devapidocs/src-html/org/apache/hadoop/hbase/util/EncryptionTest.html - hbase-site - Git at Google

 <!DOCTYPE HTML>
 <html lang="en">
 <head>
 <!-- Generated by javadoc (17) -->
 <title>Source code</title>
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <meta name="description" content="source: package: org.apache.hadoop.hbase.util, class: EncryptionTest">
 <meta name="generator" content="javadoc/SourceToHTMLConverter">
 <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
 </head>
 <body class="source-page">
 <main role="main">
 <div class="source-container">
 <pre><span class="source-line-no">001</span><span id="line-1">/*</span>
 <span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
 <span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements.  See the NOTICE file</span>
 <span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
 <span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership.  The ASF licenses this file</span>
 <span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
 <span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
 <span class="source-line-no">008</span><span id="line-8"> * with the License.  You may obtain a copy of the License at</span>
 <span class="source-line-no">009</span><span id="line-9"> *</span>
 <span class="source-line-no">010</span><span id="line-10"> *     http://www.apache.org/licenses/LICENSE-2.0</span>
 <span class="source-line-no">011</span><span id="line-11"> *</span>
 <span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
 <span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
 <span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
 <span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
 <span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
 <span class="source-line-no">017</span><span id="line-17"> */</span>
 <span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.util;</span>
 <span class="source-line-no">019</span><span id="line-19"></span>
 <span class="source-line-no">020</span><span id="line-20">import java.io.ByteArrayInputStream;</span>
 <span class="source-line-no">021</span><span id="line-21">import java.io.ByteArrayOutputStream;</span>
 <span class="source-line-no">022</span><span id="line-22">import java.io.IOException;</span>
 <span class="source-line-no">023</span><span id="line-23">import java.util.Map;</span>
 <span class="source-line-no">024</span><span id="line-24">import java.util.concurrent.ConcurrentHashMap;</span>
 <span class="source-line-no">025</span><span id="line-25">import org.apache.hadoop.conf.Configuration;</span>
 <span class="source-line-no">026</span><span id="line-26">import org.apache.hadoop.hbase.HBaseInterfaceAudience;</span>
 <span class="source-line-no">027</span><span id="line-27">import org.apache.hadoop.hbase.HConstants;</span>
 <span class="source-line-no">028</span><span id="line-28">import org.apache.hadoop.hbase.io.crypto.DefaultCipherProvider;</span>
 <span class="source-line-no">029</span><span id="line-29">import org.apache.hadoop.hbase.io.crypto.Encryption;</span>
 <span class="source-line-no">030</span><span id="line-30">import org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider;</span>
 <span class="source-line-no">031</span><span id="line-31">import org.apache.hadoop.hbase.security.EncryptionUtil;</span>
 <span class="source-line-no">032</span><span id="line-32">import org.apache.yetus.audience.InterfaceAudience;</span>
 <span class="source-line-no">033</span><span id="line-33">import org.slf4j.Logger;</span>
 <span class="source-line-no">034</span><span id="line-34">import org.slf4j.LoggerFactory;</span>
 <span class="source-line-no">035</span><span id="line-35"></span>
 <span class="source-line-no">036</span><span id="line-36">@InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.TOOLS)</span>
 <span class="source-line-no">037</span><span id="line-37">public class EncryptionTest {</span>
 <span class="source-line-no">038</span><span id="line-38">  private static final Logger LOG = LoggerFactory.getLogger(EncryptionTest.class);</span>
 <span class="source-line-no">039</span><span id="line-39"></span>
 <span class="source-line-no">040</span><span id="line-40">  static final Map&lt;String, Boolean&gt; keyProviderResults = new ConcurrentHashMap&lt;&gt;();</span>
 <span class="source-line-no">041</span><span id="line-41">  static final Map&lt;String, Boolean&gt; cipherProviderResults = new ConcurrentHashMap&lt;&gt;();</span>
 <span class="source-line-no">042</span><span id="line-42">  static final Map&lt;String, Boolean&gt; cipherResults = new ConcurrentHashMap&lt;&gt;();</span>
 <span class="source-line-no">043</span><span id="line-43"></span>
 <span class="source-line-no">044</span><span id="line-44">  private EncryptionTest() {</span>
 <span class="source-line-no">045</span><span id="line-45">  }</span>
 <span class="source-line-no">046</span><span id="line-46"></span>
 <span class="source-line-no">047</span><span id="line-47">  /**</span>
 <span class="source-line-no">048</span><span id="line-48">   * Check that the configured key provider can be loaded and initialized, or throw an exception.</span>
 <span class="source-line-no">049</span><span id="line-49">   */</span>
 <span class="source-line-no">050</span><span id="line-50">  public static void testKeyProvider(final Configuration conf) throws IOException {</span>
 <span class="source-line-no">051</span><span id="line-51">    String providerClassName =</span>
 <span class="source-line-no">052</span><span id="line-52">      conf.get(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyStoreKeyProvider.class.getName());</span>
 <span class="source-line-no">053</span><span id="line-53">    Boolean result = keyProviderResults.get(providerClassName);</span>
 <span class="source-line-no">054</span><span id="line-54">    if (result == null) {</span>
 <span class="source-line-no">055</span><span id="line-55">      try {</span>
 <span class="source-line-no">056</span><span id="line-56">        Encryption.getKeyProvider(conf);</span>
 <span class="source-line-no">057</span><span id="line-57">        keyProviderResults.put(providerClassName, true);</span>
 <span class="source-line-no">058</span><span id="line-58">      } catch (Exception e) { // most likely a RuntimeException</span>
 <span class="source-line-no">059</span><span id="line-59">        keyProviderResults.put(providerClassName, false);</span>
 <span class="source-line-no">060</span><span id="line-60">        throw new IOException(</span>
 <span class="source-line-no">061</span><span id="line-61">          "Key provider " + providerClassName + " failed test: " + e.getMessage(), e);</span>
 <span class="source-line-no">062</span><span id="line-62">      }</span>
 <span class="source-line-no">063</span><span id="line-63">    } else if (!result) {</span>
 <span class="source-line-no">064</span><span id="line-64">      throw new IOException("Key provider " + providerClassName + " previously failed test");</span>
 <span class="source-line-no">065</span><span id="line-65">    }</span>
 <span class="source-line-no">066</span><span id="line-66">  }</span>
 <span class="source-line-no">067</span><span id="line-67"></span>
 <span class="source-line-no">068</span><span id="line-68">  /**</span>
 <span class="source-line-no">069</span><span id="line-69">   * Check that the configured cipher provider can be loaded and initialized, or throw an exception.</span>
 <span class="source-line-no">070</span><span id="line-70">   */</span>
 <span class="source-line-no">071</span><span id="line-71">  public static void testCipherProvider(final Configuration conf) throws IOException {</span>
 <span class="source-line-no">072</span><span id="line-72">    String providerClassName =</span>
 <span class="source-line-no">073</span><span id="line-73">      conf.get(HConstants.CRYPTO_CIPHERPROVIDER_CONF_KEY, DefaultCipherProvider.class.getName());</span>
 <span class="source-line-no">074</span><span id="line-74">    Boolean result = cipherProviderResults.get(providerClassName);</span>
 <span class="source-line-no">075</span><span id="line-75">    if (result == null) {</span>
 <span class="source-line-no">076</span><span id="line-76">      try {</span>
 <span class="source-line-no">077</span><span id="line-77">        Encryption.getCipherProvider(conf);</span>
 <span class="source-line-no">078</span><span id="line-78">        cipherProviderResults.put(providerClassName, true);</span>
 <span class="source-line-no">079</span><span id="line-79">      } catch (Exception e) { // most likely a RuntimeException</span>
 <span class="source-line-no">080</span><span id="line-80">        cipherProviderResults.put(providerClassName, false);</span>
 <span class="source-line-no">081</span><span id="line-81">        throw new IOException(</span>
 <span class="source-line-no">082</span><span id="line-82">          "Cipher provider " + providerClassName + " failed test: " + e.getMessage(), e);</span>
 <span class="source-line-no">083</span><span id="line-83">      }</span>
 <span class="source-line-no">084</span><span id="line-84">    } else if (!result) {</span>
 <span class="source-line-no">085</span><span id="line-85">      throw new IOException("Cipher provider " + providerClassName + " previously failed test");</span>
 <span class="source-line-no">086</span><span id="line-86">    }</span>
 <span class="source-line-no">087</span><span id="line-87">  }</span>
 <span class="source-line-no">088</span><span id="line-88"></span>
 <span class="source-line-no">089</span><span id="line-89">  /**</span>
 <span class="source-line-no">090</span><span id="line-90">   * Check that the specified cipher can be loaded and initialized, or throw an exception. Verifies</span>
 <span class="source-line-no">091</span><span id="line-91">   * key and cipher provider configuration as a prerequisite for cipher verification. Also verifies</span>
 <span class="source-line-no">092</span><span id="line-92">   * if encryption is enabled globally.</span>
 <span class="source-line-no">093</span><span id="line-93">   * @param conf   HBase configuration</span>
 <span class="source-line-no">094</span><span id="line-94">   * @param cipher chiper algorith to use for the column family</span>
 <span class="source-line-no">095</span><span id="line-95">   * @param key    encryption key</span>
 <span class="source-line-no">096</span><span id="line-96">   * @throws IOException in case of encryption configuration error</span>
 <span class="source-line-no">097</span><span id="line-97">   */</span>
 <span class="source-line-no">098</span><span id="line-98">  public static void testEncryption(final Configuration conf, final String cipher, byte[] key)</span>
 <span class="source-line-no">099</span><span id="line-99">    throws IOException {</span>
 <span class="source-line-no">100</span><span id="line-100">    if (cipher == null) {</span>
 <span class="source-line-no">101</span><span id="line-101">      return;</span>
 <span class="source-line-no">102</span><span id="line-102">    }</span>
 <span class="source-line-no">103</span><span id="line-103">    if (!Encryption.isEncryptionEnabled(conf)) {</span>
 <span class="source-line-no">104</span><span id="line-104">      String message =</span>
 <span class="source-line-no">105</span><span id="line-105">        String.format("Cipher %s failed test: encryption is disabled on the cluster", cipher);</span>
 <span class="source-line-no">106</span><span id="line-106">      throw new IOException(message);</span>
 <span class="source-line-no">107</span><span id="line-107">    }</span>
 <span class="source-line-no">108</span><span id="line-108">    testKeyProvider(conf);</span>
 <span class="source-line-no">109</span><span id="line-109">    testCipherProvider(conf);</span>
 <span class="source-line-no">110</span><span id="line-110">    Boolean result = cipherResults.get(cipher);</span>
 <span class="source-line-no">111</span><span id="line-111">    if (result == null) {</span>
 <span class="source-line-no">112</span><span id="line-112">      try {</span>
 <span class="source-line-no">113</span><span id="line-113">        Encryption.Context context = Encryption.newContext(conf);</span>
 <span class="source-line-no">114</span><span id="line-114">        context.setCipher(Encryption.getCipher(conf, cipher));</span>
 <span class="source-line-no">115</span><span id="line-115">        if (key == null) {</span>
 <span class="source-line-no">116</span><span id="line-116">          // Make a random key since one was not provided</span>
 <span class="source-line-no">117</span><span id="line-117">          context.setKey(context.getCipher().getRandomKey());</span>
 <span class="source-line-no">118</span><span id="line-118">        } else {</span>
 <span class="source-line-no">119</span><span id="line-119">          // This will be a wrapped key from schema</span>
 <span class="source-line-no">120</span><span id="line-120">          context.setKey(EncryptionUtil.unwrapKey(conf,</span>
 <span class="source-line-no">121</span><span id="line-121">            conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase"), key));</span>
 <span class="source-line-no">122</span><span id="line-122">        }</span>
 <span class="source-line-no">123</span><span id="line-123">        byte[] iv = null;</span>
 <span class="source-line-no">124</span><span id="line-124">        if (context.getCipher().getIvLength() &gt; 0) {</span>
 <span class="source-line-no">125</span><span id="line-125">          iv = new byte[context.getCipher().getIvLength()];</span>
 <span class="source-line-no">126</span><span id="line-126">          Bytes.secureRandom(iv);</span>
 <span class="source-line-no">127</span><span id="line-127">        }</span>
 <span class="source-line-no">128</span><span id="line-128">        byte[] plaintext = new byte[1024];</span>
 <span class="source-line-no">129</span><span id="line-129">        Bytes.random(plaintext);</span>
 <span class="source-line-no">130</span><span id="line-130">        ByteArrayOutputStream out = new ByteArrayOutputStream();</span>
 <span class="source-line-no">131</span><span id="line-131">        Encryption.encrypt(out, new ByteArrayInputStream(plaintext), context, iv);</span>
 <span class="source-line-no">132</span><span id="line-132">        byte[] ciphertext = out.toByteArray();</span>
 <span class="source-line-no">133</span><span id="line-133">        out.reset();</span>
 <span class="source-line-no">134</span><span id="line-134">        Encryption.decrypt(out, new ByteArrayInputStream(ciphertext), plaintext.length, context,</span>
 <span class="source-line-no">135</span><span id="line-135">          iv);</span>
 <span class="source-line-no">136</span><span id="line-136">        byte[] test = out.toByteArray();</span>
 <span class="source-line-no">137</span><span id="line-137">        if (!Bytes.equals(plaintext, test)) {</span>
 <span class="source-line-no">138</span><span id="line-138">          throw new IOException("Did not pass encrypt/decrypt test");</span>
 <span class="source-line-no">139</span><span id="line-139">        }</span>
 <span class="source-line-no">140</span><span id="line-140">        cipherResults.put(cipher, true);</span>
 <span class="source-line-no">141</span><span id="line-141">      } catch (Exception e) {</span>
 <span class="source-line-no">142</span><span id="line-142">        cipherResults.put(cipher, false);</span>
 <span class="source-line-no">143</span><span id="line-143">        throw new IOException("Cipher " + cipher + " failed test: " + e.getMessage(), e);</span>
 <span class="source-line-no">144</span><span id="line-144">      }</span>
 <span class="source-line-no">145</span><span id="line-145">    } else if (!result) {</span>
 <span class="source-line-no">146</span><span id="line-146">      throw new IOException("Cipher " + cipher + " previously failed test");</span>
 <span class="source-line-no">147</span><span id="line-147">    }</span>
 <span class="source-line-no">148</span><span id="line-148">  }</span>
 <span class="source-line-no">149</span><span id="line-149">}</span>


 </pre>
 </div>
 </main>
 </body>
 </html>
	<!DOCTYPE HTML>
	<html lang="en">
	<head>
	<!-- Generated by javadoc (17) -->
	<title>Source code</title>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<meta name="description" content="source: package: org.apache.hadoop.hbase.util, class: EncryptionTest">
	<meta name="generator" content="javadoc/SourceToHTMLConverter">
	<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
	</head>
	<body class="source-page">
	<main role="main">
	<div class="source-container">
	<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
	<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
	<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
	<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
	<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
	<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
	<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
	<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
	<span class="source-line-no">009</span><span id="line-9"> *</span>
	<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
	<span class="source-line-no">011</span><span id="line-11"> *</span>
	<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
	<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
	<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
	<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
	<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
	<span class="source-line-no">017</span><span id="line-17"> */</span>
	<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.util;</span>
	<span class="source-line-no">019</span><span id="line-19"></span>
	<span class="source-line-no">020</span><span id="line-20">import java.io.ByteArrayInputStream;</span>
	<span class="source-line-no">021</span><span id="line-21">import java.io.ByteArrayOutputStream;</span>
	<span class="source-line-no">022</span><span id="line-22">import java.io.IOException;</span>
	<span class="source-line-no">023</span><span id="line-23">import java.util.Map;</span>
	<span class="source-line-no">024</span><span id="line-24">import java.util.concurrent.ConcurrentHashMap;</span>
	<span class="source-line-no">025</span><span id="line-25">import org.apache.hadoop.conf.Configuration;</span>
	<span class="source-line-no">026</span><span id="line-26">import org.apache.hadoop.hbase.HBaseInterfaceAudience;</span>
	<span class="source-line-no">027</span><span id="line-27">import org.apache.hadoop.hbase.HConstants;</span>
	<span class="source-line-no">028</span><span id="line-28">import org.apache.hadoop.hbase.io.crypto.DefaultCipherProvider;</span>
	<span class="source-line-no">029</span><span id="line-29">import org.apache.hadoop.hbase.io.crypto.Encryption;</span>
	<span class="source-line-no">030</span><span id="line-30">import org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider;</span>
	<span class="source-line-no">031</span><span id="line-31">import org.apache.hadoop.hbase.security.EncryptionUtil;</span>
	<span class="source-line-no">032</span><span id="line-32">import org.apache.yetus.audience.InterfaceAudience;</span>
	<span class="source-line-no">033</span><span id="line-33">import org.slf4j.Logger;</span>
	<span class="source-line-no">034</span><span id="line-34">import org.slf4j.LoggerFactory;</span>
	<span class="source-line-no">035</span><span id="line-35"></span>
	<span class="source-line-no">036</span><span id="line-36">@InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.TOOLS)</span>
	<span class="source-line-no">037</span><span id="line-37">public class EncryptionTest {</span>
	<span class="source-line-no">038</span><span id="line-38"> private static final Logger LOG = LoggerFactory.getLogger(EncryptionTest.class);</span>
	<span class="source-line-no">039</span><span id="line-39"></span>
	<span class="source-line-no">040</span><span id="line-40"> static final Map<String, Boolean> keyProviderResults = new ConcurrentHashMap<>();</span>
	<span class="source-line-no">041</span><span id="line-41"> static final Map<String, Boolean> cipherProviderResults = new ConcurrentHashMap<>();</span>
	<span class="source-line-no">042</span><span id="line-42"> static final Map<String, Boolean> cipherResults = new ConcurrentHashMap<>();</span>
	<span class="source-line-no">043</span><span id="line-43"></span>
	<span class="source-line-no">044</span><span id="line-44"> private EncryptionTest() {</span>
	<span class="source-line-no">045</span><span id="line-45"> }</span>
	<span class="source-line-no">046</span><span id="line-46"></span>
	<span class="source-line-no">047</span><span id="line-47"> /**</span>
	<span class="source-line-no">048</span><span id="line-48"> * Check that the configured key provider can be loaded and initialized, or throw an exception.</span>
	<span class="source-line-no">049</span><span id="line-49"> */</span>
	<span class="source-line-no">050</span><span id="line-50"> public static void testKeyProvider(final Configuration conf) throws IOException {</span>
	<span class="source-line-no">051</span><span id="line-51"> String providerClassName =</span>
	<span class="source-line-no">052</span><span id="line-52"> conf.get(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyStoreKeyProvider.class.getName());</span>
	<span class="source-line-no">053</span><span id="line-53"> Boolean result = keyProviderResults.get(providerClassName);</span>
	<span class="source-line-no">054</span><span id="line-54"> if (result == null) {</span>
	<span class="source-line-no">055</span><span id="line-55"> try {</span>
	<span class="source-line-no">056</span><span id="line-56"> Encryption.getKeyProvider(conf);</span>
	<span class="source-line-no">057</span><span id="line-57"> keyProviderResults.put(providerClassName, true);</span>
	<span class="source-line-no">058</span><span id="line-58"> } catch (Exception e) { // most likely a RuntimeException</span>
	<span class="source-line-no">059</span><span id="line-59"> keyProviderResults.put(providerClassName, false);</span>
	<span class="source-line-no">060</span><span id="line-60"> throw new IOException(</span>
	<span class="source-line-no">061</span><span id="line-61"> "Key provider " + providerClassName + " failed test: " + e.getMessage(), e);</span>
	<span class="source-line-no">062</span><span id="line-62"> }</span>
	<span class="source-line-no">063</span><span id="line-63"> } else if (!result) {</span>
	<span class="source-line-no">064</span><span id="line-64"> throw new IOException("Key provider " + providerClassName + " previously failed test");</span>
	<span class="source-line-no">065</span><span id="line-65"> }</span>
	<span class="source-line-no">066</span><span id="line-66"> }</span>
	<span class="source-line-no">067</span><span id="line-67"></span>
	<span class="source-line-no">068</span><span id="line-68"> /**</span>
	<span class="source-line-no">069</span><span id="line-69"> * Check that the configured cipher provider can be loaded and initialized, or throw an exception.</span>
	<span class="source-line-no">070</span><span id="line-70"> */</span>
	<span class="source-line-no">071</span><span id="line-71"> public static void testCipherProvider(final Configuration conf) throws IOException {</span>
	<span class="source-line-no">072</span><span id="line-72"> String providerClassName =</span>
	<span class="source-line-no">073</span><span id="line-73"> conf.get(HConstants.CRYPTO_CIPHERPROVIDER_CONF_KEY, DefaultCipherProvider.class.getName());</span>
	<span class="source-line-no">074</span><span id="line-74"> Boolean result = cipherProviderResults.get(providerClassName);</span>
	<span class="source-line-no">075</span><span id="line-75"> if (result == null) {</span>
	<span class="source-line-no">076</span><span id="line-76"> try {</span>
	<span class="source-line-no">077</span><span id="line-77"> Encryption.getCipherProvider(conf);</span>
	<span class="source-line-no">078</span><span id="line-78"> cipherProviderResults.put(providerClassName, true);</span>
	<span class="source-line-no">079</span><span id="line-79"> } catch (Exception e) { // most likely a RuntimeException</span>
	<span class="source-line-no">080</span><span id="line-80"> cipherProviderResults.put(providerClassName, false);</span>
	<span class="source-line-no">081</span><span id="line-81"> throw new IOException(</span>
	<span class="source-line-no">082</span><span id="line-82"> "Cipher provider " + providerClassName + " failed test: " + e.getMessage(), e);</span>
	<span class="source-line-no">083</span><span id="line-83"> }</span>
	<span class="source-line-no">084</span><span id="line-84"> } else if (!result) {</span>
	<span class="source-line-no">085</span><span id="line-85"> throw new IOException("Cipher provider " + providerClassName + " previously failed test");</span>
	<span class="source-line-no">086</span><span id="line-86"> }</span>
	<span class="source-line-no">087</span><span id="line-87"> }</span>
	<span class="source-line-no">088</span><span id="line-88"></span>
	<span class="source-line-no">089</span><span id="line-89"> /**</span>
	<span class="source-line-no">090</span><span id="line-90"> * Check that the specified cipher can be loaded and initialized, or throw an exception. Verifies</span>
	<span class="source-line-no">091</span><span id="line-91"> * key and cipher provider configuration as a prerequisite for cipher verification. Also verifies</span>
	<span class="source-line-no">092</span><span id="line-92"> * if encryption is enabled globally.</span>
	<span class="source-line-no">093</span><span id="line-93"> * @param conf HBase configuration</span>
	<span class="source-line-no">094</span><span id="line-94"> * @param cipher chiper algorith to use for the column family</span>
	<span class="source-line-no">095</span><span id="line-95"> * @param key encryption key</span>
	<span class="source-line-no">096</span><span id="line-96"> * @throws IOException in case of encryption configuration error</span>
	<span class="source-line-no">097</span><span id="line-97"> */</span>
	<span class="source-line-no">098</span><span id="line-98"> public static void testEncryption(final Configuration conf, final String cipher, byte[] key)</span>
	<span class="source-line-no">099</span><span id="line-99"> throws IOException {</span>
	<span class="source-line-no">100</span><span id="line-100"> if (cipher == null) {</span>
	<span class="source-line-no">101</span><span id="line-101"> return;</span>
	<span class="source-line-no">102</span><span id="line-102"> }</span>
	<span class="source-line-no">103</span><span id="line-103"> if (!Encryption.isEncryptionEnabled(conf)) {</span>
	<span class="source-line-no">104</span><span id="line-104"> String message =</span>
	<span class="source-line-no">105</span><span id="line-105"> String.format("Cipher %s failed test: encryption is disabled on the cluster", cipher);</span>
	<span class="source-line-no">106</span><span id="line-106"> throw new IOException(message);</span>
	<span class="source-line-no">107</span><span id="line-107"> }</span>
	<span class="source-line-no">108</span><span id="line-108"> testKeyProvider(conf);</span>
	<span class="source-line-no">109</span><span id="line-109"> testCipherProvider(conf);</span>
	<span class="source-line-no">110</span><span id="line-110"> Boolean result = cipherResults.get(cipher);</span>
	<span class="source-line-no">111</span><span id="line-111"> if (result == null) {</span>
	<span class="source-line-no">112</span><span id="line-112"> try {</span>
	<span class="source-line-no">113</span><span id="line-113"> Encryption.Context context = Encryption.newContext(conf);</span>
	<span class="source-line-no">114</span><span id="line-114"> context.setCipher(Encryption.getCipher(conf, cipher));</span>
	<span class="source-line-no">115</span><span id="line-115"> if (key == null) {</span>
	<span class="source-line-no">116</span><span id="line-116"> // Make a random key since one was not provided</span>
	<span class="source-line-no">117</span><span id="line-117"> context.setKey(context.getCipher().getRandomKey());</span>
	<span class="source-line-no">118</span><span id="line-118"> } else {</span>
	<span class="source-line-no">119</span><span id="line-119"> // This will be a wrapped key from schema</span>
	<span class="source-line-no">120</span><span id="line-120"> context.setKey(EncryptionUtil.unwrapKey(conf,</span>
	<span class="source-line-no">121</span><span id="line-121"> conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase"), key));</span>
	<span class="source-line-no">122</span><span id="line-122"> }</span>
	<span class="source-line-no">123</span><span id="line-123"> byte[] iv = null;</span>
	<span class="source-line-no">124</span><span id="line-124"> if (context.getCipher().getIvLength() > 0) {</span>
	<span class="source-line-no">125</span><span id="line-125"> iv = new byte[context.getCipher().getIvLength()];</span>
	<span class="source-line-no">126</span><span id="line-126"> Bytes.secureRandom(iv);</span>
	<span class="source-line-no">127</span><span id="line-127"> }</span>
	<span class="source-line-no">128</span><span id="line-128"> byte[] plaintext = new byte[1024];</span>
	<span class="source-line-no">129</span><span id="line-129"> Bytes.random(plaintext);</span>
	<span class="source-line-no">130</span><span id="line-130"> ByteArrayOutputStream out = new ByteArrayOutputStream();</span>
	<span class="source-line-no">131</span><span id="line-131"> Encryption.encrypt(out, new ByteArrayInputStream(plaintext), context, iv);</span>
	<span class="source-line-no">132</span><span id="line-132"> byte[] ciphertext = out.toByteArray();</span>
	<span class="source-line-no">133</span><span id="line-133"> out.reset();</span>
	<span class="source-line-no">134</span><span id="line-134"> Encryption.decrypt(out, new ByteArrayInputStream(ciphertext), plaintext.length, context,</span>
	<span class="source-line-no">135</span><span id="line-135"> iv);</span>
	<span class="source-line-no">136</span><span id="line-136"> byte[] test = out.toByteArray();</span>
	<span class="source-line-no">137</span><span id="line-137"> if (!Bytes.equals(plaintext, test)) {</span>
	<span class="source-line-no">138</span><span id="line-138"> throw new IOException("Did not pass encrypt/decrypt test");</span>
	<span class="source-line-no">139</span><span id="line-139"> }</span>
	<span class="source-line-no">140</span><span id="line-140"> cipherResults.put(cipher, true);</span>
	<span class="source-line-no">141</span><span id="line-141"> } catch (Exception e) {</span>
	<span class="source-line-no">142</span><span id="line-142"> cipherResults.put(cipher, false);</span>
	<span class="source-line-no">143</span><span id="line-143"> throw new IOException("Cipher " + cipher + " failed test: " + e.getMessage(), e);</span>
	<span class="source-line-no">144</span><span id="line-144"> }</span>
	<span class="source-line-no">145</span><span id="line-145"> } else if (!result) {</span>
	<span class="source-line-no">146</span><span id="line-146"> throw new IOException("Cipher " + cipher + " previously failed test");</span>
	<span class="source-line-no">147</span><span id="line-147"> }</span>
	<span class="source-line-no">148</span><span id="line-148"> }</span>
	<span class="source-line-no">149</span><span id="line-149">}</span>




























































	</pre>
	</div>
	</main>
	</body>
	</html>