001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.io.crypto; 019 020import static org.junit.jupiter.api.Assertions.assertEquals; 021import static org.junit.jupiter.api.Assertions.assertNotNull; 022 023import java.io.File; 024import java.io.FileOutputStream; 025import java.net.URLEncoder; 026import java.security.Key; 027import java.security.KeyStore; 028import java.security.MessageDigest; 029import java.util.Properties; 030import javax.crypto.spec.SecretKeySpec; 031import org.apache.hadoop.hbase.HBaseCommonTestingUtil; 032import org.apache.hadoop.hbase.testclassification.MiscTests; 033import org.apache.hadoop.hbase.testclassification.SmallTests; 034import org.apache.hadoop.hbase.util.Bytes; 035import org.junit.jupiter.api.BeforeAll; 036import org.junit.jupiter.api.Tag; 037import org.junit.jupiter.api.Test; 038 039@Tag(MiscTests.TAG) 040@Tag(SmallTests.TAG) 041public class TestKeyStoreKeyProvider { 042 043 static final HBaseCommonTestingUtil TEST_UTIL = new HBaseCommonTestingUtil(); 044 static final String ALIAS = "test"; 045 static final String PASSWORD = "password"; 046 047 static byte[] KEY; 048 static File storeFile; 049 static File passwordFile; 050 051 @BeforeAll 052 public static void setUp() throws Exception { 053 KEY = MessageDigest.getInstance("SHA-256").digest(Bytes.toBytes(ALIAS)); 054 // Create a JKECS store containing a test secret key 055 KeyStore store = KeyStore.getInstance("JCEKS"); 056 store.load(null, PASSWORD.toCharArray()); 057 store.setEntry(ALIAS, new KeyStore.SecretKeyEntry(new SecretKeySpec(KEY, "AES")), 058 new KeyStore.PasswordProtection(PASSWORD.toCharArray())); 059 // Create the test directory 060 String dataDir = TEST_UTIL.getDataTestDir().toString(); 061 new File(dataDir).mkdirs(); 062 // Write the keystore file 063 storeFile = new File(dataDir, "keystore.jks"); 064 try (FileOutputStream os = new FileOutputStream(storeFile)) { 065 store.store(os, PASSWORD.toCharArray()); 066 } 067 // Write the password file 068 Properties p = new Properties(); 069 p.setProperty(ALIAS, PASSWORD); 070 passwordFile = new File(dataDir, "keystore.pw"); 071 try (FileOutputStream os = new FileOutputStream(passwordFile)) { 072 p.store(os, ""); 073 } 074 } 075 076 @Test 077 public void testKeyStoreKeyProviderWithPassword() throws Exception { 078 KeyProvider provider = new KeyStoreKeyProvider(); 079 provider.init("jceks://" + storeFile.toURI().getPath() + "?password=" + PASSWORD); 080 Key key = provider.getKey(ALIAS); 081 assertNotNull(key); 082 byte[] keyBytes = key.getEncoded(); 083 assertEquals(keyBytes.length, KEY.length); 084 for (int i = 0; i < KEY.length; i++) { 085 assertEquals(keyBytes[i], KEY[i]); 086 } 087 } 088 089 @Test 090 public void testKeyStoreKeyProviderWithPasswordFile() throws Exception { 091 KeyProvider provider = new KeyStoreKeyProvider(); 092 provider.init("jceks://" + storeFile.toURI().getPath() + "?passwordFile=" 093 + URLEncoder.encode(passwordFile.getAbsolutePath(), "UTF-8")); 094 Key key = provider.getKey(ALIAS); 095 assertNotNull(key); 096 byte[] keyBytes = key.getEncoded(); 097 assertEquals(keyBytes.length, KEY.length); 098 for (int i = 0; i < KEY.length; i++) { 099 assertEquals(keyBytes[i], KEY[i]); 100 } 101 } 102}