1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.io.hfile;
19
20 import static org.junit.Assert.assertEquals;
21 import static org.junit.Assert.assertFalse;
22 import static org.junit.Assert.assertNotNull;
23 import static org.junit.Assert.assertTrue;
24 import static org.junit.Assert.fail;
25
26 import java.io.DataInputStream;
27 import java.io.DataOutputStream;
28 import java.io.IOException;
29 import java.security.SecureRandom;
30 import java.util.List;
31 import java.util.UUID;
32
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
35 import org.apache.hadoop.conf.Configuration;
36 import org.apache.hadoop.fs.FSDataInputStream;
37 import org.apache.hadoop.fs.FSDataOutputStream;
38 import org.apache.hadoop.fs.FileSystem;
39 import org.apache.hadoop.fs.Path;
40 import org.apache.hadoop.hbase.Cell;
41 import org.apache.hadoop.hbase.HBaseTestingUtility;
42 import org.apache.hadoop.hbase.HConstants;
43 import org.apache.hadoop.hbase.KeyValue;
44 import org.apache.hadoop.hbase.KeyValueUtil;
45 import org.apache.hadoop.hbase.testclassification.SmallTests;
46 import org.apache.hadoop.hbase.io.compress.Compression;
47 import org.apache.hadoop.hbase.io.crypto.Cipher;
48 import org.apache.hadoop.hbase.io.crypto.Encryption;
49 import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
50 import org.apache.hadoop.hbase.io.encoding.DataBlockEncoding;
51 import org.apache.hadoop.hbase.util.Bytes;
52 import org.apache.hadoop.hbase.util.test.RedundantKVGenerator;
53 import org.junit.BeforeClass;
54 import org.junit.Test;
55 import org.junit.experimental.categories.Category;
56
57 import static org.junit.Assert.*;
58
59 @Category(SmallTests.class)
60 public class TestHFileEncryption {
61 private static final Log LOG = LogFactory.getLog(TestHFileEncryption.class);
62 private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
63 private static final SecureRandom RNG = new SecureRandom();
64
65 private static FileSystem fs;
66 private static Encryption.Context cryptoContext;
67
68 @BeforeClass
69 public static void setUp() throws Exception {
70 Configuration conf = TEST_UTIL.getConfiguration();
71 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
72 conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
73 conf.setInt("hfile.format.version", 3);
74
75 fs = FileSystem.get(conf);
76
77 cryptoContext = Encryption.newContext(conf);
78 String algorithm =
79 conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
80 Cipher aes = Encryption.getCipher(conf, algorithm);
81 assertNotNull(aes);
82 cryptoContext.setCipher(aes);
83 byte[] key = new byte[aes.getKeyLength()];
84 RNG.nextBytes(key);
85 cryptoContext.setKey(key);
86 }
87
88 private int writeBlock(FSDataOutputStream os, HFileContext fileContext, int size)
89 throws IOException {
90 HFileBlock.Writer hbw = new HFileBlock.Writer(null, fileContext);
91 DataOutputStream dos = hbw.startWriting(BlockType.DATA);
92 for (int j = 0; j < size; j++) {
93 dos.writeInt(j);
94 }
95 hbw.writeHeaderAndData(os);
96 LOG.info("Wrote a block at " + os.getPos() + " with" +
97 " onDiskSizeWithHeader=" + hbw.getOnDiskSizeWithHeader() +
98 " uncompressedSizeWithoutHeader=" + hbw.getOnDiskSizeWithoutHeader() +
99 " uncompressedSizeWithoutHeader=" + hbw.getUncompressedSizeWithoutHeader());
100 return hbw.getOnDiskSizeWithHeader();
101 }
102
103 private long readAndVerifyBlock(long pos, HFileContext ctx, HFileBlock.FSReaderImpl hbr, int size)
104 throws IOException {
105 HFileBlock b = hbr.readBlockData(pos, -1, -1, false, false);
106 assertEquals(0, HFile.getChecksumFailuresCount());
107 b.sanityCheck();
108 assertFalse(b.isUnpacked());
109 b = b.unpack(ctx, hbr);
110 LOG.info("Read a block at " + pos + " with" +
111 " onDiskSizeWithHeader=" + b.getOnDiskSizeWithHeader() +
112 " uncompressedSizeWithoutHeader=" + b.getOnDiskSizeWithoutHeader() +
113 " uncompressedSizeWithoutHeader=" + b.getUncompressedSizeWithoutHeader());
114 DataInputStream dis = b.getByteStream();
115 for (int i = 0; i < size; i++) {
116 int read = dis.readInt();
117 if (read != i) {
118 fail("Block data corrupt at element " + i);
119 }
120 }
121 return b.getOnDiskSizeWithHeader();
122 }
123
124 @Test(timeout=20000)
125 public void testDataBlockEncryption() throws IOException {
126 final int blocks = 10;
127 final int[] blockSizes = new int[blocks];
128 for (int i = 0; i < blocks; i++) {
129 blockSizes[i] = (1024 + RNG.nextInt(1024 * 63)) / Bytes.SIZEOF_INT;
130 }
131 for (Compression.Algorithm compression : TestHFileBlock.COMPRESSION_ALGORITHMS) {
132 Path path = new Path(TEST_UTIL.getDataTestDir(), "block_v3_" + compression + "_AES");
133 LOG.info("testDataBlockEncryption: encryption=AES compression=" + compression);
134 long totalSize = 0;
135 HFileContext fileContext = new HFileContextBuilder()
136 .withCompression(compression)
137 .withEncryptionContext(cryptoContext)
138 .build();
139 FSDataOutputStream os = fs.create(path);
140 try {
141 for (int i = 0; i < blocks; i++) {
142 totalSize += writeBlock(os, fileContext, blockSizes[i]);
143 }
144 } finally {
145 os.close();
146 }
147 FSDataInputStream is = fs.open(path);
148 try {
149 HFileBlock.FSReaderImpl hbr = new HFileBlock.FSReaderImpl(is, totalSize, fileContext);
150 long pos = 0;
151 for (int i = 0; i < blocks; i++) {
152 pos += readAndVerifyBlock(pos, fileContext, hbr, blockSizes[i]);
153 }
154 } finally {
155 is.close();
156 }
157 }
158 }
159
160 @Test(timeout=20000)
161 public void testHFileEncryptionMetadata() throws Exception {
162 Configuration conf = TEST_UTIL.getConfiguration();
163 CacheConfig cacheConf = new CacheConfig(conf);
164
165 HFileContext fileContext = new HFileContextBuilder()
166 .withEncryptionContext(cryptoContext)
167 .build();
168
169
170 Path path = new Path(TEST_UTIL.getDataTestDir(), "cryptometa.hfile");
171 FSDataOutputStream out = fs.create(path);
172 HFile.Writer writer = HFile.getWriterFactory(conf, cacheConf)
173 .withOutputStream(out)
174 .withFileContext(fileContext)
175 .create();
176 KeyValue kv = new KeyValue("foo".getBytes(), "f1".getBytes(), null, "value".getBytes());
177 writer.append(kv);
178 writer.close();
179 out.close();
180
181
182 HFile.Reader reader = HFile.createReader(fs, path, cacheConf, conf);
183 reader.loadFileInfo();
184 FixedFileTrailer trailer = reader.getTrailer();
185 assertNotNull(trailer.getEncryptionKey());
186 Encryption.Context readerContext = reader.getFileContext().getEncryptionContext();
187 assertEquals(readerContext.getCipher().getName(), cryptoContext.getCipher().getName());
188 assertTrue(Bytes.equals(readerContext.getKeyBytes(),
189 cryptoContext.getKeyBytes()));
190 }
191
192 @Test(timeout=6000000)
193 public void testHFileEncryption() throws Exception {
194
195 RedundantKVGenerator generator = new RedundantKVGenerator();
196 List<KeyValue> testKvs = generator.generateTestKeyValues(1000);
197
198
199 Configuration conf = TEST_UTIL.getConfiguration();
200 CacheConfig cacheConf = new CacheConfig(conf);
201 for (DataBlockEncoding encoding: DataBlockEncoding.values()) {
202 for (Compression.Algorithm compression: TestHFileBlock.COMPRESSION_ALGORITHMS) {
203 HFileContext fileContext = new HFileContextBuilder()
204 .withBlockSize(4096)
205 .withEncryptionContext(cryptoContext)
206 .withCompression(compression)
207 .withDataBlockEncoding(encoding)
208 .build();
209
210 LOG.info("Writing with " + fileContext);
211 Path path = new Path(TEST_UTIL.getDataTestDir(), UUID.randomUUID().toString() + ".hfile");
212 FSDataOutputStream out = fs.create(path);
213 HFile.Writer writer = HFile.getWriterFactory(conf, cacheConf)
214 .withOutputStream(out)
215 .withFileContext(fileContext)
216 .create();
217 for (KeyValue kv: testKvs) {
218 writer.append(kv);
219 }
220 writer.close();
221 out.close();
222
223
224 LOG.info("Reading with " + fileContext);
225 HFile.Reader reader = HFile.createReader(fs, path, cacheConf, conf);
226 reader.loadFileInfo();
227 FixedFileTrailer trailer = reader.getTrailer();
228 assertNotNull(trailer.getEncryptionKey());
229 HFileScanner scanner = reader.getScanner(false, false);
230 assertTrue("Initial seekTo failed", scanner.seekTo());
231 int i = 0;
232 do {
233 Cell kv = scanner.getKeyValue();
234 assertTrue("Read back an unexpected or invalid KV",
235 testKvs.contains(KeyValueUtil.ensureKeyValue(kv)));
236 i++;
237 } while (scanner.next());
238 reader.close();
239
240 assertEquals("Did not read back as many KVs as written", i, testKvs.size());
241
242
243 LOG.info("Random seeking with " + fileContext);
244 reader = HFile.createReader(fs, path, cacheConf, conf);
245 scanner = reader.getScanner(false, true);
246 assertTrue("Initial seekTo failed", scanner.seekTo());
247 for (i = 0; i < 100; i++) {
248 KeyValue kv = testKvs.get(RNG.nextInt(testKvs.size()));
249 assertEquals("Unable to find KV as expected: " + kv, scanner.seekTo(kv), 0);
250 }
251 reader.close();
252 }
253 }
254 }
255
256 }