From 686bbabb47ca12c184b4dd0a7c2e89ae06a5a1e7 Mon Sep 17 00:00:00 2001 From: jintao zhu <105690440+zhujt20@users.noreply.github.com> Date: Mon, 2 Dec 2024 10:05:11 +0800 Subject: [PATCH] modify encrypt type (#311) * modify encrypt type format * make key effective * change default type --------- Co-authored-by: zhujt --- .../tsfile/common/conf/TSFileConfig.java | 9 ++-- .../apache/tsfile/encrypt/EncryptUtils.java | 43 +++++++++++-------- .../org/apache/tsfile/encrypt/IDecryptor.java | 26 +++-------- .../org/apache/tsfile/encrypt/IEncrypt.java | 2 + .../org/apache/tsfile/encrypt/IEncryptor.java | 26 +++-------- .../org/apache/tsfile/write/TsFileWriter.java | 2 +- .../encrypt/AES128TsFileReadWriteTest.java | 2 +- 7 files changed, 46 insertions(+), 64 deletions(-) diff --git a/java/tsfile/src/main/java/org/apache/tsfile/common/conf/TSFileConfig.java b/java/tsfile/src/main/java/org/apache/tsfile/common/conf/TSFileConfig.java index eeef8345d..99a71589a 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/common/conf/TSFileConfig.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/common/conf/TSFileConfig.java @@ -161,11 +161,8 @@ public class TSFileConfig implements Serializable { /** encryptKey, this should be 16 bytes String. */ private String encryptKey = "abcdefghijklmnop"; - /** - * default encryptType is "org.apache.tsfile.encrypt.UNENCRYPTED", TsFile supports UNENCRYPTED or - * AES128. - */ - private String encryptType = "org.apache.tsfile.encrypt.UNENCRYPTED"; + /** default encryptType is "UNENCRYPTED", TsFile supports UNENCRYPTED or AES128. */ + private String encryptType = "UNENCRYPTED"; /** Line count threshold for checking page memory occupied size. */ private int pageCheckSizeThreshold = 100; @@ -275,6 +272,8 @@ public void setEncryptKeyFromPath(String encryptKeyPath) { return; } this.encryptKey = EncryptUtils.getEncryptKeyFromPath(encryptKeyPath); + EncryptUtils.encryptParam = EncryptUtils.getEncryptParameter(); + EncryptUtils.normalKeyStr = EncryptUtils.getNormalKeyStr(); } public int getGroupSizeInByte() { diff --git a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/EncryptUtils.java b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/EncryptUtils.java index cae1ecac2..4d70646bf 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/EncryptUtils.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/EncryptUtils.java @@ -21,6 +21,7 @@ import org.apache.tsfile.common.conf.TSFileConfig; import org.apache.tsfile.common.conf.TSFileDescriptor; import org.apache.tsfile.exception.encrypt.EncryptException; +import org.apache.tsfile.exception.encrypt.EncryptKeyLengthNotMatchException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,10 +39,25 @@ public class EncryptUtils { private static final String defaultKey = "abcdefghijklmnop"; + private static final String encryptClassPrefix = "org.apache.tsfile.encrypt."; + public static String normalKeyStr = getNormalKeyStr(); public static EncryptParameter encryptParam = getEncryptParameter(); + public static String getEncryptClass(String encryptType) { + String classNameRegex = "^(\\p{Alpha}\\w*)(\\.\\p{Alpha}\\w+)+$"; + if (IEncrypt.encryptTypeToClassMap.containsKey(encryptType)) { + return IEncrypt.encryptTypeToClassMap.get(encryptType); + } else if (encryptType.matches(classNameRegex)) { + IEncrypt.encryptTypeToClassMap.put(encryptType, encryptType); + return encryptType; + } else { + IEncrypt.encryptTypeToClassMap.put(encryptType, encryptClassPrefix + encryptType); + return encryptClassPrefix + encryptType; + } + } + public static String getEncryptKeyFromPath(String path) { if (path == null) { logger.error("encrypt key path is null, use the default key"); @@ -63,6 +79,9 @@ public static String getEncryptKeyFromPath(String path) { sb.append("\n").append(line); } } + if (sb.toString().length() != 16) { + throw new EncryptKeyLengthNotMatchException(16, sb.toString().length()); + } return sb.toString(); } catch (IOException e) { throw new EncryptException("Read main encrypt key error", e); @@ -117,7 +136,7 @@ public static String getNormalKeyStr() { return str; } catch (Exception e) { throw new EncryptException( - "SHA-256 function not found while using SHA-256 to generate data key"); + "SHA-256 function not found while using SHA-256 to generate data key", e); } } @@ -178,13 +197,14 @@ public static IEncrypt getEncrypt() { public static IEncrypt getEncrypt(String encryptType, byte[] dataEncryptKey) { try { - if (IEncrypt.encryptMap.containsKey(encryptType)) { - return ((IEncrypt) IEncrypt.encryptMap.get(encryptType).newInstance(dataEncryptKey)); + String className = getEncryptClass(encryptType); + if (IEncrypt.encryptMap.containsKey(className)) { + return ((IEncrypt) IEncrypt.encryptMap.get(className).newInstance(dataEncryptKey)); } - Class encryptTypeClass = Class.forName(encryptType); + Class encryptTypeClass = Class.forName(className); java.lang.reflect.Constructor constructor = encryptTypeClass.getDeclaredConstructor(byte[].class); - IEncrypt.encryptMap.put(encryptType, constructor); + IEncrypt.encryptMap.put(className, constructor); return ((IEncrypt) constructor.newInstance(dataEncryptKey)); } catch (ClassNotFoundException e) { throw new EncryptException("Get encryptor class failed: " + encryptType, e); @@ -213,18 +233,7 @@ public static IEncrypt getEncrypt(TSFileConfig conf) { encryptType = "org.apache.tsfile.encrypt.UNENCRYPTED"; dataEncryptKey = null; } - try { - Class encryptTypeClass = Class.forName(encryptType); - java.lang.reflect.Constructor constructor = - encryptTypeClass.getDeclaredConstructor(byte[].class); - return ((IEncrypt) constructor.newInstance(dataEncryptKey)); - } catch (ClassNotFoundException e) { - throw new EncryptException("Get encryptor class failed: " + encryptType, e); - } catch (NoSuchMethodException e) { - throw new EncryptException("Get constructor for encryptor failed: " + encryptType, e); - } catch (InvocationTargetException | InstantiationException | IllegalAccessException e) { - throw new EncryptException("New encryptor instance failed: " + encryptType, e); - } + return getEncrypt(encryptType, dataEncryptKey); } public static byte[] getSecondKeyFromStr(String str) { diff --git a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IDecryptor.java b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IDecryptor.java index 36b908971..bdf90b92a 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IDecryptor.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IDecryptor.java @@ -34,13 +34,14 @@ public interface IDecryptor { static IDecryptor getDecryptor(String type, byte[] key) { try { - if (IEncrypt.encryptMap.containsKey(type)) { - return ((IEncrypt) IEncrypt.encryptMap.get(type).newInstance(key)).getDecryptor(); + String className = EncryptUtils.getEncryptClass(type); + if (IEncrypt.encryptMap.containsKey(className)) { + return ((IEncrypt) IEncrypt.encryptMap.get(className).newInstance(key)).getDecryptor(); } - Class encryptClass = Class.forName(type); + Class encryptClass = Class.forName(className); java.lang.reflect.Constructor constructor = encryptClass.getDeclaredConstructor(byte[].class); - IEncrypt.encryptMap.put(type, constructor); + IEncrypt.encryptMap.put(className, constructor); return ((IEncrypt) constructor.newInstance(key)).getDecryptor(); } catch (ClassNotFoundException e) { throw new EncryptException("Get decryptor class failed: " + type, e); @@ -54,22 +55,7 @@ static IDecryptor getDecryptor(String type, byte[] key) { static IDecryptor getDecryptor(EncryptParameter encryptParam) { String type = encryptParam.getType(); byte[] key = encryptParam.getKey(); - try { - if (IEncrypt.encryptMap.containsKey(type)) { - return ((IEncrypt) IEncrypt.encryptMap.get(type).newInstance(key)).getDecryptor(); - } - Class encryptClass = Class.forName(type); - java.lang.reflect.Constructor constructor = - encryptClass.getDeclaredConstructor(byte[].class); - IEncrypt.encryptMap.put(type, constructor); - return ((IEncrypt) constructor.newInstance(key)).getDecryptor(); - } catch (ClassNotFoundException e) { - throw new EncryptException("Get decryptor class failed: " + type, e); - } catch (NoSuchMethodException e) { - throw new EncryptException("Get constructor for decryptor failed: " + type, e); - } catch (InvocationTargetException | InstantiationException | IllegalAccessException e) { - throw new EncryptException("New decryptor instance failed: " + type, e); - } + return getDecryptor(type, key); } byte[] decrypt(byte[] data); diff --git a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncrypt.java b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncrypt.java index 24b691d28..0ea6bbef7 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncrypt.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncrypt.java @@ -25,6 +25,8 @@ public interface IEncrypt { static ConcurrentHashMap> encryptMap = new ConcurrentHashMap<>(); + static ConcurrentHashMap encryptTypeToClassMap = new ConcurrentHashMap<>(); + IDecryptor getDecryptor(); IEncryptor getEncryptor(); diff --git a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncryptor.java b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncryptor.java index b80d25794..4fa63fd18 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncryptor.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/encrypt/IEncryptor.java @@ -34,13 +34,14 @@ public interface IEncryptor { static IEncryptor getEncryptor(String type, byte[] key) { try { - if (IEncrypt.encryptMap.containsKey(type)) { - return ((IEncrypt) IEncrypt.encryptMap.get(type).newInstance(key)).getEncryptor(); + String className = EncryptUtils.getEncryptClass(type); + if (IEncrypt.encryptMap.containsKey(className)) { + return ((IEncrypt) IEncrypt.encryptMap.get(className).newInstance(key)).getEncryptor(); } - Class encryptClass = Class.forName(type); + Class encryptClass = Class.forName(className); java.lang.reflect.Constructor constructor = encryptClass.getDeclaredConstructor(byte[].class); - IEncrypt.encryptMap.put(type, constructor); + IEncrypt.encryptMap.put(className, constructor); return ((IEncrypt) constructor.newInstance(key)).getEncryptor(); } catch (ClassNotFoundException e) { throw new EncryptException("Get encryptor class failed: " + type, e); @@ -54,22 +55,7 @@ static IEncryptor getEncryptor(String type, byte[] key) { static IEncryptor getEncryptor(EncryptParameter encryptParam) { String type = encryptParam.getType(); byte[] key = encryptParam.getKey(); - try { - if (IEncrypt.encryptMap.containsKey(type)) { - return ((IEncrypt) IEncrypt.encryptMap.get(type).newInstance(key)).getEncryptor(); - } - Class encryptClass = Class.forName(type); - java.lang.reflect.Constructor constructor = - encryptClass.getDeclaredConstructor(byte[].class); - IEncrypt.encryptMap.put(type, constructor); - return ((IEncrypt) constructor.newInstance(key)).getEncryptor(); - } catch (ClassNotFoundException e) { - throw new EncryptException("Get encryptor class failed: " + type, e); - } catch (NoSuchMethodException e) { - throw new EncryptException("Get constructor for encryptor failed: " + type, e); - } catch (InvocationTargetException | InstantiationException | IllegalAccessException e) { - throw new EncryptException("New encryptor instance failed: " + type, e); - } + return getEncryptor(type, key); } byte[] encrypt(byte[] data); diff --git a/java/tsfile/src/main/java/org/apache/tsfile/write/TsFileWriter.java b/java/tsfile/src/main/java/org/apache/tsfile/write/TsFileWriter.java index 20a38078a..a8aae2708 100644 --- a/java/tsfile/src/main/java/org/apache/tsfile/write/TsFileWriter.java +++ b/java/tsfile/src/main/java/org/apache/tsfile/write/TsFileWriter.java @@ -202,7 +202,7 @@ protected TsFileWriter(TsFileIOWriter fileWriter, Schema schema, TSFileConfig co .encrypt(dataEncryptKey); } catch (Exception e) { throw new EncryptException( - "SHA-256 function not found while using SHA-256 to generate data key"); + "SHA-256 function not found while using SHA-256 to generate data key", e); } } else { encryptLevel = "0"; diff --git a/java/tsfile/src/test/java/org/apache/tsfile/encrypt/AES128TsFileReadWriteTest.java b/java/tsfile/src/test/java/org/apache/tsfile/encrypt/AES128TsFileReadWriteTest.java index a9e9d16dc..f11c376d3 100644 --- a/java/tsfile/src/test/java/org/apache/tsfile/encrypt/AES128TsFileReadWriteTest.java +++ b/java/tsfile/src/test/java/org/apache/tsfile/encrypt/AES128TsFileReadWriteTest.java @@ -66,7 +66,7 @@ public class AES128TsFileReadWriteTest { @Before public void setUp() { conf.setEncryptFlag("true"); - conf.setEncryptType("org.apache.tsfile.encrypt.AES128"); + conf.setEncryptType("AES128"); conf.setEncryptKey("thisisourtestkey"); f = new File(path); if (f.exists()) {