org.apache.hadoop.crypto.CryptoOutputStream Java Examples

The following examples show how to use org.apache.hadoop.crypto.CryptoOutputStream. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DataTransferSaslUtil.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Create IOStreamPair of {@link org.apache.hadoop.crypto.CryptoInputStream}
 * and {@link org.apache.hadoop.crypto.CryptoOutputStream}
 * 
 * @param conf the configuration
 * @param cipherOption negotiated cipher option
 * @param out underlying output stream
 * @param in underlying input stream
 * @param isServer is server side
 * @return IOStreamPair the stream pair
 * @throws IOException for any error
 */
public static IOStreamPair createStreamPair(Configuration conf,
    CipherOption cipherOption, OutputStream out, InputStream in, 
    boolean isServer) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Creating IOStreamPair of CryptoInputStream and " +
        "CryptoOutputStream.");
  }
  CryptoCodec codec = CryptoCodec.getInstance(conf, 
      cipherOption.getCipherSuite());
  byte[] inKey = cipherOption.getInKey();
  byte[] inIv = cipherOption.getInIv();
  byte[] outKey = cipherOption.getOutKey();
  byte[] outIv = cipherOption.getOutIv();
  InputStream cIn = new CryptoInputStream(in, codec, 
      isServer ? inKey : outKey, isServer ? inIv : outIv);
  OutputStream cOut = new CryptoOutputStream(out, codec, 
      isServer ? outKey : inKey, isServer ? outIv : inIv);
  return new IOStreamPair(cIn, cOut);
}
 
Example #2
Source File: DFSClient.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Wraps the stream in a CryptoOutputStream if the underlying file is
 * encrypted.
 */
public HdfsDataOutputStream createWrappedOutputStream(DFSOutputStream dfsos,
    FileSystem.Statistics statistics, long startPos) throws IOException {
  final FileEncryptionInfo feInfo = dfsos.getFileEncryptionInfo();
  if (feInfo != null) {
    // File is encrypted, wrap the stream in a crypto stream.
    // Currently only one version, so no special logic based on the version #
    getCryptoProtocolVersion(feInfo);
    final CryptoCodec codec = getCryptoCodec(conf, feInfo);
    KeyVersion decrypted = decryptEncryptedDataEncryptionKey(feInfo);
    final CryptoOutputStream cryptoOut =
        new CryptoOutputStream(dfsos, codec,
            decrypted.getMaterial(), feInfo.getIV(), startPos);
    return new HdfsDataOutputStream(cryptoOut, statistics, startPos);
  } else {
    // No FileEncryptionInfo present so no encryption.
    return new HdfsDataOutputStream(dfsos, statistics, startPos);
  }
}
 
Example #3
Source File: DataTransferSaslUtil.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Create IOStreamPair of {@link org.apache.hadoop.crypto.CryptoInputStream}
 * and {@link org.apache.hadoop.crypto.CryptoOutputStream}
 * 
 * @param conf the configuration
 * @param cipherOption negotiated cipher option
 * @param out underlying output stream
 * @param in underlying input stream
 * @param isServer is server side
 * @return IOStreamPair the stream pair
 * @throws IOException for any error
 */
public static IOStreamPair createStreamPair(Configuration conf,
    CipherOption cipherOption, OutputStream out, InputStream in, 
    boolean isServer) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Creating IOStreamPair of CryptoInputStream and " +
        "CryptoOutputStream.");
  }
  CryptoCodec codec = CryptoCodec.getInstance(conf, 
      cipherOption.getCipherSuite());
  byte[] inKey = cipherOption.getInKey();
  byte[] inIv = cipherOption.getInIv();
  byte[] outKey = cipherOption.getOutKey();
  byte[] outIv = cipherOption.getOutIv();
  InputStream cIn = new CryptoInputStream(in, codec, 
      isServer ? inKey : outKey, isServer ? inIv : outIv);
  OutputStream cOut = new CryptoOutputStream(out, codec, 
      isServer ? outKey : inKey, isServer ? outIv : inIv);
  return new IOStreamPair(cIn, cOut);
}
 
Example #4
Source File: DFSClient.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Wraps the stream in a CryptoOutputStream if the underlying file is
 * encrypted.
 */
public HdfsDataOutputStream createWrappedOutputStream(DFSOutputStream dfsos,
    FileSystem.Statistics statistics, long startPos) throws IOException {
  final FileEncryptionInfo feInfo = dfsos.getFileEncryptionInfo();
  if (feInfo != null) {
    // File is encrypted, wrap the stream in a crypto stream.
    // Currently only one version, so no special logic based on the version #
    getCryptoProtocolVersion(feInfo);
    final CryptoCodec codec = getCryptoCodec(conf, feInfo);
    KeyVersion decrypted = decryptEncryptedDataEncryptionKey(feInfo);
    final CryptoOutputStream cryptoOut =
        new CryptoOutputStream(dfsos, codec,
            decrypted.getMaterial(), feInfo.getIV(), startPos);
    return new HdfsDataOutputStream(cryptoOut, statistics, startPos);
  } else {
    // No FileEncryptionInfo present so no encryption.
    return new HdfsDataOutputStream(dfsos, statistics, startPos);
  }
}
 
Example #5
Source File: HdfsDataOutputStream.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Sync buffered data to DataNodes (flush to disk devices).
 * 
 * @param syncFlags
 *          Indicate the detailed semantic and actions of the hsync.
 * @throws IOException
 * @see FSDataOutputStream#hsync()
 */
public void hsync(EnumSet<SyncFlag> syncFlags) throws IOException {
  OutputStream wrappedStream = getWrappedStream();
  if (wrappedStream instanceof CryptoOutputStream) {
    ((CryptoOutputStream) wrappedStream).flush();
    wrappedStream = ((CryptoOutputStream) wrappedStream).getWrappedStream();
  }
  ((DFSOutputStream) wrappedStream).hsync(syncFlags);
}
 
Example #6
Source File: HdfsDataOutputStream.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Sync buffered data to DataNodes (flush to disk devices).
 * 
 * @param syncFlags
 *          Indicate the detailed semantic and actions of the hsync.
 * @throws IOException
 * @see FSDataOutputStream#hsync()
 */
public void hsync(EnumSet<SyncFlag> syncFlags) throws IOException {
  OutputStream wrappedStream = getWrappedStream();
  if (wrappedStream instanceof CryptoOutputStream) {
    ((CryptoOutputStream) wrappedStream).flush();
    wrappedStream = ((CryptoOutputStream) wrappedStream).getWrappedStream();
  }
  ((DFSOutputStream) wrappedStream).hsync(syncFlags);
}
 
Example #7
Source File: CryptoFSDataOutputStream.java    From big-c with Apache License 2.0 4 votes vote down vote up
public CryptoFSDataOutputStream(FSDataOutputStream out, CryptoCodec codec,
    byte[] key, byte[] iv) throws IOException {
  super(new CryptoOutputStream(out, codec, key, iv, out.getPos()), 
      null, out.getPos()); 
  this.fsOut = out;
}
 
Example #8
Source File: RpcClient.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up
private OzoneOutputStream createOutputStream(OpenKeySession openKey,
    String requestId, ReplicationType type, ReplicationFactor factor)
    throws IOException {
  KeyOutputStream keyOutputStream =
      new KeyOutputStream.Builder()
          .setHandler(openKey)
          .setXceiverClientManager(xceiverClientManager)
          .setOmClient(ozoneManagerClient)
          .setChunkSize(chunkSize)
          .setRequestID(requestId)
          .setType(HddsProtos.ReplicationType.valueOf(type.toString()))
          .setFactor(HddsProtos.ReplicationFactor.valueOf(factor.getValue()))
          .setStreamBufferSize(streamBufferSize)
          .setStreamBufferFlushSize(streamBufferFlushSize)
          .setStreamBufferFlushDelay(streamBufferFlushDelay)
          .setStreamBufferMaxSize(streamBufferMaxSize)
          .setBlockSize(blockSize)
          .setChecksumType(checksumType)
          .setBytesPerChecksum(bytesPerChecksum)
          .setMaxRetryCount(maxRetryCount)
          .setRetryInterval(retryInterval)
          .build();
  keyOutputStream
      .addPreallocateBlocks(openKey.getKeyInfo().getLatestVersionLocations(),
          openKey.getOpenVersion());
  final FileEncryptionInfo feInfo = keyOutputStream.getFileEncryptionInfo();
  if (feInfo != null) {
    KeyProvider.KeyVersion decrypted = getDEK(feInfo);
    final CryptoOutputStream cryptoOut =
        new CryptoOutputStream(keyOutputStream,
            OzoneKMSUtil.getCryptoCodec(conf, feInfo),
            decrypted.getMaterial(), feInfo.getIV());
    return new OzoneOutputStream(cryptoOut);
  } else {
    try{
      GDPRSymmetricKey gk;
      Map<String, String> openKeyMetadata =
          openKey.getKeyInfo().getMetadata();
      if(Boolean.valueOf(openKeyMetadata.get(OzoneConsts.GDPR_FLAG))){
        gk = new GDPRSymmetricKey(
            openKeyMetadata.get(OzoneConsts.GDPR_SECRET),
            openKeyMetadata.get(OzoneConsts.GDPR_ALGORITHM)
        );
        gk.getCipher().init(Cipher.ENCRYPT_MODE, gk.getSecretKey());
        return new OzoneOutputStream(
            new CipherOutputStream(keyOutputStream, gk.getCipher()));
      }
    }catch (Exception ex){
      throw new IOException(ex);
    }

    return new OzoneOutputStream(keyOutputStream);
  }
}
 
Example #9
Source File: CryptoFSDataOutputStream.java    From big-c with Apache License 2.0 4 votes vote down vote up
public CryptoFSDataOutputStream(FSDataOutputStream out, CryptoCodec codec,
    int bufferSize, byte[] key, byte[] iv) throws IOException {
  super(new CryptoOutputStream(out, codec, bufferSize, key, iv, 
      out.getPos()), null, out.getPos()); 
  this.fsOut = out;
}
 
Example #10
Source File: HdfsDataOutputStream.java    From big-c with Apache License 2.0 4 votes vote down vote up
public HdfsDataOutputStream(CryptoOutputStream out, FileSystem.Statistics stats)
    throws IOException {
  this(out, stats, 0L);
}
 
Example #11
Source File: HdfsDataOutputStream.java    From big-c with Apache License 2.0 4 votes vote down vote up
public HdfsDataOutputStream(CryptoOutputStream out, FileSystem.Statistics stats,
    long startPosition) throws IOException {
  super(out, stats, startPosition);
  Preconditions.checkArgument(out.getWrappedStream() instanceof DFSOutputStream,
      "CryptoOutputStream should wrap a DFSOutputStream");
}
 
Example #12
Source File: CryptoFSDataOutputStream.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public CryptoFSDataOutputStream(FSDataOutputStream out, CryptoCodec codec,
    byte[] key, byte[] iv) throws IOException {
  super(new CryptoOutputStream(out, codec, key, iv, out.getPos()), 
      null, out.getPos()); 
  this.fsOut = out;
}
 
Example #13
Source File: CryptoFSDataOutputStream.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public CryptoFSDataOutputStream(FSDataOutputStream out, CryptoCodec codec,
    int bufferSize, byte[] key, byte[] iv) throws IOException {
  super(new CryptoOutputStream(out, codec, bufferSize, key, iv, 
      out.getPos()), null, out.getPos()); 
  this.fsOut = out;
}
 
Example #14
Source File: HdfsDataOutputStream.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public HdfsDataOutputStream(CryptoOutputStream out, FileSystem.Statistics stats)
    throws IOException {
  this(out, stats, 0L);
}
 
Example #15
Source File: HdfsDataOutputStream.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public HdfsDataOutputStream(CryptoOutputStream out, FileSystem.Statistics stats,
    long startPosition) throws IOException {
  super(out, stats, startPosition);
  Preconditions.checkArgument(out.getWrappedStream() instanceof DFSOutputStream,
      "CryptoOutputStream should wrap a DFSOutputStream");
}
 
Example #16
Source File: HdfsDataOutputStream.java    From big-c with Apache License 2.0 3 votes vote down vote up
/**
 * Get the actual number of replicas of the current block.
 * 
 * This can be different from the designated replication factor of the file
 * because the namenode does not maintain replication for the blocks which are
 * currently being written to. Depending on the configuration, the client may
 * continue to write to a block even if a few datanodes in the write pipeline
 * have failed, or the client may add a new datanodes once a datanode has
 * failed.
 * 
 * @return the number of valid replicas of the current block
 */
public synchronized int getCurrentBlockReplication() throws IOException {
  OutputStream wrappedStream = getWrappedStream();
  if (wrappedStream instanceof CryptoOutputStream) {
    wrappedStream = ((CryptoOutputStream) wrappedStream).getWrappedStream();
  }
  return ((DFSOutputStream) wrappedStream).getCurrentBlockReplication();
}
 
Example #17
Source File: HdfsDataOutputStream.java    From hadoop with Apache License 2.0 3 votes vote down vote up
/**
 * Get the actual number of replicas of the current block.
 * 
 * This can be different from the designated replication factor of the file
 * because the namenode does not maintain replication for the blocks which are
 * currently being written to. Depending on the configuration, the client may
 * continue to write to a block even if a few datanodes in the write pipeline
 * have failed, or the client may add a new datanodes once a datanode has
 * failed.
 * 
 * @return the number of valid replicas of the current block
 */
public synchronized int getCurrentBlockReplication() throws IOException {
  OutputStream wrappedStream = getWrappedStream();
  if (wrappedStream instanceof CryptoOutputStream) {
    wrappedStream = ((CryptoOutputStream) wrappedStream).getWrappedStream();
  }
  return ((DFSOutputStream) wrappedStream).getCurrentBlockReplication();
}