hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneAtRestEncryption.java - ozone - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.ozone.client.rpc;

 import java.io.File;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.time.Instant;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;

 import org.apache.hadoop.crypto.key.KeyProvider;
 import org.apache.hadoop.crypto.key.kms.KMSClientProvider;
 import org.apache.hadoop.crypto.key.kms.server.MiniKMS;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 import org.apache.hadoop.hdds.HddsConfigKeys;
 import org.apache.hadoop.hdds.client.ReplicationFactor;
 import org.apache.hadoop.hdds.client.ReplicationType;
 import org.apache.hadoop.hdds.conf.OzoneConfiguration;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
 import org.apache.hadoop.hdds.scm.container.ContainerInfo;
 import org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
 import org.apache.hadoop.ozone.MiniOzoneCluster;
 import org.apache.hadoop.ozone.OzoneConsts;
 import org.apache.hadoop.ozone.client.BucketArgs;
 import org.apache.hadoop.ozone.client.CertificateClientTestImpl;
 import org.apache.hadoop.ozone.client.ObjectStore;
 import org.apache.hadoop.ozone.client.OzoneBucket;
 import org.apache.hadoop.ozone.client.OzoneClient;
 import org.apache.hadoop.ozone.client.OzoneClientFactory;
 import org.apache.hadoop.ozone.client.OzoneKey;
 import org.apache.hadoop.ozone.client.OzoneKeyDetails;
 import org.apache.hadoop.ozone.client.OzoneVolume;
 import org.apache.hadoop.ozone.client.io.OzoneInputStream;
 import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
 import org.apache.hadoop.ozone.om.OMMetadataManager;
 import org.apache.hadoop.ozone.om.OzoneManager;
 import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
 import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
 import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
 import org.apache.hadoop.ozone.om.helpers.RepeatedOmKeyInfo;
 import org.apache.hadoop.test.GenericTestUtils;

 import static org.apache.hadoop.hdds.HddsConfigKeys.OZONE_METADATA_DIRS;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;

 /**
  * This class is to test all the public facing APIs of Ozone Client.
  */
 @Ignore
 public class TestOzoneAtRestEncryption extends TestOzoneRpcClient {

   private static MiniOzoneCluster cluster = null;
   private static MiniKMS miniKMS;
   private static OzoneClient ozClient = null;
   private static ObjectStore store = null;
   private static OzoneManager ozoneManager;
   private static StorageContainerLocationProtocolClientSideTranslatorPB
       storageContainerLocationClient;

   private static final String SCM_ID = UUID.randomUUID().toString();
   private static File testDir;
   private static OzoneConfiguration conf;
   private static final String TEST_KEY = "key1";


     /**
      * Create a MiniOzoneCluster for testing.
      * <p>
      * Ozone is made active by setting OZONE_ENABLED = true
      *
      * @throws IOException
      */
   @BeforeClass
   public static void init() throws Exception {
     testDir = GenericTestUtils.getTestDir(
         TestSecureOzoneRpcClient.class.getSimpleName());

     File kmsDir = new File(testDir, UUID.randomUUID().toString());
     Assert.assertTrue(kmsDir.mkdirs());
     MiniKMS.Builder miniKMSBuilder = new MiniKMS.Builder();
     miniKMS = miniKMSBuilder.setKmsConfDir(kmsDir).build();
     miniKMS.start();

     OzoneManager.setTestSecureOmFlag(true);
     conf = new OzoneConfiguration();
     conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
         getKeyProviderURI(miniKMS));
     conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath());
     conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
     conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath());
     CertificateClientTestImpl certificateClientTest =
         new CertificateClientTestImpl(conf);
     cluster = MiniOzoneCluster.newBuilder(conf)
         .setNumDatanodes(10)
         .setScmId(SCM_ID)
         .setCertificateClient(certificateClientTest)
         .build();
     cluster.getOzoneManager().startSecretManager();
     cluster.waitForClusterToBeReady();
     ozClient = OzoneClientFactory.getRpcClient(conf);
     store = ozClient.getObjectStore();
     storageContainerLocationClient =
         cluster.getStorageContainerLocationClient();
     ozoneManager = cluster.getOzoneManager();
     TestOzoneRpcClient.setCluster(cluster);
     TestOzoneRpcClient.setOzClient(ozClient);
     TestOzoneRpcClient.setOzoneManager(ozoneManager);
     TestOzoneRpcClient.setStorageContainerLocationClient(
         storageContainerLocationClient);
     TestOzoneRpcClient.setStore(store);
     TestOzoneRpcClient.setScmId(SCM_ID);

     // create test key
     createKey(TEST_KEY, cluster.getOzoneManager().getKmsProvider(), conf);
   }


     /**
      * Close OzoneClient and shutdown MiniOzoneCluster.
      */
   @AfterClass
   public static void shutdown() throws IOException {
     if(ozClient != null) {
       ozClient.close();
     }

     if (storageContainerLocationClient != null) {
       storageContainerLocationClient.close();
     }

     if (cluster != null) {
       cluster.shutdown();
     }

     if (miniKMS != null) {
       miniKMS.stop();
     }
   }

   @Test
   public void testPutKeyWithEncryption() throws Exception {
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     Instant testStartTime = Instant.now();

     String value = "sample value";
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
     BucketArgs bucketArgs = BucketArgs.newBuilder()
         .setBucketEncryptionKey(TEST_KEY).build();
     volume.createBucket(bucketName, bucketArgs);
     OzoneBucket bucket = volume.getBucket(bucketName);

     for (int i = 0; i < 1; i++) {
       String keyName = UUID.randomUUID().toString();

       try (OzoneOutputStream out = bucket.createKey(keyName,
           value.getBytes(StandardCharsets.UTF_8).length,
           ReplicationType.STAND_ALONE,
           ReplicationFactor.ONE, new HashMap<>())) {
         out.write(value.getBytes(StandardCharsets.UTF_8));
       }

       OzoneKey key = bucket.getKey(keyName);
       Assert.assertEquals(keyName, key.getName());
       byte[] fileContent;
       int len = 0;

       try(OzoneInputStream is = bucket.readKey(keyName)) {
         fileContent = new byte[value.getBytes(StandardCharsets.UTF_8).length];
         len = is.read(fileContent);
       }

       Assert.assertEquals(len, value.length());
       Assert.assertTrue(verifyRatisReplication(volumeName, bucketName,
           keyName, ReplicationType.STAND_ALONE,
           ReplicationFactor.ONE));
       Assert.assertEquals(value, new String(fileContent,
           StandardCharsets.UTF_8));
       Assert.assertFalse(key.getCreationTime().isBefore(testStartTime));
       Assert.assertFalse(key.getModificationTime().isBefore(testStartTime));
     }
   }

   /**
    * Test PutKey & DeleteKey with Encryption and GDPR.
    * 1. Create a GDPR enforced bucket
    * 2. PutKey with Encryption in above bucket and verify.
    * 3. DeleteKey and confirm the metadata does not have encryption key.
    * @throws Exception
    */
   @Test
   public void testKeyWithEncryptionAndGdpr() throws Exception {
     //Step 1
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     Instant testStartTime = Instant.now();

     String value = "sample value";
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
     //Bucket with Encryption & GDPR enforced
     BucketArgs bucketArgs = BucketArgs.newBuilder()
         .setBucketEncryptionKey(TEST_KEY)
         .addMetadata(OzoneConsts.GDPR_FLAG, "true").build();
     volume.createBucket(bucketName, bucketArgs);
     OzoneBucket bucket = volume.getBucket(bucketName);
     Assert.assertEquals(bucketName, bucket.getName());
     Assert.assertNotNull(bucket.getMetadata());
     Assert.assertEquals("true",
         bucket.getMetadata().get(OzoneConsts.GDPR_FLAG));

     //Step 2
     String keyName = UUID.randomUUID().toString();
     Map<String, String> keyMetadata = new HashMap<>();
     keyMetadata.put(OzoneConsts.GDPR_FLAG, "true");
     try (OzoneOutputStream out = bucket.createKey(keyName,
         value.getBytes(StandardCharsets.UTF_8).length,
         ReplicationType.STAND_ALONE,
         ReplicationFactor.ONE, keyMetadata)) {
       out.write(value.getBytes(StandardCharsets.UTF_8));
     }

     OzoneKeyDetails key = bucket.getKey(keyName);
     Assert.assertEquals(keyName, key.getName());
     byte[] fileContent;
     int len = 0;

     try(OzoneInputStream is = bucket.readKey(keyName)) {
       fileContent = new byte[value.getBytes(StandardCharsets.UTF_8).length];
       len = is.read(fileContent);
     }

     Assert.assertEquals(len, value.length());
     Assert.assertTrue(verifyRatisReplication(volumeName, bucketName,
         keyName, ReplicationType.STAND_ALONE,
         ReplicationFactor.ONE));
     Assert.assertEquals(value, new String(fileContent, StandardCharsets.UTF_8));
     Assert.assertFalse(key.getCreationTime().isBefore(testStartTime));
     Assert.assertFalse(key.getModificationTime().isBefore(testStartTime));
     Assert.assertEquals("true", key.getMetadata().get(OzoneConsts.GDPR_FLAG));
     //As TDE is enabled, the TDE encryption details should not be null.
     Assert.assertNotNull(key.getFileEncryptionInfo());

     //Step 3
     bucket.deleteKey(key.getName());

     OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
     String objectKey = omMetadataManager.getOzoneKey(volumeName, bucketName,
         keyName);
     RepeatedOmKeyInfo deletedKeys =
         omMetadataManager.getDeletedTable().get(objectKey);
     Map<String, String> deletedKeyMetadata =
         deletedKeys.getOmKeyInfoList().get(0).getMetadata();
     Assert.assertFalse(deletedKeyMetadata.containsKey(OzoneConsts.GDPR_FLAG));
     Assert.assertFalse(deletedKeyMetadata.containsKey(OzoneConsts.GDPR_SECRET));
     Assert.assertFalse(
         deletedKeyMetadata.containsKey(OzoneConsts.GDPR_ALGORITHM));
     Assert.assertNull(
         deletedKeys.getOmKeyInfoList().get(0).getFileEncryptionInfo());
   }

   private boolean verifyRatisReplication(String volumeName, String bucketName,
       String keyName, ReplicationType type, ReplicationFactor factor)
       throws IOException {
     OmKeyArgs keyArgs = new OmKeyArgs.Builder()
         .setVolumeName(volumeName)
         .setBucketName(bucketName)
         .setKeyName(keyName)
         .setRefreshPipeline(true)
         .build();
     HddsProtos.ReplicationType replicationType =
         HddsProtos.ReplicationType.valueOf(type.toString());
     HddsProtos.ReplicationFactor replicationFactor =
         HddsProtos.ReplicationFactor.valueOf(factor.getValue());
     OmKeyInfo keyInfo = ozoneManager.lookupKey(keyArgs);
     for (OmKeyLocationInfo info:
         keyInfo.getLatestVersionLocations().getLocationList()) {
       ContainerInfo container =
           storageContainerLocationClient.getContainer(info.getContainerID());
       if (!container.getReplicationFactor().equals(replicationFactor) || (
           container.getReplicationType() != replicationType)) {
         return false;
       }
     }
     return true;
   }

   private static String getKeyProviderURI(MiniKMS kms) {
     return KMSClientProvider.SCHEME_NAME + "://" +
         kms.getKMSUrl().toExternalForm().replace("://", "@");
   }

   private static void createKey(String keyName, KeyProvider
       provider, OzoneConfiguration config)
       throws NoSuchAlgorithmException, IOException {
     final KeyProvider.Options options = KeyProvider.options(config);
     options.setDescription(keyName);
     options.setBitLength(128);
     provider.createKey(keyName, options);
     provider.flush();
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.ozone.client.rpc;

	import java.io.File;
	import java.io.IOException;
	import java.nio.charset.StandardCharsets;
	import java.security.NoSuchAlgorithmException;
	import java.time.Instant;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.UUID;

	import org.apache.hadoop.crypto.key.KeyProvider;
	import org.apache.hadoop.crypto.key.kms.KMSClientProvider;
	import org.apache.hadoop.crypto.key.kms.server.MiniKMS;
	import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
	import org.apache.hadoop.hdds.HddsConfigKeys;
	import org.apache.hadoop.hdds.client.ReplicationFactor;
	import org.apache.hadoop.hdds.client.ReplicationType;
	import org.apache.hadoop.hdds.conf.OzoneConfiguration;
	import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
	import org.apache.hadoop.hdds.scm.container.ContainerInfo;
	import org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
	import org.apache.hadoop.ozone.MiniOzoneCluster;
	import org.apache.hadoop.ozone.OzoneConsts;
	import org.apache.hadoop.ozone.client.BucketArgs;
	import org.apache.hadoop.ozone.client.CertificateClientTestImpl;
	import org.apache.hadoop.ozone.client.ObjectStore;
	import org.apache.hadoop.ozone.client.OzoneBucket;
	import org.apache.hadoop.ozone.client.OzoneClient;
	import org.apache.hadoop.ozone.client.OzoneClientFactory;
	import org.apache.hadoop.ozone.client.OzoneKey;
	import org.apache.hadoop.ozone.client.OzoneKeyDetails;
	import org.apache.hadoop.ozone.client.OzoneVolume;
	import org.apache.hadoop.ozone.client.io.OzoneInputStream;
	import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
	import org.apache.hadoop.ozone.om.OMMetadataManager;
	import org.apache.hadoop.ozone.om.OzoneManager;
	import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
	import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
	import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
	import org.apache.hadoop.ozone.om.helpers.RepeatedOmKeyInfo;
	import org.apache.hadoop.test.GenericTestUtils;

	import static org.apache.hadoop.hdds.HddsConfigKeys.OZONE_METADATA_DIRS;
	import org.junit.AfterClass;
	import org.junit.Assert;
	import org.junit.BeforeClass;
	import org.junit.Ignore;
	import org.junit.Test;

	/**
	* This class is to test all the public facing APIs of Ozone Client.
	*/
	@Ignore
	public class TestOzoneAtRestEncryption extends TestOzoneRpcClient {

	private static MiniOzoneCluster cluster = null;
	private static MiniKMS miniKMS;
	private static OzoneClient ozClient = null;
	private static ObjectStore store = null;
	private static OzoneManager ozoneManager;
	private static StorageContainerLocationProtocolClientSideTranslatorPB
	storageContainerLocationClient;

	private static final String SCM_ID = UUID.randomUUID().toString();
	private static File testDir;
	private static OzoneConfiguration conf;
	private static final String TEST_KEY = "key1";


	/**
	* Create a MiniOzoneCluster for testing.
	* <p>
	* Ozone is made active by setting OZONE_ENABLED = true
	*
	* @throws IOException
	*/
	@BeforeClass
	public static void init() throws Exception {
	testDir = GenericTestUtils.getTestDir(
	TestSecureOzoneRpcClient.class.getSimpleName());

	File kmsDir = new File(testDir, UUID.randomUUID().toString());
	Assert.assertTrue(kmsDir.mkdirs());
	MiniKMS.Builder miniKMSBuilder = new MiniKMS.Builder();
	miniKMS = miniKMSBuilder.setKmsConfDir(kmsDir).build();
	miniKMS.start();

	OzoneManager.setTestSecureOmFlag(true);
	conf = new OzoneConfiguration();
	conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_KEY_PROVIDER_PATH,
	getKeyProviderURI(miniKMS));
	conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath());
	conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
	conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath());
	CertificateClientTestImpl certificateClientTest =
	new CertificateClientTestImpl(conf);
	cluster = MiniOzoneCluster.newBuilder(conf)
	.setNumDatanodes(10)
	.setScmId(SCM_ID)
	.setCertificateClient(certificateClientTest)
	.build();
	cluster.getOzoneManager().startSecretManager();
	cluster.waitForClusterToBeReady();
	ozClient = OzoneClientFactory.getRpcClient(conf);
	store = ozClient.getObjectStore();
	storageContainerLocationClient =
	cluster.getStorageContainerLocationClient();
	ozoneManager = cluster.getOzoneManager();
	TestOzoneRpcClient.setCluster(cluster);
	TestOzoneRpcClient.setOzClient(ozClient);
	TestOzoneRpcClient.setOzoneManager(ozoneManager);
	TestOzoneRpcClient.setStorageContainerLocationClient(
	storageContainerLocationClient);
	TestOzoneRpcClient.setStore(store);
	TestOzoneRpcClient.setScmId(SCM_ID);

	// create test key
	createKey(TEST_KEY, cluster.getOzoneManager().getKmsProvider(), conf);
	}



	/**
	* Close OzoneClient and shutdown MiniOzoneCluster.
	*/
	@AfterClass
	public static void shutdown() throws IOException {
	if(ozClient != null) {
	ozClient.close();
	}

	if (storageContainerLocationClient != null) {
	storageContainerLocationClient.close();
	}

	if (cluster != null) {
	cluster.shutdown();
	}

	if (miniKMS != null) {
	miniKMS.stop();
	}
	}

	@Test
	public void testPutKeyWithEncryption() throws Exception {
	String volumeName = UUID.randomUUID().toString();
	String bucketName = UUID.randomUUID().toString();
	Instant testStartTime = Instant.now();

	String value = "sample value";
	store.createVolume(volumeName);
	OzoneVolume volume = store.getVolume(volumeName);
	BucketArgs bucketArgs = BucketArgs.newBuilder()
	.setBucketEncryptionKey(TEST_KEY).build();
	volume.createBucket(bucketName, bucketArgs);
	OzoneBucket bucket = volume.getBucket(bucketName);

	for (int i = 0; i < 1; i++) {
	String keyName = UUID.randomUUID().toString();

	try (OzoneOutputStream out = bucket.createKey(keyName,
	value.getBytes(StandardCharsets.UTF_8).length,
	ReplicationType.STAND_ALONE,
	ReplicationFactor.ONE, new HashMap<>())) {
	out.write(value.getBytes(StandardCharsets.UTF_8));
	}

	OzoneKey key = bucket.getKey(keyName);
	Assert.assertEquals(keyName, key.getName());
	byte[] fileContent;
	int len = 0;

	try(OzoneInputStream is = bucket.readKey(keyName)) {
	fileContent = new byte[value.getBytes(StandardCharsets.UTF_8).length];
	len = is.read(fileContent);
	}

	Assert.assertEquals(len, value.length());
	Assert.assertTrue(verifyRatisReplication(volumeName, bucketName,
	keyName, ReplicationType.STAND_ALONE,
	ReplicationFactor.ONE));
	Assert.assertEquals(value, new String(fileContent,
	StandardCharsets.UTF_8));
	Assert.assertFalse(key.getCreationTime().isBefore(testStartTime));
	Assert.assertFalse(key.getModificationTime().isBefore(testStartTime));
	}
	}

	/**
	* Test PutKey & DeleteKey with Encryption and GDPR.
	* 1. Create a GDPR enforced bucket
	* 2. PutKey with Encryption in above bucket and verify.
	* 3. DeleteKey and confirm the metadata does not have encryption key.
	* @throws Exception
	*/
	@Test
	public void testKeyWithEncryptionAndGdpr() throws Exception {
	//Step 1
	String volumeName = UUID.randomUUID().toString();
	String bucketName = UUID.randomUUID().toString();
	Instant testStartTime = Instant.now();

	String value = "sample value";
	store.createVolume(volumeName);
	OzoneVolume volume = store.getVolume(volumeName);
	//Bucket with Encryption & GDPR enforced
	BucketArgs bucketArgs = BucketArgs.newBuilder()
	.setBucketEncryptionKey(TEST_KEY)
	.addMetadata(OzoneConsts.GDPR_FLAG, "true").build();
	volume.createBucket(bucketName, bucketArgs);
	OzoneBucket bucket = volume.getBucket(bucketName);
	Assert.assertEquals(bucketName, bucket.getName());
	Assert.assertNotNull(bucket.getMetadata());
	Assert.assertEquals("true",
	bucket.getMetadata().get(OzoneConsts.GDPR_FLAG));

	//Step 2
	String keyName = UUID.randomUUID().toString();
	Map<String, String> keyMetadata = new HashMap<>();
	keyMetadata.put(OzoneConsts.GDPR_FLAG, "true");
	try (OzoneOutputStream out = bucket.createKey(keyName,
	value.getBytes(StandardCharsets.UTF_8).length,
	ReplicationType.STAND_ALONE,
	ReplicationFactor.ONE, keyMetadata)) {
	out.write(value.getBytes(StandardCharsets.UTF_8));
	}

	OzoneKeyDetails key = bucket.getKey(keyName);
	Assert.assertEquals(keyName, key.getName());
	byte[] fileContent;
	int len = 0;

	try(OzoneInputStream is = bucket.readKey(keyName)) {
	fileContent = new byte[value.getBytes(StandardCharsets.UTF_8).length];
	len = is.read(fileContent);
	}

	Assert.assertEquals(len, value.length());
	Assert.assertTrue(verifyRatisReplication(volumeName, bucketName,
	keyName, ReplicationType.STAND_ALONE,
	ReplicationFactor.ONE));
	Assert.assertEquals(value, new String(fileContent, StandardCharsets.UTF_8));
	Assert.assertFalse(key.getCreationTime().isBefore(testStartTime));
	Assert.assertFalse(key.getModificationTime().isBefore(testStartTime));
	Assert.assertEquals("true", key.getMetadata().get(OzoneConsts.GDPR_FLAG));
	//As TDE is enabled, the TDE encryption details should not be null.
	Assert.assertNotNull(key.getFileEncryptionInfo());

	//Step 3
	bucket.deleteKey(key.getName());

	OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
	String objectKey = omMetadataManager.getOzoneKey(volumeName, bucketName,
	keyName);
	RepeatedOmKeyInfo deletedKeys =
	omMetadataManager.getDeletedTable().get(objectKey);
	Map<String, String> deletedKeyMetadata =
	deletedKeys.getOmKeyInfoList().get(0).getMetadata();
	Assert.assertFalse(deletedKeyMetadata.containsKey(OzoneConsts.GDPR_FLAG));
	Assert.assertFalse(deletedKeyMetadata.containsKey(OzoneConsts.GDPR_SECRET));
	Assert.assertFalse(
	deletedKeyMetadata.containsKey(OzoneConsts.GDPR_ALGORITHM));
	Assert.assertNull(
	deletedKeys.getOmKeyInfoList().get(0).getFileEncryptionInfo());
	}

	private boolean verifyRatisReplication(String volumeName, String bucketName,
	String keyName, ReplicationType type, ReplicationFactor factor)
	throws IOException {
	OmKeyArgs keyArgs = new OmKeyArgs.Builder()
	.setVolumeName(volumeName)
	.setBucketName(bucketName)
	.setKeyName(keyName)
	.setRefreshPipeline(true)
	.build();
	HddsProtos.ReplicationType replicationType =
	HddsProtos.ReplicationType.valueOf(type.toString());
	HddsProtos.ReplicationFactor replicationFactor =
	HddsProtos.ReplicationFactor.valueOf(factor.getValue());
	OmKeyInfo keyInfo = ozoneManager.lookupKey(keyArgs);
	for (OmKeyLocationInfo info:
	keyInfo.getLatestVersionLocations().getLocationList()) {
	ContainerInfo container =
	storageContainerLocationClient.getContainer(info.getContainerID());
	if (!container.getReplicationFactor().equals(replicationFactor) \|\| (
	container.getReplicationType() != replicationType)) {
	return false;
	}
	}
	return true;
	}

	private static String getKeyProviderURI(MiniKMS kms) {
	return KMSClientProvider.SCHEME_NAME + "://" +
	kms.getKMSUrl().toExternalForm().replace("://", "@");
	}

	private static void createKey(String keyName, KeyProvider
	provider, OzoneConfiguration config)
	throws NoSuchAlgorithmException, IOException {
	final KeyProvider.Options options = KeyProvider.options(config);
	options.setDescription(keyName);
	options.setBitLength(128);
	provider.createKey(keyName, options);
	provider.flush();
	}
	}