You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2017/08/16 00:21:56 UTC

[4/7] zeppelin git commit: [ZEPPELIN-2757] Enhance Authentication decrypting key generation.

[ZEPPELIN-2757] Enhance Authentication decrypting key generation.

### What is this PR for?
Enhance ```Authentication``` decrypting key generation by random ```KeyGenerator```.

### What type of PR is it?
Improvement

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2757

Author: Yanbo Liang <yb...@gmail.com>

Closes #2475 from yanboliang/zeppelin-2757 and squashes the following commits:

ccf1595c [Yanbo Liang] Use LOG.warn rather than printStackTrace.
60f04095 [Yanbo Liang] Enhance Authentication decrypting key generation.


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/fc02cdb1
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/fc02cdb1
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/fc02cdb1

Branch: refs/heads/branch-0.7
Commit: fc02cdb157fe0043fa396c44d49a4c171710483e
Parents: 465b0ba
Author: Yanbo Liang <yb...@gmail.com>
Authored: Wed Jul 19 12:11:26 2017 +0800
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Tue Aug 15 11:08:24 2017 -0700

----------------------------------------------------------------------
 .../repo/zeppelinhub/security/Authentication.java     | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/fc02cdb1/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
index 76968e4..fd5142b 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java
@@ -4,10 +4,13 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.security.Key;
+import java.security.SecureRandom;
 import java.util.Collections;
 import java.util.Map;
 
 import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -193,7 +196,16 @@ public class Authentication implements Runnable {
   }
 
   private Key generateKey() {
-    return new SecretKeySpec(toBytes(KEY), CIPHER_ALGORITHM);
+    try {
+      KeyGenerator kgen = KeyGenerator.getInstance(CIPHER_ALGORITHM);
+      kgen.init(128, new SecureRandom(toBytes(KEY)));
+      SecretKey secretKey = kgen.generateKey();
+      byte[] enCodeFormat = secretKey.getEncoded();
+      return new SecretKeySpec(enCodeFormat, CIPHER_ALGORITHM);
+    } catch (Exception e) {
+      LOG.warn("Cannot generate key for decryption", e);
+    }
+    return null;
   }
 
   private byte[] toBytes(String value) {