001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotNull;
022
023import java.io.File;
024import java.io.FileOutputStream;
025import java.net.URLEncoder;
026import java.security.Key;
027import java.security.KeyStore;
028import java.security.MessageDigest;
029import java.util.Properties;
030import javax.crypto.spec.SecretKeySpec;
031import org.apache.hadoop.hbase.HBaseClassTestRule;
032import org.apache.hadoop.hbase.HBaseCommonTestingUtil;
033import org.apache.hadoop.hbase.testclassification.MiscTests;
034import org.apache.hadoop.hbase.testclassification.SmallTests;
035import org.apache.hadoop.hbase.util.Bytes;
036import org.junit.BeforeClass;
037import org.junit.ClassRule;
038import org.junit.Test;
039import org.junit.experimental.categories.Category;
040
041@Category({ MiscTests.class, SmallTests.class })
042public class TestKeyStoreKeyProvider {
043
044  @ClassRule
045  public static final HBaseClassTestRule CLASS_RULE =
046    HBaseClassTestRule.forClass(TestKeyStoreKeyProvider.class);
047
048  static final HBaseCommonTestingUtil TEST_UTIL = new HBaseCommonTestingUtil();
049  static final String ALIAS = "test";
050  static final String PASSWORD = "password";
051
052  static byte[] KEY;
053  static File storeFile;
054  static File passwordFile;
055
056  @BeforeClass
057  public static void setUp() throws Exception {
058    KEY = MessageDigest.getInstance("SHA-256").digest(Bytes.toBytes(ALIAS));
059    // Create a JKECS store containing a test secret key
060    KeyStore store = KeyStore.getInstance("JCEKS");
061    store.load(null, PASSWORD.toCharArray());
062    store.setEntry(ALIAS, new KeyStore.SecretKeyEntry(new SecretKeySpec(KEY, "AES")),
063      new KeyStore.PasswordProtection(PASSWORD.toCharArray()));
064    // Create the test directory
065    String dataDir = TEST_UTIL.getDataTestDir().toString();
066    new File(dataDir).mkdirs();
067    // Write the keystore file
068    storeFile = new File(dataDir, "keystore.jks");
069    FileOutputStream os = new FileOutputStream(storeFile);
070    try {
071      store.store(os, PASSWORD.toCharArray());
072    } finally {
073      os.close();
074    }
075    // Write the password file
076    Properties p = new Properties();
077    p.setProperty(ALIAS, PASSWORD);
078    passwordFile = new File(dataDir, "keystore.pw");
079    os = new FileOutputStream(passwordFile);
080    try {
081      p.store(os, "");
082    } finally {
083      os.close();
084    }
085  }
086
087  @Test
088  public void testKeyStoreKeyProviderWithPassword() throws Exception {
089    KeyProvider provider = new KeyStoreKeyProvider();
090    provider.init("jceks://" + storeFile.toURI().getPath() + "?password=" + PASSWORD);
091    Key key = provider.getKey(ALIAS);
092    assertNotNull(key);
093    byte[] keyBytes = key.getEncoded();
094    assertEquals(keyBytes.length, KEY.length);
095    for (int i = 0; i < KEY.length; i++) {
096      assertEquals(keyBytes[i], KEY[i]);
097    }
098  }
099
100  @Test
101  public void testKeyStoreKeyProviderWithPasswordFile() throws Exception {
102    KeyProvider provider = new KeyStoreKeyProvider();
103    provider.init("jceks://" + storeFile.toURI().getPath() + "?passwordFile="
104      + URLEncoder.encode(passwordFile.getAbsolutePath(), "UTF-8"));
105    Key key = provider.getKey(ALIAS);
106    assertNotNull(key);
107    byte[] keyBytes = key.getEncoded();
108    assertEquals(keyBytes.length, KEY.length);
109    for (int i = 0; i < KEY.length; i++) {
110      assertEquals(keyBytes[i], KEY[i]);
111    }
112  }
113}