[jira] [Commented] (HADOOP-19152) Do not hard code security providers.

ASF GitHub Bot (Jira) Fri, 26 Apr 2024 06:24:03 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-19152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17841234#comment-17841234
 ]


ASF GitHub Bot commented on HADOOP-19152:
-----------------------------------------

steveloughran commented on code in PR #6739:
URL: https://github.com/apache/hadoop/pull/6739#discussion_r1581033141


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoUtils.java:
##########
@@ -55,15 +58,18 @@ public static String getJceProvider(Configuration conf) {
         
CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_AUTO_ADD_KEY,
         
CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_AUTO_ADD_DEFAULT);
 
-    // For backward compatible, auto-add BOUNCY_CASTLE_PROVIDER_CLASS.
-    if (autoAdd && !provider.isEmpty()) {
+    // For backward compatible, auto-add BOUNCY_CASTLE_PROVIDER_CLASS when the 
provider is "BC".
+    if (autoAdd && PROVIDER_NAME.equals(provider)) {
       try {
         // Use reflection in order to avoid statically loading the class.
         final Class<?> clazz = Class.forName(BOUNCY_CASTLE_PROVIDER_CLASS);
-        final Field provider_name = clazz.getField("PROVIDER_NAME");
-        if (provider.equals(provider_name.get(null))) {
+        final Field providerName = clazz.getField("PROVIDER_NAME");

Review Comment:
   I dont think this is needed any more. If it is, use the constant 
`PROVIDER_NAME_FIELD`, but really, given we know what string we are looking 
for, no need to ask for the field or check it again



##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CryptoUtils.java:
##########
@@ -40,6 +41,8 @@ public class CryptoUtils {
       = "org.bouncycastle.jce.provider.BouncyCastleProvider";
   private static final String PROVIDER_NAME_FIELD = "PROVIDER_NAME";
 
+  static final String PROVIDER_NAME = "BC";

Review Comment:
   make private add a javadoc, and give it a name like 
BOUNCY_CASTLE_PROVIDER_NAME





> Do not hard code security providers.
> ------------------------------------
>
>                 Key: HADOOP-19152
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19152
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>              Labels: pull-request-available
>
> In order to support different security providers in different clusters, we 
> should not hard code a provider in our code.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-19152) Do not hard code security providers.

Reply via email to