[
https://issues.apache.org/jira/browse/HADOOP-19152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17840562#comment-17840562
]
ASF GitHub Bot commented on HADOOP-19152:
-----------------------------------------
szetszwo commented on code in PR #6739:
URL: https://github.com/apache/hadoop/pull/6739#discussion_r1578474234
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoUtils.java:
##########
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
+import org.apache.hadoop.fs.store.LogExactlyOnce;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.reflect.Field;
+import java.security.Provider;
+import java.security.Security;
+
+/** Utility methods for the crypto related features. */
[email protected]
+public class CryptoUtils {
+ static final Logger LOG = LoggerFactory.getLogger(CryptoUtils.class);
+ private static final LogExactlyOnce LOG_FAILED_TO_LOAD_CLASS = new
LogExactlyOnce(LOG);
+ private static final LogExactlyOnce LOG_FAILED_TO_GET_FIELD = new
LogExactlyOnce(LOG);
+ private static final LogExactlyOnce LOG_FAILED_TO_ADD_PROVIDER = new
LogExactlyOnce(LOG);
+
+ private static final String BOUNCY_CASTLE_PROVIDER_CLASS
+ = "org.bouncycastle.jce.provider.BouncyCastleProvider";
+ private static final String PROVIDER_NAME_FIELD = "PROVIDER_NAME";
+
+ /**
+ * Get the security provider value specified in
+ * {@link
CommonConfigurationKeysPublic#HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY}
+ * from the given conf.
+ *
+ * @param conf the configuration
+ * @return the configured provider, if there is any; otherwise, return an
empty string.
+ */
+ public static String getJceProvider(Configuration conf) {
+ final String provider = conf.getTrimmed(
+ CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY,
"");
+ final boolean autoAdd = conf.getBoolean(
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_AUTO_ADD_KEY,
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_AUTO_ADD_DEFAULT);
+
+ // For backward compatible, auto-add BOUNCY_CASTLE_PROVIDER_CLASS.
+ if (autoAdd && !provider.isEmpty()) {
+ try {
+ // Use reflection in order to avoid statically loading the class.
+ final Class<?> clazz = Class.forName(BOUNCY_CASTLE_PROVIDER_CLASS);
Review Comment:
Sure, checking "BC" sounds good.
> Do not hard code security providers.
> ------------------------------------
>
> Key: HADOOP-19152
> URL: https://issues.apache.org/jira/browse/HADOOP-19152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Tsz-wo Sze
> Assignee: Tsz-wo Sze
> Priority: Major
> Labels: pull-request-available
>
> In order to support different security providers in different clusters, we
> should not hard code a provider in our code.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
