diff --git a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java index 5b6d620c8d..ebe4477955 100644 --- a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java +++ b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java @@ -94,6 +94,7 @@ import java.io.IOException; import java.net.URI; import java.security.InvalidKeyException; +import java.security.SecureRandom; import java.util.*; import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; @@ -587,7 +588,7 @@ public OzoneOutputStream createKey( if(Boolean.valueOf(metadata.get(OzoneConsts.GDPR_FLAG))){ try{ - GDPRSymmetricKey gKey = new GDPRSymmetricKey(); + GDPRSymmetricKey gKey = new GDPRSymmetricKey(new SecureRandom()); metadata.putAll(gKey.getKeyDetails()); }catch (Exception e) { if(e instanceof InvalidKeyException && diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java index b5e6909119..0fd6b08bcc 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/GDPRSymmetricKey.java @@ -20,6 +20,7 @@ import org.apache.commons.lang3.RandomStringUtils; import org.apache.hadoop.ozone.OzoneConsts; +import java.security.SecureRandom; import java.util.HashMap; import java.util.Map; @@ -48,10 +49,11 @@ public Cipher getCipher() { * Default constructor creates key with default values. * @throws Exception */ - public GDPRSymmetricKey() throws Exception { + public GDPRSymmetricKey(SecureRandom secureRandom) throws Exception { algorithm = OzoneConsts.GDPR_ALGORITHM_NAME; - secret = RandomStringUtils - .randomAlphabetic(OzoneConsts.GDPR_DEFAULT_RANDOM_SECRET_LENGTH); + secret = RandomStringUtils.random( + OzoneConsts.GDPR_DEFAULT_RANDOM_SECRET_LENGTH, + 0, 0, true, true, null, secureRandom); this.secretKey = new SecretKeySpec( secret.getBytes(OzoneConsts.GDPR_CHARSET), algorithm); this.cipher = Cipher.getInstance(algorithm); diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java index e0fdc90cee..39c622043b 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/TestGDPRSymmetricKey.java @@ -21,6 +21,8 @@ import org.junit.Assert; import org.junit.Test; +import java.security.SecureRandom; + /** * Tests GDPRSymmetricKey structure. */ @@ -28,7 +30,7 @@ public class TestGDPRSymmetricKey { @Test public void testKeyGenerationWithDefaults() throws Exception { - GDPRSymmetricKey gkey = new GDPRSymmetricKey(); + GDPRSymmetricKey gkey = new GDPRSymmetricKey(new SecureRandom()); Assert.assertTrue(gkey.getCipher().getAlgorithm() .equalsIgnoreCase(OzoneConsts.GDPR_ALGORITHM_NAME));