From 523ea300fd1b8c6c04c916ccd53151f39fa78e3d Mon Sep 17 00:00:00 2001 From: Anu Engineer Date: Tue, 1 Oct 2019 22:24:53 -0700 Subject: [PATCH 1/2] HDDS-2226. S3 Secrets should use a strong RNG. --- .../src/main/java/org/apache/hadoop/ozone/OmUtils.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java index ded99fe77fa61..2554dc8e0d55e 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java @@ -30,6 +30,7 @@ import java.nio.file.Paths; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.Collection; import java.util.Collections; import java.util.Optional; @@ -73,6 +74,9 @@ */ public final class OmUtils { public static final Logger LOG = LoggerFactory.getLogger(OmUtils.class); + private static final SecureRandom srand = new SecureRandom(); + private static byte [] randomBytes = new byte[32]; + private OmUtils() { } @@ -274,9 +278,9 @@ public static byte[] getMD5Digest(String input) throws IOException { public static byte[] getSHADigest() throws IOException { try { + srand.nextBytes(randomBytes); MessageDigest sha = MessageDigest.getInstance(OzoneConsts.FILE_HASH); - return sha.digest(RandomStringUtils.random(32) - .getBytes(StandardCharsets.UTF_8)); + return sha.digest(randomBytes); } catch (NoSuchAlgorithmException ex) { throw new IOException("Error creating an instance of SHA-256 digest.\n" + "This could possibly indicate a faulty JRE"); From 39b15662e2b0f5eb963aa8c1a8882dbf20ac7c78 Mon Sep 17 00:00:00 2001 From: Anu Engineer Date: Wed, 2 Oct 2019 11:25:31 -0700 Subject: [PATCH 2/2] Fix checkstyle issues. --- .../src/main/java/org/apache/hadoop/ozone/OmUtils.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java index 2554dc8e0d55e..5b47506704110 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OmUtils.java @@ -40,7 +40,6 @@ import org.apache.commons.compress.archivers.tar.TarArchiveEntry; import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; import org.apache.commons.compress.utils.IOUtils; -import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hdds.scm.HddsServerUtil; @@ -74,9 +73,8 @@ */ public final class OmUtils { public static final Logger LOG = LoggerFactory.getLogger(OmUtils.class); - private static final SecureRandom srand = new SecureRandom(); - private static byte [] randomBytes = new byte[32]; - + private static final SecureRandom SRAND = new SecureRandom(); + private static byte[] randomBytes = new byte[32]; private OmUtils() { } @@ -278,7 +276,7 @@ public static byte[] getMD5Digest(String input) throws IOException { public static byte[] getSHADigest() throws IOException { try { - srand.nextBytes(randomBytes); + SRAND.nextBytes(randomBytes); MessageDigest sha = MessageDigest.getInstance(OzoneConsts.FILE_HASH); return sha.digest(randomBytes); } catch (NoSuchAlgorithmException ex) {