You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2015/02/18 20:43:18 UTC
[2/4] hbase git commit: HBASE-13002 Make encryption cipher
configurable
HBASE-13002 Make encryption cipher configurable
Signed-off-by: Andrew Purtell <ap...@apache.org>
Conflicts:
hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/90c239db
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/90c239db
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/90c239db
Branch: refs/heads/branch-1.0
Commit: 90c239db0a9f91c3d47cfea66b5a126e6bd832ff
Parents: 53a1154
Author: Ashish Singhi <as...@huawei.com>
Authored: Wed Feb 18 11:42:21 2015 -0800
Committer: Andrew Purtell <ap...@apache.org>
Committed: Wed Feb 18 11:42:21 2015 -0800
----------------------------------------------------------------------
.../hadoop/hbase/security/EncryptionUtil.java | 20 +++++++------
.../hbase/security/TestEncryptionUtil.java | 4 ++-
.../org/apache/hadoop/hbase/HConstants.java | 10 +++++++
.../hadoop/hbase/io/crypto/Encryption.java | 31 +++++++++++++++++---
.../hbase/io/crypto/TestCipherProvider.java | 8 +++--
.../hadoop/hbase/io/crypto/TestEncryption.java | 7 +++--
.../hadoop/hbase/regionserver/HStore.java | 4 +--
.../wal/SecureProtobufLogWriter.java | 5 ++--
.../hbase/io/hfile/TestHFileEncryption.java | 4 ++-
.../regionserver/TestEncryptionKeyRotation.java | 14 ++++++---
.../TestEncryptionRandomKeying.java | 4 ++-
.../hadoop/hbase/util/TestEncryptionTest.java | 6 ++--
.../hbase/util/TestHBaseFsckEncryption.java | 6 ++--
13 files changed, 89 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
index f446c66..485388e 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
@@ -63,8 +63,7 @@ public class EncryptionUtil {
/**
* Protect a key by encrypting it with the secret key of the given subject.
- * The configuration must be set up correctly for key alias resolution. Keys
- * are always wrapped using AES.
+ * The configuration must be set up correctly for key alias resolution.
* @param conf configuration
* @param subject subject key alias
* @param key the key
@@ -72,10 +71,12 @@ public class EncryptionUtil {
*/
public static byte[] wrapKey(Configuration conf, String subject, Key key)
throws IOException {
- // Wrap the key with AES
- Cipher cipher = Encryption.getCipher(conf, "AES");
+ // Wrap the key with the configured encryption algorithm.
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ Cipher cipher = Encryption.getCipher(conf, algorithm);
if (cipher == null) {
- throw new RuntimeException("Cipher 'AES' not available");
+ throw new RuntimeException("Cipher '" + algorithm + "' not available");
}
EncryptionProtos.WrappedKey.Builder builder = EncryptionProtos.WrappedKey.newBuilder();
builder.setAlgorithm(key.getAlgorithm());
@@ -100,8 +101,7 @@ public class EncryptionUtil {
/**
* Unwrap a key by decrypting it with the secret key of the given subject.
- * The configuration must be set up correctly for key alias resolution. Keys
- * are always unwrapped using AES.
+ * The configuration must be set up correctly for key alias resolution.
* @param conf configuration
* @param subject subject key alias
* @param value the encrypted key bytes
@@ -113,9 +113,11 @@ public class EncryptionUtil {
throws IOException, KeyException {
EncryptionProtos.WrappedKey wrappedKey = EncryptionProtos.WrappedKey.PARSER
.parseDelimitedFrom(new ByteArrayInputStream(value));
- Cipher cipher = Encryption.getCipher(conf, "AES");
+ String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY,
+ HConstants.CIPHER_AES);
+ Cipher cipher = Encryption.getCipher(conf, algorithm);
if (cipher == null) {
- throw new RuntimeException("Algorithm 'AES' not available");
+ throw new RuntimeException("Cipher '" + algorithm + "' not available");
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] iv = wrappedKey.hasIv() ? wrappedKey.getIv().toByteArray() : null;
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java b/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
index e5e7b78..7aea5d9 100644
--- a/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
+++ b/hbase-client/src/test/java/org/apache/hadoop/hbase/security/TestEncryptionUtil.java
@@ -47,7 +47,9 @@ public class TestEncryptionUtil {
// generate a test key
byte[] keyBytes = new byte[AES.KEY_LENGTH];
new SecureRandom().nextBytes(keyBytes);
- Key key = new SecretKeySpec(keyBytes, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ Key key = new SecretKeySpec(keyBytes, algorithm);
// wrap the test key
byte[] wrappedKeyBytes = EncryptionUtil.wrapKey(conf, "hbase", key);
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
index b50b6d5..c93218e 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java
@@ -1017,6 +1017,9 @@ public final class HConstants {
public static final long NO_NONCE = 0;
+ /** Default cipher for encryption */
+ public static final String CIPHER_AES = "AES";
+
/** Configuration key for the crypto algorithm provider, a class name */
public static final String CRYPTO_CIPHERPROVIDER_CONF_KEY = "hbase.crypto.cipherprovider";
@@ -1040,6 +1043,13 @@ public final class HConstants {
/** Configuration key for the name of the master WAL encryption key for the cluster, a string */
public static final String CRYPTO_WAL_KEY_NAME_CONF_KEY = "hbase.crypto.wal.key.name";
+ /** Configuration key for the algorithm used for creating jks key, a string */
+ public static final String CRYPTO_KEY_ALGORITHM_CONF_KEY = "hbase.crypto.key.algorithm";
+
+ /** Configuration key for the name of the alternate cipher algorithm for the cluster, a string */
+ public static final String CRYPTO_ALTERNATE_KEY_ALGORITHM_CONF_KEY =
+ "hbase.crypto.alternate.key.algorithm";
+
/** Configuration key for enabling WAL encryption, a boolean */
public static final String ENABLE_WAL_ENCRYPTION = "hbase.regionserver.wal.encryption";
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
index 9c20f3b..2e6a7c9 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
@@ -469,9 +469,8 @@ public final class Encryption {
* @param iv the initialization vector, can be null
* @throws IOException
*/
- public static void decryptWithSubjectKey(OutputStream out, InputStream in,
- int outLen, String subject, Configuration conf, Cipher cipher,
- byte[] iv) throws IOException {
+ public static void decryptWithSubjectKey(OutputStream out, InputStream in, int outLen,
+ String subject, Configuration conf, Cipher cipher, byte[] iv) throws IOException {
Key key = getSecretKeyForSubject(subject, conf);
if (key == null) {
throw new IOException("No key found for subject '" + subject + "'");
@@ -479,7 +478,31 @@ public final class Encryption {
Decryptor d = cipher.getDecryptor();
d.setKey(key);
d.setIv(iv); // can be null
- decrypt(out, in, outLen, d);
+ try {
+ decrypt(out, in, outLen, d);
+ } catch (IOException e) {
+ // If the current cipher algorithm fails to unwrap, try the alternate cipher algorithm, if one
+ // is configured
+ String alternateAlgorithm = conf.get(HConstants.CRYPTO_ALTERNATE_KEY_ALGORITHM_CONF_KEY);
+ if (alternateAlgorithm != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Unable to decrypt data with current cipher algorithm '"
+ + conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES)
+ + "'. Trying with the alternate cipher algorithm '" + alternateAlgorithm
+ + "' configured.");
+ }
+ Cipher alterCipher = Encryption.getCipher(conf, alternateAlgorithm);
+ if (alterCipher == null) {
+ throw new RuntimeException("Cipher '" + alternateAlgorithm + "' not available");
+ }
+ d = alterCipher.getDecryptor();
+ d.setKey(key);
+ d.setIv(iv); // can be null
+ decrypt(out, in, outLen, d);
+ } else {
+ throw new IOException(e);
+ }
+ }
}
private static ClassLoader getClassLoaderForClass(Class<?> c) {
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
index 126d7f6..95f8ba1 100644
--- a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
+++ b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestCipherProvider.java
@@ -140,11 +140,13 @@ public class TestCipherProvider {
Configuration conf = HBaseConfiguration.create();
CipherProvider provider = Encryption.getCipherProvider(conf);
assertTrue(provider instanceof DefaultCipherProvider);
- assertTrue(Arrays.asList(provider.getSupportedCiphers()).contains("AES"));
- Cipher a = Encryption.getCipher(conf, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ assertTrue(Arrays.asList(provider.getSupportedCiphers()).contains(algorithm));
+ Cipher a = Encryption.getCipher(conf, algorithm);
assertNotNull(a);
assertTrue(a.getProvider() instanceof DefaultCipherProvider);
- assertEquals(a.getName(), "AES");
+ assertEquals(a.getName(), algorithm);
assertEquals(a.getKeyLength(), AES.KEY_LENGTH);
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
index d9e51c1..e31ab49 100644
--- a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
+++ b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/TestEncryption.java
@@ -28,6 +28,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
+import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.Test;
@@ -87,8 +88,10 @@ public class TestEncryption {
LOG.info("checkTransformSymmetry: AES, plaintext length = " + plaintext.length);
Configuration conf = HBaseConfiguration.create();
- Cipher aes = Encryption.getCipher(conf, "AES");
- Key key = new SecretKeySpec(keyBytes, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ Cipher aes = Encryption.getCipher(conf, algorithm);
+ Key key = new SecretKeySpec(keyBytes, algorithm);
Encryptor e = aes.getEncryptor();
e.setKey(key);
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
index 6a65038..8179499 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java
@@ -316,7 +316,7 @@ public class HStore implements Store {
// Use the algorithm the key wants
cipher = Encryption.getCipher(conf, key.getAlgorithm());
if (cipher == null) {
- throw new RuntimeException("Cipher '" + cipher + "' is not available");
+ throw new RuntimeException("Cipher '" + key.getAlgorithm() + "' is not available");
}
// Fail if misconfigured
// We use the encryption type specified in the column schema as a sanity check on
@@ -330,7 +330,7 @@ public class HStore implements Store {
// Family does not provide key material, create a random key
cipher = Encryption.getCipher(conf, cipherName);
if (cipher == null) {
- throw new RuntimeException("Cipher '" + cipher + "' is not available");
+ throw new RuntimeException("Cipher '" + cipherName + "' is not available");
}
key = cipher.getRandomKey();
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
index e850485..c352770 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/SecureProtobufLogWriter.java
@@ -43,8 +43,6 @@ import org.apache.hadoop.hbase.security.User;
public class SecureProtobufLogWriter extends ProtobufLogWriter {
private static final Log LOG = LogFactory.getLog(SecureProtobufLogWriter.class);
- private static final String DEFAULT_CIPHER = "AES";
-
private Encryptor encryptor = null;
@Override
@@ -56,7 +54,8 @@ public class SecureProtobufLogWriter extends ProtobufLogWriter {
EncryptionTest.testCipherProvider(conf);
// Get an instance of our cipher
- final String cipherName = conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, DEFAULT_CIPHER);
+ final String cipherName =
+ conf.get(HConstants.CRYPTO_WAL_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
Cipher cipher = Encryption.getCipher(conf, cipherName);
if (cipher == null) {
throw new RuntimeException("Cipher '" + cipherName + "' is not available");
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
index bf6770b..2379df5 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/io/hfile/TestHFileEncryption.java
@@ -69,7 +69,9 @@ public class TestHFileEncryption {
fs = FileSystem.get(conf);
cryptoContext = Encryption.newContext(conf);
- Cipher aes = Encryption.getCipher(conf, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ Cipher aes = Encryption.getCipher(conf, algorithm);
assertNotNull(aes);
cryptoContext.setCipher(aes);
byte[] key = new byte[aes.getKeyLength()];
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
index 44daaed..a025c97 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionKeyRotation.java
@@ -66,9 +66,11 @@ public class TestEncryptionKeyRotation {
SecureRandom rng = new SecureRandom();
byte[] keyBytes = new byte[AES.KEY_LENGTH];
rng.nextBytes(keyBytes);
- initialCFKey = new SecretKeySpec(keyBytes, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ initialCFKey = new SecretKeySpec(keyBytes, algorithm);
rng.nextBytes(keyBytes);
- secondCFKey = new SecretKeySpec(keyBytes, "AES");
+ secondCFKey = new SecretKeySpec(keyBytes, algorithm);
}
@BeforeClass
@@ -94,7 +96,9 @@ public class TestEncryptionKeyRotation {
HTableDescriptor htd = new HTableDescriptor(TableName.valueOf("default",
"testCFKeyRotation"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
- hcd.setEncryptionType("AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ hcd.setEncryptionType(algorithm);
hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, "hbase", initialCFKey));
htd.addFamily(hcd);
@@ -153,7 +157,9 @@ public class TestEncryptionKeyRotation {
HTableDescriptor htd = new HTableDescriptor(TableName.valueOf("default",
"testMasterKeyRotation"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
- hcd.setEncryptionType("AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ hcd.setEncryptionType(algorithm);
hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf, "hbase", initialCFKey));
htd.addFamily(hcd);
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
index 46d05a8..2b2a134 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/TestEncryptionRandomKeying.java
@@ -91,7 +91,9 @@ public class TestEncryptionRandomKeying {
// Specify an encryption algorithm without a key
htd = new HTableDescriptor(TableName.valueOf("default", "TestEncryptionRandomKeying"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
- hcd.setEncryptionType("AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ hcd.setEncryptionType(algorithm);
htd.addFamily(hcd);
// Start the minicluster
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
index f42bb2e..cf9dbee 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestEncryptionTest.java
@@ -74,10 +74,12 @@ public class TestEncryptionTest {
public void testTestCipher() {
Configuration conf = HBaseConfiguration.create();
conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
try {
- EncryptionTest.testEncryption(conf, "AES", null);
+ EncryptionTest.testEncryption(conf, algorithm, null);
} catch (Exception e) {
- fail("Test for cipher AES should have succeeded");
+ fail("Test for cipher " + algorithm + " should have succeeded");
}
try {
EncryptionTest.testEncryption(conf, "foobar", null);
http://git-wip-us.apache.org/repos/asf/hbase/blob/90c239db/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
index cd8c885..3332c0f 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/TestHBaseFsckEncryption.java
@@ -77,7 +77,9 @@ public class TestHBaseFsckEncryption {
SecureRandom rng = new SecureRandom();
byte[] keyBytes = new byte[AES.KEY_LENGTH];
rng.nextBytes(keyBytes);
- cfKey = new SecretKeySpec(keyBytes, "AES");
+ String algorithm =
+ conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
+ cfKey = new SecretKeySpec(keyBytes,algorithm);
// Start the minicluster
TEST_UTIL.startMiniCluster(3);
@@ -85,7 +87,7 @@ public class TestHBaseFsckEncryption {
// Create the table
htd = new HTableDescriptor(TableName.valueOf("default", "TestHBaseFsckEncryption"));
HColumnDescriptor hcd = new HColumnDescriptor("cf");
- hcd.setEncryptionType("AES");
+ hcd.setEncryptionType(algorithm);
hcd.setEncryptionKey(EncryptionUtil.wrapKey(conf,
conf.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, User.getCurrent().getShortName()),
cfKey));