Add decryption functionality to presto.

[shangxinli]

Co-authored-by: ggershinsky ggershinsky@users.noreply.github.com

Summary: This is to port parquet-mr decryption functionality. The main commits in parquet-mr for encryption/decryption are apache/parquet-java@65b95fb and several other fixes. This change only port the decryption only.

Test plan - (Please fill in how you tested your changes)

This feature was tested in the Uber environment and then rolled out to production for 2+ years.

Fill in the release notes towards the bottom of the PR description.
See Release Notes Guidelines for details.

== RELEASE NOTES ==

General Changes
* Add decryption functionality to Presto. When a Parquet file is encrypted following [Parquet Modular Encryption](https://github.com/apache/parquet-format/blob/master/Encryption.md), this change enables Presto to be able to decrypt.  

Hive Changes
* No flag is introduced. Presto-Hive was changed by adding the loading DecryptionPropertiesFactory(implemented in parquet-mr) and using it to get the file decryptor and pass it to presto-parquet.  

[shangxinli]

This is a rebased PR for #17728

[shangxinli]

@zhenxiao @beinan After rebase, the PR is finally green now. Thanks.

[zhenxiao]

@shangxinli I think mostly good. Only 2 minor issues.

[zhenxiao]

throws IOException in new line

[shangxinli]

sure

[zhenxiao]

s/dataPageAAD/dataPageAdditionalAuthenticationData/g
s/dictionaryPageAAD/dictionaryPageAdditionalAuthenticationData/g
I feel AAD is kind of hard to understand, shall we replace all AAD to Additional Authentication Data?

[shangxinli]

done

[zhenxiao]

AAD, let's replace with Additional Authentication Data

[shangxinli]

sure

[zhenxiao]

s/aad/additionalAuthenticationData/g

[shangxinli]

sure

[zhenxiao]

AAD

[shangxinli]

done

[zhenxiao]

AAD

[shangxinli]

done

[zhenxiao]

else not needed?

[shangxinli]

In case of stats == null, we will rely on encodings

[zhenxiao]

yep, the logic is needed, shall we remove:
else {
since the if statement already returns

[zhenxiao]

s/EncDecPropertiesHelper/EncryptDecryptUtil/g

[shangxinli]

sure

[kewang1024]

Haven't started reviewing the functionality, but can we

1. Fix the release note part
2. For commit message, Limit the subject line to 50 characters to ensure that they are readable (https://cbea.ms/git-commit/)

[kewang1024]

Can you squash two commits?

[shangxinli]

@kewang1024 Thanks for the review! Fixed the release notes and the commit message, and addressed the feedback.

[shangxinli]

Can you squash two commits?

Just did. Thanks.

[kewang1024]

I'm still in the process of understanding the overall logic, so my comments are mainly abut the tests

1. Can we also add an additional benchmark test for parquetReader when it has fileDecryptor?
2. I have an improvement idea on the design of class EncryptDecryptUtil
   I think it would be better to be able to pass in key information (FOOTER_KEY, FOOTER_KEY_METADATA, COL_KEY, COL_KEY_METADATA) and create a EncryptDecryptGenerator instance, which can generate a pair of FileDecryptionProperties and FileEncryptionProperties
   With this design, in the future (or in this PR) we can also test edge cases for EncryptDecryptGenerator

[kewang1024]

Can fileDecryptor be shared? and looks like no need to make it an Optional?

[shangxinli]

Shareable? yes, made it a member variable.
Optional? From a test perspective, we don't need it but the signature of readFooter() need optional.

[shangxinli]

Update: It turned out that I am wrong. The decryptor is not sharable. After I share, I got the error: 'ParquetCryptoRuntimeException: Decryptor re-use'.

[kewang1024]

Can we extract "footkey" and "col" to static final variable

Correct me if I'm wrong, my understanding is that the names have be the same for (L55, L64), (L58, L65), otherwise, the decryptor and encryptor won't match. Thus we should avoid typing them manually in tests

[shangxinli]

It is already final static, right? Not able to understand the ask.

No, we don't need them match. The encrypt and decrypt using the same key would be fine.

[shangxinli]

• Can we also add an additional benchmark test for parquetReader when it has fileDecryptor?
• I have an improvement idea on the design of class EncryptDecryptUtil
  I think it would be better to be able to pass in key information (FOOTER_KEY, FOOTER_KEY_METADATA, COL_KEY, COL_KEY_METADATA) and create a EncryptDecryptGenerator instance, which can generate a pair of FileDecryptionProperties and FileEncryptionProperties
  With this design, in the future (or in this PR) we can also test edge cases for EncryptDecryptGenerator

1. The benchmarking can be found in the blog.
2. For now I think we can test what we need. Let me know what is missing and I can add.

[kewang1024]

I have finished my review and most of my comments are regarding coding style and misleading naming; Resolving those would put us in a good state.

I'm not an expert in the parquet encryption/decryption logic, I will leave that to @zhenxiao for a final approval

[kewang1024]

same here

[shangxinli]

Sounds good

[kewang1024]

NIT: requireNonNull

[shangxinli]

Good point

[kewang1024]

This code block is shared in all those three places “DeltaPageSourceProvider”, “”, “ParquetPageSourceFactory”, “IcebergPageSourceProvider”, can we extract them to be an util function / static function in presto-parquet?

[shangxinli]

I agree. In addition to the new change now, there are a few other existing places that should do the same. I create the issue #17835 to work on this after this PR is merged. This PR is already too large.

[kewang1024]

NIT: Merge those two ifs, too many nested statements hurt code readability

[shangxinli]

Between these two diffs, we can save the .toArray() call if the first 'if' is not true. But fine, not a big deal anyway. I just merged it.

[kewang1024]

Merge all the appending commits that addressed the comments back into original commit, overall looks good to me
@zhenxiao a final approval for the decryption and encryption logic?

[kewang1024]

NIT:

this.path = requireNonNull(path, "path should not be null");
this.filePath = requireNonNull(filePath, "filePath should not be null");

[shangxinli]

Yeah, good catch!

[beinan]

lgtm, many thanks for the contribution!

[shangxinli]

Thanks for all who provided comments! I just squashed all the commits and addressed the last feedback from @kewang1024

[zhenxiao]

looks nice, @shangxinli
I am good to merge this PR
could you please fix the 2 remaining issues, and squash into 1 commit?

[zhenxiao]

shall we remove this line? @shangxinli

[zhenxiao]

yep, the logic is needed, shall we remove:
else {
since the if statement already returns

[shangxinli]

looks nice, @shangxinli I am good to merge this PR could you please fix the 2 remaining issues, and squash into 1 commit?

Fixed

[shangxinli]

Addressed the last two comments from @zhenxiao. Created a new PR #17881 for this change because resolving the conflict with HudiParquetPageSource failed. Please look at the new PR for review.