HDDS-2226. S3 Secrets should use a strong RNG. (#1572)

This commit is contained in:
Anu Engineer 2019-10-03 09:28:41 -07:00 committed by GitHub
parent 5a7483ca5c
commit d59bcbfa0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -30,6 +30,7 @@
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Optional; import java.util.Optional;
@ -39,7 +40,6 @@
import org.apache.commons.compress.archivers.tar.TarArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.apache.commons.compress.utils.IOUtils; import org.apache.commons.compress.utils.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.scm.HddsServerUtil; import org.apache.hadoop.hdds.scm.HddsServerUtil;
@ -73,6 +73,8 @@
*/ */
public final class OmUtils { public final class OmUtils {
public static final Logger LOG = LoggerFactory.getLogger(OmUtils.class); public static final Logger LOG = LoggerFactory.getLogger(OmUtils.class);
private static final SecureRandom SRAND = new SecureRandom();
private static byte[] randomBytes = new byte[32];
private OmUtils() { private OmUtils() {
} }
@ -274,9 +276,9 @@ public static byte[] getMD5Digest(String input) throws IOException {
public static byte[] getSHADigest() throws IOException { public static byte[] getSHADigest() throws IOException {
try { try {
SRAND.nextBytes(randomBytes);
MessageDigest sha = MessageDigest.getInstance(OzoneConsts.FILE_HASH); MessageDigest sha = MessageDigest.getInstance(OzoneConsts.FILE_HASH);
return sha.digest(RandomStringUtils.random(32) return sha.digest(randomBytes);
.getBytes(StandardCharsets.UTF_8));
} catch (NoSuchAlgorithmException ex) { } catch (NoSuchAlgorithmException ex) {
throw new IOException("Error creating an instance of SHA-256 digest.\n" + throw new IOException("Error creating an instance of SHA-256 digest.\n" +
"This could possibly indicate a faulty JRE"); "This could possibly indicate a faulty JRE");