Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11711

Provide a default value for AES/CTR/NoPadding CryptoCodec classes

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: None
    • Labels:
      None
    • Target Version/s:

      Description

      Users can configure the desired class to use for a given codec via a property like hadoop.security.crypto.codec.classes.aes.ctr.nopadding. However, even though we provide a default value for this codec in core-default.xml, this default is not also done in the code.

      As a result, client deployments that do not include core-default.xml cannot resolve any codecs, and get an NPE.

      1. hadoop-11711.001.patch
        8 kB
        Andrew Wang
      2. hadoop-11711.002.patch
        8 kB
        Andrew Wang

        Activity

        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #131 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/131/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #131 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/131/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #122 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/122/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #122 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/122/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk #2063 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2063/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2063 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2063/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk #2081 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2081/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #2081 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2081/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Hadoop-Yarn-trunk #865 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/865/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Hadoop-Yarn-trunk #865 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/865/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #131 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/131/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #131 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/131/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #7315 (See https://builds.apache.org/job/Hadoop-trunk-Commit/7315/)
        HADOOP-11711. Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1)

        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java
        • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #7315 (See https://builds.apache.org/job/Hadoop-trunk-Commit/7315/ ) HADOOP-11711 . Provide a default value for AES/CTR/NoPadding CryptoCodec classes. (wang: rev 387f271c81f7b3bf53bddc5368d5f4486530c2e1) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithJceAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsForLocalFS.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoCodec.java
        Hide
        andrew.wang Andrew Wang added a comment -

        Committed to trunk and branch-2, thanks again Yi for reviewing!

        Show
        andrew.wang Andrew Wang added a comment - Committed to trunk and branch-2, thanks again Yi for reviewing!
        Hide
        hadoopqa Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12704345/hadoop-11711.002.patch
        against trunk revision 8212877.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified test files.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 javadoc. There were no new javadoc warning messages.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/5933//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/5933//console

        This message is automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12704345/hadoop-11711.002.patch against trunk revision 8212877. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 3 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/5933//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/5933//console This message is automatically generated.
        Hide
        hitliuyi Yi Liu added a comment -

        +1, Thanks Andrew!

        Show
        hitliuyi Yi Liu added a comment - +1, Thanks Andrew!
        Hide
        andrew.wang Andrew Wang added a comment -

        Good point Yi, this patch fixes your comment. Thanks for reviewing!

        Show
        andrew.wang Andrew Wang added a comment - Good point Yi, this patch fixes your comment. Thanks for reviewing!
        Hide
        hadoopqa Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12704324/hadoop-11711.001.patch
        against trunk revision 8212877.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified test files.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 javadoc. There were no new javadoc warning messages.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/5931//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/5931//console

        This message is automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12704324/hadoop-11711.001.patch against trunk revision 8212877. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 3 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/5931//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/5931//console This message is automatically generated.
        Hide
        hitliuyi Yi Liu added a comment -

        Thanks Andrew Wang for the patch, it looks good to me, +1 pending Jenkins.
        I find a really small nit in the test, it would be better if you could address:

        public static final String
              HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_AES_CTR_NOPADDING_KEY =
              HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX
                  + CipherSuite.AES_CTR_NOPADDING.getConfigSuffix();
        

        In CommonConfigurationKeysPublic.java, HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_AES_CTR_NOPADDING_KEY is defined, we could use it in TestCryptoStreamsWithJceAesCtrCryptoCodec.java and TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java instead of constructing the string again.

        Show
        hitliuyi Yi Liu added a comment - Thanks Andrew Wang for the patch, it looks good to me, +1 pending Jenkins. I find a really small nit in the test, it would be better if you could address: public static final String HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_AES_CTR_NOPADDING_KEY = HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + CipherSuite.AES_CTR_NOPADDING.getConfigSuffix(); In CommonConfigurationKeysPublic.java , HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_AES_CTR_NOPADDING_KEY is defined, we could use it in TestCryptoStreamsWithJceAesCtrCryptoCodec.java and TestCryptoStreamsWithOpensslAesCtrCryptoCodec.java instead of constructing the string again.
        Hide
        andrew.wang Andrew Wang added a comment -

        Patch attached. This is tested by TestCryptoStreamsForLocalFS, since it passes false when creating the Configuration and no longer explicitly sets the config option.

        I also cleaned up the Openssl/Jce test, by setting then asserting that the expecting codec is found.

        Show
        andrew.wang Andrew Wang added a comment - Patch attached. This is tested by TestCryptoStreamsForLocalFS , since it passes false when creating the Configuration and no longer explicitly sets the config option. I also cleaned up the Openssl/Jce test, by setting then asserting that the expecting codec is found.

          People

          • Assignee:
            andrew.wang Andrew Wang
            Reporter:
            andrew.wang Andrew Wang
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development