1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.regionserver;
19
20 import static org.junit.Assert.*;
21
22 import java.security.Key;
23 import java.util.ArrayList;
24 import java.util.List;
25
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.fs.Path;
28 import org.apache.hadoop.hbase.HBaseTestingUtility;
29 import org.apache.hadoop.hbase.HColumnDescriptor;
30 import org.apache.hadoop.hbase.HConstants;
31 import org.apache.hadoop.hbase.HTableDescriptor;
32 import org.apache.hadoop.hbase.testclassification.MediumTests;
33 import org.apache.hadoop.hbase.TableName;
34 import org.apache.hadoop.hbase.client.HTable;
35 import org.apache.hadoop.hbase.client.Put;
36 import org.apache.hadoop.hbase.client.Table;
37 import org.apache.hadoop.hbase.io.crypto.Encryption;
38 import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
39 import org.apache.hadoop.hbase.io.hfile.CacheConfig;
40 import org.apache.hadoop.hbase.io.hfile.HFile;
41 import org.apache.hadoop.hbase.util.Bytes;
42
43 import org.junit.AfterClass;
44 import org.junit.BeforeClass;
45 import org.junit.Test;
46 import org.junit.experimental.categories.Category;
47
48 @Category(MediumTests.class)
49 public class TestEncryptionRandomKeying {
50 private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
51 private static Configuration conf = TEST_UTIL.getConfiguration();
52 private static HTableDescriptor htd;
53
54 private static List<Path> findStorefilePaths(TableName tableName) throws Exception {
55 List<Path> paths = new ArrayList<Path>();
56 for (HRegion region:
57 TEST_UTIL.getRSForFirstRegionInTable(tableName).getOnlineRegions(htd.getTableName())) {
58 for (Store store: region.getStores().values()) {
59 for (StoreFile storefile: store.getStorefiles()) {
60 paths.add(storefile.getPath());
61 }
62 }
63 }
64 return paths;
65 }
66
67 private static byte[] extractHFileKey(Path path) throws Exception {
68 HFile.Reader reader = HFile.createReader(TEST_UTIL.getTestFileSystem(), path,
69 new CacheConfig(conf), conf);
70 try {
71 reader.loadFileInfo();
72 Encryption.Context cryptoContext = reader.getFileContext().getEncryptionContext();
73 assertNotNull("Reader has a null crypto context", cryptoContext);
74 Key key = cryptoContext.getKey();
75 if (key == null) {
76 return null;
77 }
78 return key.getEncoded();
79 } finally {
80 reader.close();
81 }
82 }
83
84 @BeforeClass
85 public static void setUp() throws Exception {
86 conf.setInt("hfile.format.version", 3);
87 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
88 conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
89
90
91
92 htd = new HTableDescriptor(TableName.valueOf("default", "TestEncryptionRandomKeying"));
93 HColumnDescriptor hcd = new HColumnDescriptor("cf");
94 String algorithm =
95 conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
96 hcd.setEncryptionType(algorithm);
97 htd.addFamily(hcd);
98
99
100 TEST_UTIL.startMiniCluster(1);
101
102
103 TEST_UTIL.getHBaseAdmin().createTable(htd);
104 TEST_UTIL.waitTableAvailable(htd.getName(), 5000);
105
106
107 Table table = new HTable(conf, htd.getTableName());
108 try {
109 table.put(new Put(Bytes.toBytes("testrow"))
110 .add(hcd.getName(), Bytes.toBytes("q"), Bytes.toBytes("value")));
111 } finally {
112 table.close();
113 }
114 TEST_UTIL.getHBaseAdmin().flush(htd.getTableName());
115 }
116
117 @AfterClass
118 public static void tearDown() throws Exception {
119 TEST_UTIL.shutdownMiniCluster();
120 }
121
122 @Test
123 public void testRandomKeying() throws Exception {
124
125 final List<Path> initialPaths = findStorefilePaths(htd.getTableName());
126 assertTrue(initialPaths.size() > 0);
127 for (Path path: initialPaths) {
128 assertNotNull("Store file " + path + " is not encrypted", extractHFileKey(path));
129 }
130 }
131
132 }