You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2017/08/16 00:21:56 UTC
[4/7] zeppelin git commit: [ZEPPELIN-2757] Enhance Authentication
decrypting key generation.
[ZEPPELIN-2757] Enhance Authentication decrypting key generation.
### What is this PR for?
Enhance ```Authentication``` decrypting key generation by random ```KeyGenerator```.
### What type of PR is it?
Improvement
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2757
Author: Yanbo Liang <yb...@gmail.com>
Closes #2475 from yanboliang/zeppelin-2757 and squashes the following commits:
ccf1595c [Yanbo Liang] Use LOG.warn rather than printStackTrace.
60f04095 [Yanbo Liang] Enhance Authentication decrypting key generation.
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/fc02cdb1
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/fc02cdb1
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/fc02cdb1
Branch: refs/heads/branch-0.7
Commit: fc02cdb157fe0043fa396c44d49a4c171710483e
Parents: 465b0ba
Author: Yanbo Liang <yb...@gmail.com>
Authored: Wed Jul 19 12:11:26 2017 +0800
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Tue Aug 15 11:08:24 2017 -0700
----------------------------------------------------------------------
.../repo/zeppelinhub/security/Authentication.java | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/fc02cdb1/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
index 76968e4..fd5142b 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
@@ -4,10 +4,13 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.Key;
+import java.security.SecureRandom;
import java.util.Collections;
import java.util.Map;
import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
@@ -193,7 +196,16 @@ public class Authentication implements Runnable {
}
private Key generateKey() {
- return new SecretKeySpec(toBytes(KEY), CIPHER_ALGORITHM);
+ try {
+ KeyGenerator kgen = KeyGenerator.getInstance(CIPHER_ALGORITHM);
+ kgen.init(128, new SecureRandom(toBytes(KEY)));
+ SecretKey secretKey = kgen.generateKey();
+ byte[] enCodeFormat = secretKey.getEncoded();
+ return new SecretKeySpec(enCodeFormat, CIPHER_ALGORITHM);
+ } catch (Exception e) {
+ LOG.warn("Cannot generate key for decryption", e);
+ }
+ return null;
}
private byte[] toBytes(String value) {