1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security;
19
20 import static org.junit.Assert.*;
21
22 import java.security.Key;
23 import java.security.KeyException;
24 import java.security.SecureRandom;
25
26 import javax.crypto.spec.SecretKeySpec;
27
28 import org.apache.hadoop.conf.Configuration;
29 import org.apache.hadoop.hbase.HConstants;
30 import org.apache.hadoop.hbase.testclassification.SmallTests;
31 import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
32 import org.apache.hadoop.hbase.io.crypto.aes.AES;
33 import org.apache.hadoop.hbase.util.Bytes;
34
35 import org.junit.Test;
36 import org.junit.experimental.categories.Category;
37
38 @Category(SmallTests.class)
39 public class TestEncryptionUtil {
40
41 @Test
42 public void testKeyWrapping() throws Exception {
43
44 Configuration conf = new Configuration();
45 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
46
47
48 byte[] keyBytes = new byte[AES.KEY_LENGTH];
49 new SecureRandom().nextBytes(keyBytes);
50 Key key = new SecretKeySpec(keyBytes, "AES");
51
52
53 byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
54 assertNotNull(wrappedKeyBytes);
55
56
57 Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
58 assertNotNull(unwrappedKey);
59
60 assertTrue(unwrappedKey instanceof SecretKeySpec);
61
62 assertTrue("Unwrapped key bytes do not match original",
63 Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
64
65
66 try {
67 EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);
68 fail("Unwrap with incorrect key did not throw KeyException");
69 } catch (KeyException e) {
70
71 }
72 }
73
74 }