1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security;
19
20 import static org.junit.Assert.*;
21
22 import java.security.Key;
23 import java.security.KeyException;
24 import java.security.SecureRandom;
25
26 import javax.crypto.spec.SecretKeySpec;
27
28 import org.apache.hadoop.conf.Configuration;
29 import org.apache.hadoop.hbase.HConstants;
30 import org.apache.hadoop.hbase.SmallTests;
31 import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
32 import org.apache.hadoop.hbase.io.crypto.aes.AES;
33 import org.apache.hadoop.hbase.security.EncryptionUtil;
34 import org.apache.hadoop.hbase.util.Bytes;
35
36 import org.junit.Test;
37 import org.junit.experimental.categories.Category;
38
39 @Category(SmallTests.class)
40 public class TestEncryptionUtil {
41
42 @Test
43 public void testKeyWrapping() throws Exception {
44
45 Configuration conf = new Configuration();
46 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
47
48
49 byte[] keyBytes = new byte[AES.KEY_LENGTH];
50 new SecureRandom().nextBytes(keyBytes);
51 Key key = new SecretKeySpec(keyBytes, "AES");
52
53
54 byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
55 assertNotNull(wrappedKeyBytes);
56
57
58 Key unwrappedKey = EncryptionUtil.unwrapKey(conf, "hbase", wrappedKeyBytes);
59 assertNotNull(unwrappedKey);
60
61 assertTrue(unwrappedKey instanceof SecretKeySpec);
62
63 assertTrue("Unwrapped key bytes do not match original",
64 Bytes.equals(keyBytes, unwrappedKey.getEncoded()));
65
66
67 try {
68 EncryptionUtil.unwrapKey(conf, "other", wrappedKeyBytes);
69 fail("Unwrap with incorrect key did not throw KeyException");
70 } catch (KeyException e) {
71
72 }
73 }
74
75 }