001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.util; 019 020import static org.junit.Assert.assertEquals; 021import static org.junit.Assert.assertNotNull; 022import static org.junit.Assert.assertTrue; 023 024import java.security.Key; 025import java.security.SecureRandom; 026import java.util.ArrayList; 027import java.util.List; 028import javax.crypto.spec.SecretKeySpec; 029import org.apache.hadoop.conf.Configuration; 030import org.apache.hadoop.fs.Path; 031import org.apache.hadoop.hbase.HBaseClassTestRule; 032import org.apache.hadoop.hbase.HBaseTestingUtility; 033import org.apache.hadoop.hbase.HColumnDescriptor; 034import org.apache.hadoop.hbase.HConstants; 035import org.apache.hadoop.hbase.HTableDescriptor; 036import org.apache.hadoop.hbase.TableName; 037import org.apache.hadoop.hbase.client.Put; 038import org.apache.hadoop.hbase.client.Table; 039import org.apache.hadoop.hbase.io.crypto.Encryption; 040import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting; 041import org.apache.hadoop.hbase.io.crypto.aes.AES; 042import org.apache.hadoop.hbase.io.hfile.CacheConfig; 043import org.apache.hadoop.hbase.io.hfile.HFile; 044import org.apache.hadoop.hbase.regionserver.HRegion; 045import org.apache.hadoop.hbase.regionserver.HStore; 046import org.apache.hadoop.hbase.regionserver.HStoreFile; 047import org.apache.hadoop.hbase.regionserver.Region; 048import org.apache.hadoop.hbase.security.EncryptionUtil; 049import org.apache.hadoop.hbase.security.User; 050import org.apache.hadoop.hbase.testclassification.LargeTests; 051import org.apache.hadoop.hbase.testclassification.MiscTests; 052import org.apache.hadoop.hbase.util.hbck.HFileCorruptionChecker; 053import org.apache.hadoop.hbase.util.hbck.HbckTestingUtil; 054import org.junit.After; 055import org.junit.Before; 056import org.junit.ClassRule; 057import org.junit.Test; 058import org.junit.experimental.categories.Category; 059 060@Category({MiscTests.class, LargeTests.class}) 061public class TestHBaseFsckEncryption { 062 063 @ClassRule 064 public static final HBaseClassTestRule CLASS_RULE = 065 HBaseClassTestRule.forClass(TestHBaseFsckEncryption.class); 066 067 private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); 068 069 private Configuration conf; 070 private HTableDescriptor htd; 071 private Key cfKey; 072 073 @Before 074 public void setUp() throws Exception { 075 conf = TEST_UTIL.getConfiguration(); 076 conf.setInt("hfile.format.version", 3); 077 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName()); 078 conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase"); 079 080 // Create the test encryption key 081 SecureRandom rng = new SecureRandom(); 082 byte[] keyBytes = new byte[AES.KEY_LENGTH]; 083 rng.nextBytes(keyBytes); 084 String algorithm = 085 conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES); 086 cfKey = new SecretKeySpec(keyBytes,algorithm); 087 088 // Start the minicluster 089 TEST_UTIL.startMiniCluster(3); 090 091 // Create the table 092 htd = new HTableDescriptor(TableName.valueOf("default", "TestHBaseFsckEncryption")); 093 HColumnDescriptor hcd = new HColumnDescriptor("cf"); 094 hcd.setEncryptionType(algorithm); 095 hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, 096 conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName()), 097 cfKey)); 098 htd.addFamily(hcd); 099 TEST_UTIL.getAdmin().createTable(htd); 100 TEST_UTIL.waitTableAvailable(htd.getTableName(), 5000); 101 } 102 103 @After 104 public void tearDown() throws Exception { 105 TEST_UTIL.shutdownMiniCluster(); 106 } 107 108 @Test 109 public void testFsckWithEncryption() throws Exception { 110 // Populate the table with some data 111 Table table = TEST_UTIL.getConnection().getTable(htd.getTableName()); 112 try { 113 byte[] values = { 'A', 'B', 'C', 'D' }; 114 for (int i = 0; i < values.length; i++) { 115 for (int j = 0; j < values.length; j++) { 116 Put put = new Put(new byte[] { values[i], values[j] }); 117 put.addColumn(Bytes.toBytes("cf"), new byte[]{}, new byte[]{values[i], 118 values[j]}); 119 table.put(put); 120 } 121 } 122 } finally { 123 table.close(); 124 } 125 // Flush it 126 TEST_UTIL.getAdmin().flush(htd.getTableName()); 127 128 // Verify we have encrypted store files on disk 129 final List<Path> paths = findStorefilePaths(htd.getTableName()); 130 assertTrue(paths.size() > 0); 131 for (Path path: paths) { 132 assertTrue("Store file " + path + " has incorrect key", 133 Bytes.equals(cfKey.getEncoded(), extractHFileKey(path))); 134 } 135 136 // Insure HBck doesn't consider them corrupt 137 HBaseFsck res = HbckTestingUtil.doHFileQuarantine(conf, htd.getTableName()); 138 assertEquals(0, res.getRetCode()); 139 HFileCorruptionChecker hfcc = res.getHFilecorruptionChecker(); 140 assertEquals(0, hfcc.getCorrupted().size()); 141 assertEquals(0, hfcc.getFailures().size()); 142 assertEquals(0, hfcc.getQuarantined().size()); 143 assertEquals(0, hfcc.getMissing().size()); 144 } 145 146 private List<Path> findStorefilePaths(TableName tableName) throws Exception { 147 List<Path> paths = new ArrayList<>(); 148 for (Region region : TEST_UTIL.getRSForFirstRegionInTable(tableName) 149 .getRegions(htd.getTableName())) { 150 for (HStore store : ((HRegion) region).getStores()) { 151 for (HStoreFile storefile : store.getStorefiles()) { 152 paths.add(storefile.getPath()); 153 } 154 } 155 } 156 return paths; 157 } 158 159 private byte[] extractHFileKey(Path path) throws Exception { 160 HFile.Reader reader = HFile.createReader(TEST_UTIL.getTestFileSystem(), path, 161 new CacheConfig(conf), true, conf); 162 try { 163 reader.loadFileInfo(); 164 Encryption.Context cryptoContext = reader.getFileContext().getEncryptionContext(); 165 assertNotNull("Reader has a null crypto context", cryptoContext); 166 Key key = cryptoContext.getKey(); 167 assertNotNull("Crypto context has no key", key); 168 return key.getEncoded(); 169 } finally { 170 reader.close(); 171 } 172 } 173 174}