1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.regionserver;
19
20 import static org.junit.Assert.*;
21
22 import java.security.Key;
23 import java.util.ArrayList;
24 import java.util.List;
25
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.fs.Path;
28 import org.apache.hadoop.hbase.HBaseTestingUtility;
29 import org.apache.hadoop.hbase.HColumnDescriptor;
30 import org.apache.hadoop.hbase.HConstants;
31 import org.apache.hadoop.hbase.HTableDescriptor;
32 import org.apache.hadoop.hbase.MediumTests;
33 import org.apache.hadoop.hbase.TableName;
34 import org.apache.hadoop.hbase.client.HTable;
35 import org.apache.hadoop.hbase.client.Put;
36 import org.apache.hadoop.hbase.io.crypto.Encryption;
37 import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
38 import org.apache.hadoop.hbase.io.hfile.CacheConfig;
39 import org.apache.hadoop.hbase.io.hfile.HFile;
40 import org.apache.hadoop.hbase.util.Bytes;
41
42 import org.junit.AfterClass;
43 import org.junit.BeforeClass;
44 import org.junit.Test;
45 import org.junit.experimental.categories.Category;
46
47 @Category(MediumTests.class)
48 public class TestEncryptionRandomKeying {
49 private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
50 private static Configuration conf = TEST_UTIL.getConfiguration();
51 private static HTableDescriptor htd;
52
53 private static List<Path> findStorefilePaths(byte[] tableName) throws Exception {
54 List<Path> paths = new ArrayList<Path>();
55 for (HRegion region:
56 TEST_UTIL.getRSForFirstRegionInTable(tableName).getOnlineRegions(htd.getTableName())) {
57 for (Store store: region.getStores().values()) {
58 for (StoreFile storefile: store.getStorefiles()) {
59 paths.add(storefile.getPath());
60 }
61 }
62 }
63 return paths;
64 }
65
66 private static byte[] extractHFileKey(Path path) throws Exception {
67 HFile.Reader reader = HFile.createReader(TEST_UTIL.getTestFileSystem(), path,
68 new CacheConfig(conf), conf);
69 try {
70 reader.loadFileInfo();
71 Encryption.Context cryptoContext = reader.getFileContext().getEncryptionContext();
72 assertNotNull("Reader has a null crypto context", cryptoContext);
73 Key key = cryptoContext.getKey();
74 if (key == null) {
75 return null;
76 }
77 return key.getEncoded();
78 } finally {
79 reader.close();
80 }
81 }
82
83 @BeforeClass
84 public static void setUp() throws Exception {
85 conf.setInt("hfile.format.version", 3);
86 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
87 conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
88
89
90
91 htd = new HTableDescriptor(TableName.valueOf("default", "TestEncryptionRandomKeying"));
92 HColumnDescriptor hcd = new HColumnDescriptor("cf");
93 hcd.setEncryptionType("AES");
94 htd.addFamily(hcd);
95
96
97 TEST_UTIL.startMiniCluster(1);
98
99
100 TEST_UTIL.getHBaseAdmin().createTable(htd);
101 TEST_UTIL.waitTableAvailable(htd.getName(), 5000);
102
103
104 HTable table = new HTable(conf, htd.getName());
105 try {
106 table.put(new Put(Bytes.toBytes("testrow"))
107 .add(hcd.getName(), Bytes.toBytes("q"), Bytes.toBytes("value")));
108 } finally {
109 table.close();
110 }
111 TEST_UTIL.getHBaseAdmin().flush(htd.getName());
112 }
113
114 @AfterClass
115 public static void tearDown() throws Exception {
116 TEST_UTIL.shutdownMiniCluster();
117 }
118
119 @Test
120 public void testRandomKeying() throws Exception {
121
122 final List<Path> initialPaths = findStorefilePaths(htd.getName());
123 assertTrue(initialPaths.size() > 0);
124 for (Path path: initialPaths) {
125 assertNotNull("Store file " + path + " is not encrypted", extractHFileKey(path));
126 }
127 }
128
129 }