAlg() throws Exception {</span> |
| <span class="source-line-no">076</span><span id="line-76"> testKeyWrapping(INVALID_HASH_ALG);</span> |
| <span class="source-line-no">077</span><span id="line-77"> }</span> |
| <span class="source-line-no">078</span><span id="line-78"></span> |
| <span class="source-line-no">079</span><span id="line-79"> @Test</span> |
| <span class="source-line-no">080</span><span id="line-80"> public void testWALKeyWrappingUsingHashAlgDefault() throws Exception {</span> |
| <span class="source-line-no">081</span><span id="line-81"> testWALKeyWrapping(DEFAULT_HASH_ALGORITHM);</span> |
| <span class="source-line-no">082</span><span id="line-82"> }</span> |
| <span class="source-line-no">083</span><span id="line-83"></span> |
| <span class="source-line-no">084</span><span id="line-84"> @Test</span> |
| <span class="source-line-no">085</span><span id="line-85"> public void testWALKeyWrappingUsingHashAlgMD5() throws Exception {</span> |
| <span class="source-line-no">086</span><span id="line-86"> testWALKeyWrapping("MD5");</span> |
| <span class="source-line-no">087</span><span id="line-87"> }</span> |
| <span class="source-line-no">088</span><span id="line-88"></span> |
| <span class="source-line-no">089</span><span id="line-89"> @Test</span> |
| <span class="source-line-no">090</span><span id="line-90"> public void testWALKeyWrappingUsingHashAlgSHA256() throws Exception {</span> |
| <span class="source-line-no">091</span><span id="line-91"> testWALKeyWrapping("SHA-256");</span> |
| <span class="source-line-no">092</span><span id="line-92"> }</span> |
| <span class="source-line-no">093</span><span id="line-93"></span> |
| <span class="source-line-no">094</span><span id="line-94"> @Test</span> |
| <span class="source-line-no">095</span><span id="line-95"> public void testWALKeyWrappingUsingHashAlgSHA384() throws Exception {</span> |
| <span class="source-line-no">096</span><span id="line-96"> testWALKeyWrapping("SHA-384");</span> |
| <span class="source-line-no">097</span><span id="line-97"> }</span> |
| <span class="source-line-no">098</span><span id="line-98"></span> |
| <span class="source-line-no">099</span><span id="line-99"> @Test(expected = RuntimeException.class)</span> |
| <span class="source-line-no">100</span><span id="line-100"> public void testWALKeyWrappingWithInvalidHashAlg() throws Exception {</span> |
| <span class="source-line-no">101</span><span id="line-101"> testWALKeyWrapping(INVALID_HASH_ALG);</span> |
| <span class="source-line-no">102</span><span id="line-102"> }</span> |
| <span class="source-line-no">103</span><span id="line-103"></span> |
| <span class="source-line-no">104</span><span id="line-104"> @Test(expected = KeyException.class)</span> |
| <span class="source-line-no">105</span><span id="line-105"> public void testWALKeyWrappingWithIncorrectKey() throws Exception {</span> |
| <span class="source-line-no">106</span><span id="line-106"> // set up the key provider for testing to resolve a key for our test subject</span> |
| <span class="source-line-no">107</span><span id="line-107"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">108</span><span id="line-108"> conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());</span> |
| <span class="source-line-no">109</span><span id="line-109"></span> |
| <span class="source-line-no">110</span><span id="line-110"> // generate a test key</span> |
| <span class="source-line-no">111</span><span id="line-111"> byte[] keyBytes = new byte[AES.KEY_LENGTH];</span> |
| <span class="source-line-no">112</span><span id="line-112"> Bytes.secureRandom(keyBytes);</span> |
| <span class="source-line-no">113</span><span id="line-113"> String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);</span> |
| <span class="source-line-no">114</span><span id="line-114"> Key key = new SecretKeySpec(keyBytes, algorithm);</span> |
| <span class="source-line-no">115</span><span id="line-115"></span> |
| <span class="source-line-no">116</span><span id="line-116"> // wrap the test key</span> |
| <span class="source-line-no">117</span><span id="line-117"> byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);</span> |
| <span class="source-line-no">118</span><span id="line-118"> assertNotNull(wrappedKeyBytes);</span> |
| <span class="source-line-no">119</span><span id="line-119"></span> |
| <span class="source-line-no">120</span><span id="line-120"> // unwrap with an incorrect key</span> |
| <span class="source-line-no">121</span><span id="line-121"> EncryptionUtil.unwrapWALKey(conf, "other", wrappedKeyBytes);</span> |
| <span class="source-line-no">122</span><span id="line-122"> }</span> |
| <span class="source-line-no">123</span><span id="line-123"></span> |
| <span class="source-line-no">124</span><span id="line-124"> @Test(expected = KeyException.class)</span> |
| <span class="source-line-no">125</span><span id="line-125"> public void testHashAlgorithmMismatchWhenFailExpected() throws Exception {</span> |
| <span class="source-line-no">126</span><span id="line-126"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">127</span><span id="line-127"> conf.setBoolean(Encryption.CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY, true);</span> |
| <span class="source-line-no">128</span><span id="line-128"> testKeyWrappingWithMismatchingAlgorithms(conf);</span> |
| <span class="source-line-no">129</span><span id="line-129"> }</span> |
| <span class="source-line-no">130</span><span id="line-130"></span> |
| <span class="source-line-no">131</span><span id="line-131"> @Test</span> |
| <span class="source-line-no">132</span><span id="line-132"> public void testHashAlgorithmMismatchWhenFailNotExpected() throws Exception {</span> |
| <span class="source-line-no">133</span><span id="line-133"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">134</span><span id="line-134"> conf.setBoolean(Encryption.CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY, false);</span> |
| <span class="source-line-no">135</span><span id="line-135"> testKeyWrappingWithMismatchingAlgorithms(conf);</span> |
| <span class="source-line-no">136</span><span id="line-136"> }</span> |
| <span class="source-line-no">137</span><span id="line-137"></span> |
| <span class="source-line-no">138</span><span id="line-138"> @Test</span> |
| <span class="source-line-no">139</span><span id="line-139"> public void testHashAlgorithmMismatchShouldNotFailWithDefaultConfig() throws Exception {</span> |
| <span class="source-line-no">140</span><span id="line-140"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">141</span><span id="line-141"> testKeyWrappingWithMismatchingAlgorithms(conf);</span> |
| <span class="source-line-no">142</span><span id="line-142"> }</span> |
| <span class="source-line-no">143</span><span id="line-143"></span> |
| <span class="source-line-no">144</span><span id="line-144"> private void testKeyWrapping(String hashAlgorithm) throws Exception {</span> |
| <span class="source-line-no">145</span><span id="line-145"> // set up the key provider for testing to resolve a key for our test subject</span> |
| <span class="source-line-no">146</span><span id="line-146"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">147</span><span id="line-147"> conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());</span> |
| <span class="source-line-no">148</span><span id="line-148"> if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) {</span> |
| <span class="source-line-no">149</span><span id="line-149"> conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, hashAlgorithm);</span> |
| <span class="source-line-no">150</span><span id="line-150"> }</span> |
| <span class="source-line-no">151</span><span id="line-151"></span> |
| <span class="source-line-no">152</span><span id="line-152"> // generate a test key</span> |
| <span class="source-line-no">153</span><span id="line-153"> byte[] keyBytes = new byte[AES.KEY_LENGTH];</span> |
| <span class="source-line-no">154</span><span id="line-154"> Bytes.secureRandom(keyBytes);</span> |
| <span class="source-line-no">155</span><span id="line-155"> String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);</span> |
| <span class="source-line-no">156</span><span id="line-156"> Key key = new SecretKeySpec(keyBytes, algorithm);</span> |
| <span class="source-line-no">157</span><span id="line-157"></span> |
| <span class="source-line-no">158</span><span id="line-158"> // wrap the test key</span> |
| <span class="source-line-no">159</span><span id="line-159"> byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);</span> |
| <span class="source-line-no">160</span><span id="line-160"> assertNotNull(wrappedKeyBytes);</span> |
| <span class="source-line-no">161</span><span id="line-161"></span> |
| <span class="source-line-no">162</span><span id="line-162"> // unwrap</span> |
| <span class="source-line-no">163</span><span id="line-163"> Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);</span> |
| <span class="source-line-no">164</span><span id="line-164"> assertNotNull(unwrappedKey);</span> |
| <span class="source-line-no">165</span><span id="line-165"> // only secretkeyspec supported for now</span> |
| <span class="source-line-no">166</span><span id="line-166"> assertTrue(unwrappedKey instanceof SecretKeySpec);</span> |
| <span class="source-line-no">167</span><span id="line-167"> // did we get back what we wrapped?</span> |
| <span class="source-line-no">168</span><span id="line-168"> assertTrue("Unwrapped key bytes do not match original",</span> |
| <span class="source-line-no">169</span><span id="line-169"> Bytes.equals(keyBytes, unwrappedKey.getEncoded()));</span> |
| <span class="source-line-no">170</span><span id="line-170"></span> |
| <span class="source-line-no">171</span><span id="line-171"> // unwrap with an incorrect key</span> |
| <span class="source-line-no">172</span><span id="line-172"> try {</span> |
| <span class="source-line-no">173</span><span id="line-173"> EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);</span> |
| <span class="source-line-no">174</span><span id="line-174"> fail("Unwrap with incorrect key did not throw KeyException");</span> |
| <span class="source-line-no">175</span><span id="line-175"> } catch (KeyException e) {</span> |
| <span class="source-line-no">176</span><span id="line-176"> // expected</span> |
| <span class="source-line-no">177</span><span id="line-177"> }</span> |
| <span class="source-line-no">178</span><span id="line-178"> }</span> |
| <span class="source-line-no">179</span><span id="line-179"></span> |
| <span class="source-line-no">180</span><span id="line-180"> private void testWALKeyWrapping(String hashAlgorithm) throws Exception {</span> |
| <span class="source-line-no">181</span><span id="line-181"> // set up the key provider for testing to resolve a key for our test subject</span> |
| <span class="source-line-no">182</span><span id="line-182"> Configuration conf = new Configuration(); // we don't need HBaseConfiguration for this</span> |
| <span class="source-line-no">183</span><span id="line-183"> conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());</span> |
| <span class="source-line-no">184</span><span id="line-184"> if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) {</span> |
| <span class="source-line-no">185</span><span id="line-185"> conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, hashAlgorithm);</span> |
| <span class="source-line-no">186</span><span id="line-186"> }</span> |
| <span class="source-line-no">187</span><span id="line-187"></span> |
| <span class="source-line-no">188</span><span id="line-188"> // generate a test key</span> |
| <span class="source-line-no">189</span><span id="line-189"> byte[] keyBytes = new byte[AES.KEY_LENGTH];</span> |
| <span class="source-line-no">190</span><span id="line-190"> Bytes.secureRandom(keyBytes);</span> |
| <span class="source-line-no">191</span><span id="line-191"> String algorithm = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);</span> |
| <span class="source-line-no">192</span><span id="line-192"> Key key = new SecretKeySpec(keyBytes, algorithm);</span> |
| <span class="source-line-no">193</span><span id="line-193"></span> |
| <span class="source-line-no">194</span><span id="line-194"> // wrap the test key</span> |
| <span class="source-line-no">195</span><span id="line-195"> byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);</span> |
| <span class="source-line-no">196</span><span id="line-196"> assertNotNull(wrappedKeyBytes);</span> |
| <span class="source-line-no">197</span><span id="line-197"></span> |
| <span class="source-line-no">198</span><span id="line-198"> // unwrap</span> |
| <span class="source-line-no">199</span><span id="line-199"> Key unwrappedKey = EncryptionUtil.unwrapWALKey(conf, "hbase", wrappedKeyBytes);</span> |
| <span class="source-line-no">200</span><span id="line-200"> assertNotNull(unwrappedKey);</span> |
| <span class="source-line-no">201</span><span id="line-201"> // only secretkeyspec supported for now</span> |
| <span class="source-line-no">202</span><span id="line-202"> assertTrue(unwrappedKey instanceof SecretKeySpec);</span> |
| <span class="source-line-no">203</span><span id="line-203"> // did we get back what we wrapped?</span> |
| <span class="source-line-no">204</span><span id="line-204"> assertTrue("Unwrapped key bytes do not match original",</span> |
| <span class="source-line-no">205</span><span id="line-205"> Bytes.equals(keyBytes, unwrappedKey.getEncoded()));</span> |
| <span class="source-line-no">206</span><span id="line-206"> }</span> |
| <span class="source-line-no">207</span><span id="line-207"></span> |
| <span class="source-line-no">208</span><span id="line-208"> private void testKeyWrappingWithMismatchingAlgorithms(Configuration conf) throws Exception {</span> |
| <span class="source-line-no">209</span><span id="line-209"> // we use MD5 to hash the encryption key during wrapping</span> |
| <span class="source-line-no">210</span><span id="line-210"> conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());</span> |
| <span class="source-line-no">211</span><span id="line-211"> conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, "MD5");</span> |
| <span class="source-line-no">212</span><span id="line-212"></span> |
| <span class="source-line-no">213</span><span id="line-213"> // generate a test key</span> |
| <span class="source-line-no">214</span><span id="line-214"> byte[] keyBytes = new byte[AES.KEY_LENGTH];</span> |
| <span class="source-line-no">215</span><span id="line-215"> Bytes.secureRandom(keyBytes);</span> |
| <span class="source-line-no">216</span><span id="line-216"> String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);</span> |
| <span class="source-line-no">217</span><span id="line-217"> Key key = new SecretKeySpec(keyBytes, algorithm);</span> |
| <span class="source-line-no">218</span><span id="line-218"></span> |
| <span class="source-line-no">219</span><span id="line-219"> // wrap the test key</span> |
| <span class="source-line-no">220</span><span id="line-220"> byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);</span> |
| <span class="source-line-no">221</span><span id="line-221"> assertNotNull(wrappedKeyBytes);</span> |
| <span class="source-line-no">222</span><span id="line-222"></span> |
| <span class="source-line-no">223</span><span id="line-223"> // we set the default hash algorithm to SHA-384 during unwrapping</span> |
| <span class="source-line-no">224</span><span id="line-224"> conf.set(Encryption.CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY, "SHA-384");</span> |
| <span class="source-line-no">225</span><span id="line-225"></span> |
| <span class="source-line-no">226</span><span id="line-226"> // unwrap</span> |
| <span class="source-line-no">227</span><span id="line-227"> // we expect to fail, if CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY == true</span> |
| <span class="source-line-no">228</span><span id="line-228"> // otherwise we will use the algorithm written during wrapping</span> |
| <span class="source-line-no">229</span><span id="line-229"> Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);</span> |
| <span class="source-line-no">230</span><span id="line-230"> assertNotNull(unwrappedKey);</span> |
| <span class="source-line-no">231</span><span id="line-231"></span> |
| <span class="source-line-no">232</span><span id="line-232"> // did we get back what we wrapped?</span> |
| <span class="source-line-no">233</span><span id="line-233"> assertTrue("Unwrapped key bytes do not match original",</span> |
| <span class="source-line-no">234</span><span id="line-234"> Bytes.equals(keyBytes, unwrappedKey.getEncoded()));</span> |
| <span class="source-line-no">235</span><span id="line-235"> }</span> |
| <span class="source-line-no">236</span><span id="line-236"></span> |
| <span class="source-line-no">237</span><span id="line-237">}</span> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </main> |
| </body> |
| </html> |
