This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new a46abbc [SPARK-38756][CORE][DOCS] Clean up unused security
configuration items in `TransportConf`
a46abbc is described below
commit a46abbc18d1874148f97b3035c553ffee8494811
Author: yangjie01 <yangji...@baidu.com>
AuthorDate: Sat Apr 2 11:40:39 2022 -0500
[SPARK-38756][CORE][DOCS] Clean up unused security configuration items in
`TransportConf`
### What changes were proposed in this pull request?
There are some configuration items in `TransportConf` already unused after
[Update Spark key negotiation
protocol](https://github.com/apache/spark/commit/3b0dd14f1c5dd033ad0a6295baa288eda9dfe10a)
- `spark.network.crypto.keyFactoryAlgorithm`
- `spark.network.crypto.keyLength`
- `spark.network.crypto.ivLength`
- `spark.network.crypto.keyAlgorithm`
so this pr clean up these configuration items from `TransportConf`, `
security.md` and relevant UT `AuthEngineSuite`
### Why are the changes needed?
Clean up unused security configuration items.
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Pass GA
Closes #36035 from LuciferYang/unused-security-config.
Authored-by: yangjie01 <yangji...@baidu.com>
Signed-off-by: Sean Owen <sro...@gmail.com>
---
.../apache/spark/network/util/TransportConf.java | 41 ----------------------
.../spark/network/crypto/AuthEngineSuite.java | 15 --------
docs/security.md | 17 ---------
3 files changed, 73 deletions(-)
diff --git
a/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java
b/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java
index f73e3ce..57bd494 100644
---
a/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java
+++
b/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java
@@ -220,47 +220,6 @@ public class TransportConf {
}
/**
- * The key generation algorithm. This should be an algorithm that accepts a
"PBEKeySpec"
- * as input. The default value (PBKDF2WithHmacSHA1) is available in Java 7.
- */
- public String keyFactoryAlgorithm() {
- return conf.get("spark.network.crypto.keyFactoryAlgorithm",
"PBKDF2WithHmacSHA1");
- }
-
- /**
- * How many iterations to run when generating keys.
- *
- * See some discussion about this at:
http://security.stackexchange.com/q/3959
- * The default value was picked for speed, since it assumes that the secret
has good entropy
- * (128 bits by default), which is not generally the case with user
passwords.
- */
- public int keyFactoryIterations() {
- return conf.getInt("spark.network.crypto.keyFactoryIterations", 1024);
- }
-
- /**
- * Encryption key length, in bits.
- */
- public int encryptionKeyLength() {
- return conf.getInt("spark.network.crypto.keyLength", 128);
- }
-
- /**
- * Initial vector length, in bytes.
- */
- public int ivLength() {
- return conf.getInt("spark.network.crypto.ivLength", 16);
- }
-
- /**
- * The algorithm for generated secret keys. Nobody should really need to
change this,
- * but configurable just in case.
- */
- public String keyAlgorithm() {
- return conf.get("spark.network.crypto.keyAlgorithm", "AES");
- }
-
- /**
* Whether to fall back to SASL if the new auth protocol fails. Enabled by
default for
* backwards compatibility.
*/
diff --git
a/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java
b/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java
index 33a8ce2..22dbdc7 100644
---
a/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java
+++
b/common/network-common/src/test/java/org/apache/spark/network/crypto/AuthEngineSuite.java
@@ -20,10 +20,8 @@ package org.apache.spark.network.crypto;
import java.nio.ByteBuffer;
import java.nio.channels.WritableByteChannel;
import java.security.GeneralSecurityException;
-import java.util.Map;
import java.util.Random;
-import com.google.common.collect.ImmutableMap;
import com.google.crypto.tink.subtle.Hex;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
@@ -188,19 +186,6 @@ public class AuthEngineSuite {
}
}
- @Test(expected = AssertionError.class)
- public void testBadKeySize() throws Exception {
- Map<String, String> mconf =
ImmutableMap.of("spark.network.crypto.keyLength", "42");
- TransportConf conf = new TransportConf("rpc", new
MapConfigProvider(mconf));
-
- try (AuthEngine engine = new AuthEngine("appId", "secret", conf)) {
- engine.challenge();
- fail("Should have failed to create challenge message.");
- // Call close explicitly to make sure it's idempotent.
- engine.close();
- }
- }
-
@Test
public void testEncryptedMessage() throws Exception {
try (AuthEngine client = new AuthEngine("appId", "secret", conf);
diff --git a/docs/security.md b/docs/security.md
index a75ca82..b0bf562 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -156,23 +156,6 @@ The following table describes the different options
available for configuring th
<td>2.2.0</td>
</tr>
<tr>
- <td><code>spark.network.crypto.keyLength</code></td>
- <td>128</td>
- <td>
- The length in bits of the encryption key to generate. Valid values are
128, 192 and 256.
- </td>
- <td>2.2.0</td>
-</tr>
-<tr>
- <td><code>spark.network.crypto.keyFactoryAlgorithm</code></td>
- <td>PBKDF2WithHmacSHA1</td>
- <td>
- The key factory algorithm to use when generating encryption keys. Should
be one of the
- algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE
being used.
- </td>
- <td>2.2.0</td>
-</tr>
-<tr>
<td><code>spark.network.crypto.config.*</code></td>
<td>None</td>
<td>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
