HDDS-2014. Create Symmetric Key for GDPR (#1362)
This commit is contained in:
parent
ec34cee5e3
commit
46696bd9b0
@ -312,4 +312,13 @@ private OzoneConsts() {
|
||||
public static final int S3_BUCKET_MIN_LENGTH = 3;
|
||||
public static final int S3_BUCKET_MAX_LENGTH = 64;
|
||||
|
||||
//GDPR
|
||||
public static final String GDPR_ALGORITHM_NAME = "AES";
|
||||
public static final int GDPR_RANDOM_SECRET_LENGTH = 32;
|
||||
public static final String GDPR_CHARSET = "UTF-8";
|
||||
public static final String GDPR_LENGTH = "length";
|
||||
public static final String GDPR_SECRET = "secret";
|
||||
public static final String GDPR_ALGORITHM = "algorithm";
|
||||
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,81 @@
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with this
|
||||
* work for additional information regarding copyright ownership. The ASF
|
||||
* licenses this file to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* <p>
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* <p>
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.apache.hadoop.ozone.security;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.apache.hadoop.ozone.OzoneConsts;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
/**
|
||||
* Symmetric Key structure for GDPR.
|
||||
*/
|
||||
public class GDPRSymmetricKey {
|
||||
|
||||
private SecretKeySpec secretKey;
|
||||
private Cipher cipher;
|
||||
private String algorithm;
|
||||
private String secret;
|
||||
|
||||
public SecretKeySpec getSecretKey() {
|
||||
return secretKey;
|
||||
}
|
||||
|
||||
public Cipher getCipher() {
|
||||
return cipher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default constructor creates key with default values.
|
||||
* @throws Exception
|
||||
*/
|
||||
public GDPRSymmetricKey() throws Exception {
|
||||
algorithm = OzoneConsts.GDPR_ALGORITHM_NAME;
|
||||
secret = RandomStringUtils
|
||||
.randomAlphabetic(OzoneConsts.GDPR_RANDOM_SECRET_LENGTH);
|
||||
this.secretKey = new SecretKeySpec(
|
||||
secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
|
||||
this.cipher = Cipher.getInstance(algorithm);
|
||||
}
|
||||
|
||||
/**
|
||||
* Overloaded constructor creates key with specified values.
|
||||
* @throws Exception
|
||||
*/
|
||||
public GDPRSymmetricKey(String secret, String algorithm) throws Exception {
|
||||
Preconditions.checkArgument(secret.length() == 32,
|
||||
"Secret must be exactly 32 characters");
|
||||
this.secret = secret;
|
||||
this.algorithm = algorithm;
|
||||
this.secretKey = new SecretKeySpec(
|
||||
secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm);
|
||||
this.cipher = Cipher.getInstance(algorithm);
|
||||
}
|
||||
|
||||
public Map<String, String> getKeyDetails() {
|
||||
Map<String, String> keyDetail = new HashMap<>();
|
||||
keyDetail.put(OzoneConsts.GDPR_SECRET, this.secret);
|
||||
keyDetail.put(OzoneConsts.GDPR_ALGORITHM, this.algorithm);
|
||||
return keyDetail;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,66 @@
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with this
|
||||
* work for additional information regarding copyright ownership. The ASF
|
||||
* licenses this file to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
* <p>
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* <p>
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.apache.hadoop.ozone.security;
|
||||
|
||||
import org.apache.hadoop.ozone.OzoneConsts;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Tests GDPRSymmetricKey structure.
|
||||
*/
|
||||
public class TestGDPRSymmetricKey {
|
||||
|
||||
@Test
|
||||
public void testKeyGenerationWithDefaults() throws Exception {
|
||||
GDPRSymmetricKey gkey = new GDPRSymmetricKey();
|
||||
|
||||
Assert.assertTrue(gkey.getCipher().getAlgorithm()
|
||||
.equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
|
||||
|
||||
gkey.getKeyDetails().forEach(
|
||||
(k, v) -> Assert.assertTrue(v.length() > 0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testKeyGenerationWithValidInput() throws Exception {
|
||||
GDPRSymmetricKey gkey = new GDPRSymmetricKey(
|
||||
"ApacheHadoopOzoneIsAnObjectStore",
|
||||
OzoneConsts.GDPR_ALGORITHM_NAME);
|
||||
|
||||
Assert.assertTrue(gkey.getCipher().getAlgorithm()
|
||||
.equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));
|
||||
|
||||
gkey.getKeyDetails().forEach(
|
||||
(k, v) -> Assert.assertTrue(v.length() > 0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testKeyGenerationWithInvalidInput() throws Exception {
|
||||
GDPRSymmetricKey gkey = null;
|
||||
try{
|
||||
gkey = new GDPRSymmetricKey("ozone",
|
||||
OzoneConsts.GDPR_ALGORITHM_NAME);
|
||||
} catch (IllegalArgumentException ex) {
|
||||
Assert.assertTrue(ex.getMessage()
|
||||
.equalsIgnoreCase("Secret must be exactly 32 characters"));
|
||||
Assert.assertTrue(gkey == null);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user