Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14246

Authentication Tokens should use SecureRandom instead of Random and 256 bit secrets

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha4
    • Component/s: security
    • Labels:
      None

      Description

      RandomSignerSecretProvider and ZKSignerSecretProvider currently use a long generated by Random (which is then converted to a String and is 160 bits) for secrets.

      We should improve this to use 256 bit secrets generated by SecureRandom.

        Activity

        Hide
        rkanter Robert Kanter added a comment - - edited

        The 001 patch:

        • Changes Random to SecureRanom in RandomSignerSecretProvider and ZKSignerSecretProvider. Unit tests continue to use Random because we need to be able to predict the RNG to verify in the tests and SecureRandom ignores the seed on linux platforms.
        • Changes the length of the secret from 160 bits (a Long converted to a String) to 256 bits in RandomSignerSecretProvider and ZKSignerSecretProvider. We luckily store the length of the secret in the data written to ZooKeeper, so there's no compatibility problems changing the length of the secret.
        • Added a unit test to for changing the length of the secret
        • Reduced execution time of TestRandomSignerSecretProvuder from ~50 seconds to less than 1 second by mocking the rollover scheduling like we already did in TestZKSignerSecretProvider

        I've also verified that this works in an actual cluster.

        Show
        rkanter Robert Kanter added a comment - - edited The 001 patch: Changes Random to SecureRanom in RandomSignerSecretProvider and ZKSignerSecretProvider . Unit tests continue to use Random because we need to be able to predict the RNG to verify in the tests and SecureRandom ignores the seed on linux platforms. Changes the length of the secret from 160 bits (a Long converted to a String) to 256 bits in RandomSignerSecretProvider and ZKSignerSecretProvider . We luckily store the length of the secret in the data written to ZooKeeper, so there's no compatibility problems changing the length of the secret. Added a unit test to for changing the length of the secret Reduced execution time of TestRandomSignerSecretProvuder from ~50 seconds to less than 1 second by mocking the rollover scheduling like we already did in TestZKSignerSecretProvider I've also verified that this works in an actual cluster.
        Hide
        hadoopqa Hadoop QA added a comment -
        +1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 14s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 test4tests 0m 0s The patch appears to include 2 new or modified test files.
        +1 mvninstall 11m 54s trunk passed
        +1 compile 15m 44s trunk passed
        +1 checkstyle 0m 16s trunk passed
        +1 mvnsite 0m 19s trunk passed
        +1 mvneclipse 0m 13s trunk passed
        +1 findbugs 0m 24s trunk passed
        +1 javadoc 0m 13s trunk passed
        +1 mvninstall 0m 13s the patch passed
        +1 compile 13m 44s the patch passed
        +1 javac 13m 44s the patch passed
        -0 checkstyle 0m 15s hadoop-common-project/hadoop-auth: The patch generated 1 new + 37 unchanged - 4 fixed = 38 total (was 41)
        +1 mvnsite 0m 18s the patch passed
        +1 mvneclipse 0m 15s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 0m 30s the patch passed
        +1 javadoc 0m 15s the patch passed
        +1 unit 2m 38s hadoop-auth in the patch passed.
        +1 asflicense 0m 25s The patch does not generate ASF License warnings.
        49m 59s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HADOOP-14246
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12860695/HADOOP-14246.001.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux cf3b377a02d5 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / db2adf3
        Default Java 1.8.0_121
        findbugs v3.0.0
        checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-auth.txt
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/testReport/
        modules C: hadoop-common-project/hadoop-auth U: hadoop-common-project/hadoop-auth
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 14s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 2 new or modified test files. +1 mvninstall 11m 54s trunk passed +1 compile 15m 44s trunk passed +1 checkstyle 0m 16s trunk passed +1 mvnsite 0m 19s trunk passed +1 mvneclipse 0m 13s trunk passed +1 findbugs 0m 24s trunk passed +1 javadoc 0m 13s trunk passed +1 mvninstall 0m 13s the patch passed +1 compile 13m 44s the patch passed +1 javac 13m 44s the patch passed -0 checkstyle 0m 15s hadoop-common-project/hadoop-auth: The patch generated 1 new + 37 unchanged - 4 fixed = 38 total (was 41) +1 mvnsite 0m 18s the patch passed +1 mvneclipse 0m 15s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 0m 30s the patch passed +1 javadoc 0m 15s the patch passed +1 unit 2m 38s hadoop-auth in the patch passed. +1 asflicense 0m 25s The patch does not generate ASF License warnings. 49m 59s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HADOOP-14246 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12860695/HADOOP-14246.001.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux cf3b377a02d5 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / db2adf3 Default Java 1.8.0_121 findbugs v3.0.0 checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-auth.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/testReport/ modules C: hadoop-common-project/hadoop-auth U: hadoop-common-project/hadoop-auth Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11941/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        yufeigu Yufei Gu added a comment -

        Thanks Robert Kanter for working on this. LGTM. +1 (non-binding)

        Show
        yufeigu Yufei Gu added a comment - Thanks Robert Kanter for working on this. LGTM. +1 (non-binding)
        Hide
        templedf Daniel Templeton added a comment -

        Changes look good. Thanks for testing the upgrade path. This is a good thing to fix, and you've covered all the bases, but I have a bad feeling that something will break with this change. Only one way to find out, though. +1 from me. I'll let this one sit a little while before I commit so that folks have a chance to comment.

        Show
        templedf Daniel Templeton added a comment - Changes look good. Thanks for testing the upgrade path. This is a good thing to fix, and you've covered all the bases, but I have a bad feeling that something will break with this change. Only one way to find out, though. +1 from me. I'll let this one sit a little while before I commit so that folks have a chance to comment.
        Hide
        rkanter Robert Kanter added a comment -

        I did some more playing around with this, and it turns out we've actually been using variable length secrets this whole time. The old code

        Long.toString(rand.nextLong()).getBytes(Charset.forName("UTF-8"));
        

        varies in length. It seems to usually be 20 bytes (160 bits) but I've also seen it be 19 bytes (152 bits).
        So it turns out we've been testing this for a long time

        Show
        rkanter Robert Kanter added a comment - I did some more playing around with this, and it turns out we've actually been using variable length secrets this whole time. The old code Long .toString(rand.nextLong()).getBytes(Charset.forName( "UTF-8" )); varies in length. It seems to usually be 20 bytes (160 bits) but I've also seen it be 19 bytes (152 bits). So it turns out we've been testing this for a long time
        Hide
        templedf Daniel Templeton added a comment -

        Thanks for the patch, Robert Kanter, and for the review, Yufei Gu. Committed to trunk and branch-2.

        Show
        templedf Daniel Templeton added a comment - Thanks for the patch, Robert Kanter , and for the review, Yufei Gu . Committed to trunk and branch-2.
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11578 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11578/)
        HADOOP-14246. Authentication Tokens should use SecureRandom instead of (templedf: rev 4dd6206547de8f694532579e37ba8103bafaeb12)

        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RandomSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestRandomSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11578 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11578/ ) HADOOP-14246 . Authentication Tokens should use SecureRandom instead of (templedf: rev 4dd6206547de8f694532579e37ba8103bafaeb12) (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RandomSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestRandomSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.java
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11591 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11591/)
        HADOOP-14246. Authentication Tokens should use SecureRandom instead of (templedf: rev 4dd6206547de8f694532579e37ba8103bafaeb12)

        • (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestRandomSignerSecretProvider.java
        • (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RandomSignerSecretProvider.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11591 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11591/ ) HADOOP-14246 . Authentication Tokens should use SecureRandom instead of (templedf: rev 4dd6206547de8f694532579e37ba8103bafaeb12) (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestRandomSignerSecretProvider.java (edit) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/RandomSignerSecretProvider.java

          People

          • Assignee:
            rkanter Robert Kanter
            Reporter:
            rkanter Robert Kanter
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development