Java Code Examples for org.apache.hadoop.crypto.key.KeyProvider

The following examples show how to use org.apache.hadoop.crypto.key.KeyProvider. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop-ozone   Source File: OzoneKMSUtil.java    License: Apache License 2.0 6 votes vote down vote up
public static KeyProvider.KeyVersion decryptEncryptedDataEncryptionKey(
    FileEncryptionInfo feInfo, KeyProvider keyProvider) throws IOException {
  if (keyProvider == null) {
    throw new IOException("No KeyProvider is configured, " +
        "cannot access an encrypted file");
  } else {
    EncryptedKeyVersion ekv = EncryptedKeyVersion.createForDecryption(
        feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
        feInfo.getEncryptedDataEncryptionKey());

    try {
      KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
          .createKeyProviderCryptoExtension(keyProvider);
      return cryptoProvider.decryptEncryptedKey(ekv);
    } catch (GeneralSecurityException gse) {
      throw new IOException(gse);
    }
  }
}
 
Example 2
Source Project: hadoop   Source File: KeyProviderCache.java    License: Apache License 2.0 6 votes vote down vote up
public KeyProvider get(final Configuration conf) {
  URI kpURI = createKeyProviderURI(conf);
  if (kpURI == null) {
    return null;
  }
  try {
    return cache.get(kpURI, new Callable<KeyProvider>() {
      @Override
      public KeyProvider call() throws Exception {
        return DFSUtil.createKeyProvider(conf);
      }
    });
  } catch (Exception e) {
    LOG.error("Could not create KeyProvider for DFSClient !!", e.getCause());
    return null;
  }
}
 
Example 3
Source Project: hadoop   Source File: KMSClientProvider.java    License: Apache License 2.0 6 votes vote down vote up
private KeyProvider createProvider(URI providerUri, Configuration conf,
    URL origUrl, int port, String hostsPart) throws IOException {
  String[] hosts = hostsPart.split(";");
  if (hosts.length == 1) {
    return new KMSClientProvider(providerUri, conf);
  } else {
    KMSClientProvider[] providers = new KMSClientProvider[hosts.length];
    for (int i = 0; i < hosts.length; i++) {
      try {
        providers[i] =
            new KMSClientProvider(
                new URI("kms", origUrl.getProtocol(), hosts[i], port,
                    origUrl.getPath(), null, null), conf);
      } catch (URISyntaxException e) {
        throw new IOException("Could not instantiate KMSProvider..", e);
      }
    }
    return new LoadBalancingKMSClientProvider(providers, conf);
  }
}
 
Example 4
Source Project: hadoop   Source File: TestLoadBalancingKMSClientProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadBalancing() throws Exception {
  Configuration conf = new Configuration();
  KMSClientProvider p1 = mock(KMSClientProvider.class);
  when(p1.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p1", "v1", new byte[0]));
  KMSClientProvider p2 = mock(KMSClientProvider.class);
  when(p2.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p2", "v2", new byte[0]));
  KMSClientProvider p3 = mock(KMSClientProvider.class);
  when(p3.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p3", "v3", new byte[0]));
  KeyProvider kp = new LoadBalancingKMSClientProvider(
      new KMSClientProvider[] { p1, p2, p3 }, 0, conf);
  assertEquals("p1", kp.createKey("test1", new Options(conf)).getName());
  assertEquals("p2", kp.createKey("test2", new Options(conf)).getName());
  assertEquals("p3", kp.createKey("test3", new Options(conf)).getName());
  assertEquals("p1", kp.createKey("test4", new Options(conf)).getName());
}
 
Example 5
Source Project: hadoop   Source File: KMS.java    License: Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 6
Source Project: hadoop   Source File: KMS.java    License: Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 7
Source Project: hadoop   Source File: KMSServerJSONUtils.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Map toJSON(String keyName, KeyProvider.Metadata meta) {
  Map json = new LinkedHashMap();
  if (meta != null) {
    json.put(KMSRESTConstants.NAME_FIELD, keyName);
    json.put(KMSRESTConstants.CIPHER_FIELD, meta.getCipher());
    json.put(KMSRESTConstants.LENGTH_FIELD, meta.getBitLength());
    json.put(KMSRESTConstants.DESCRIPTION_FIELD, meta.getDescription());
    json.put(KMSRESTConstants.ATTRIBUTES_FIELD, meta.getAttributes());
    json.put(KMSRESTConstants.CREATED_FIELD,
        meta.getCreated().getTime());
    json.put(KMSRESTConstants.VERSIONS_FIELD,
        (long) meta.getVersions());
  }
  return json;
}
 
Example 8
Source Project: big-c   Source File: DFSClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Decrypts a EDEK by consulting the KeyProvider.
 */
private KeyVersion decryptEncryptedDataEncryptionKey(FileEncryptionInfo
    feInfo) throws IOException {
  TraceScope scope = Trace.startSpan("decryptEDEK", traceSampler);
  try {
    KeyProvider provider = getKeyProvider();
    if (provider == null) {
      throw new IOException("No KeyProvider is configured, cannot access" +
          " an encrypted file");
    }
    EncryptedKeyVersion ekv = EncryptedKeyVersion.createForDecryption(
        feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
        feInfo.getEncryptedDataEncryptionKey());
    try {
      KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
          .createKeyProviderCryptoExtension(provider);
      return cryptoProvider.decryptEncryptedKey(ekv);
    } catch (GeneralSecurityException e) {
      throw new IOException(e);
    }
  } finally {
    scope.close();
  }
}
 
Example 9
Source Project: big-c   Source File: KeyProviderCache.java    License: Apache License 2.0 6 votes vote down vote up
public KeyProviderCache(long expiryMs) {
  cache = CacheBuilder.newBuilder()
      .expireAfterAccess(expiryMs, TimeUnit.MILLISECONDS)
      .removalListener(new RemovalListener<URI, KeyProvider>() {
        @Override
        public void onRemoval(
            RemovalNotification<URI, KeyProvider> notification) {
          try {
            notification.getValue().close();
          } catch (Throwable e) {
            LOG.error(
                "Error closing KeyProvider with uri ["
                    + notification.getKey() + "]", e);
            ;
          }
        }
      })
      .build();
}
 
Example 10
Source Project: spliceengine   Source File: HDFSUtil.java    License: GNU Affero General Public License v3.0 6 votes vote down vote up
private static KeyProvider.KeyVersion decryptEncryptedDataEncryptionKey(DistributedFileSystem dfs, FileEncryptionInfo feInfo) throws IOException {
    KeyProvider provider = dfs.dfs.getKeyProvider();
    if (provider == null) {
        throw new IOException("No KeyProvider is configured, cannot access" +
                " an encrypted file");
    }
    KeyProviderCryptoExtension.EncryptedKeyVersion ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.createForDecryption(
            feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
            feInfo.getEncryptedDataEncryptionKey());
    try {
        KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
                .createKeyProviderCryptoExtension(provider);
        return cryptoProvider.decryptEncryptedKey(ekv);
    } catch (GeneralSecurityException e) {
        throw new IOException(e);
    }
}
 
Example 11
Source Project: ranger   Source File: KMSServerJSONUtils.java    License: Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public static Map toJSON(String keyName, KeyProvider.Metadata meta) {
  Map json = new LinkedHashMap();
  if (meta != null) {
    json.put(KMSRESTConstants.NAME_FIELD, keyName);
    json.put(KMSRESTConstants.CIPHER_FIELD, meta.getCipher());
    json.put(KMSRESTConstants.LENGTH_FIELD, meta.getBitLength());
    json.put(KMSRESTConstants.DESCRIPTION_FIELD, meta.getDescription());
    json.put(KMSRESTConstants.ATTRIBUTES_FIELD, meta.getAttributes());
    json.put(KMSRESTConstants.CREATED_FIELD,
        meta.getCreated().getTime());
    json.put(KMSRESTConstants.VERSIONS_FIELD,
        (long) meta.getVersions());
  }
  return json;
}
 
Example 12
public HdfsDataInputStream createWrappedInputStream(DFSInputStream dfsis)
        throws IOException {
    final FileEncryptionInfo feInfo = dfsis.getFileEncryptionInfo();
    if (feInfo != null) {
        // File is encrypted, wrap the stream in a crypto stream.
        // Currently only one version, so no special logic based on the version #
        getCryptoProtocolVersion(feInfo);
        final CryptoCodec codec = getCryptoCodec(getConfiguration(), feInfo);
        final KeyProvider.KeyVersion decrypted = decryptEncryptedDataEncryptionKey(dfsis, feInfo);
        final CryptoInputStream cryptoIn =
                new CryptoInputStream(dfsis, codec, decrypted.getMaterial(),
                        feInfo.getIV());
        return new HdfsDataInputStream(cryptoIn);
    } else {
        // No FileEncryptionInfo so no encryption.
        return new HdfsDataInputStream(dfsis);
    }
}
 
Example 13
Source Project: big-c   Source File: TestLoadBalancingKMSClientProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadBalancing() throws Exception {
  Configuration conf = new Configuration();
  KMSClientProvider p1 = mock(KMSClientProvider.class);
  when(p1.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p1", "v1", new byte[0]));
  KMSClientProvider p2 = mock(KMSClientProvider.class);
  when(p2.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p2", "v2", new byte[0]));
  KMSClientProvider p3 = mock(KMSClientProvider.class);
  when(p3.createKey(Mockito.anyString(), Mockito.any(Options.class)))
      .thenReturn(
          new KMSClientProvider.KMSKeyVersion("p3", "v3", new byte[0]));
  KeyProvider kp = new LoadBalancingKMSClientProvider(
      new KMSClientProvider[] { p1, p2, p3 }, 0, conf);
  assertEquals("p1", kp.createKey("test1", new Options(conf)).getName());
  assertEquals("p2", kp.createKey("test2", new Options(conf)).getName());
  assertEquals("p3", kp.createKey("test3", new Options(conf)).getName());
  assertEquals("p1", kp.createKey("test4", new Options(conf)).getName());
}
 
Example 14
Source Project: big-c   Source File: KMS.java    License: Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 15
Source Project: big-c   Source File: KMS.java    License: Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 16
Source Project: hadoop-ozone   Source File: OzoneFileSystem.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DelegationTokenIssuer[] getAdditionalTokenIssuers()
    throws IOException {
  KeyProvider keyProvider;
  try {
    keyProvider = getKeyProvider();
  } catch (IOException ioe) {
    LOG.debug("Error retrieving KeyProvider.", ioe);
    return null;
  }
  if (keyProvider instanceof DelegationTokenIssuer) {
    return new DelegationTokenIssuer[]{(DelegationTokenIssuer)keyProvider};
  }
  return null;
}
 
Example 17
Source Project: hadoop-ozone   Source File: OzoneFileSystem.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DelegationTokenIssuer[] getAdditionalTokenIssuers()
    throws IOException {
  KeyProvider keyProvider;
  try {
    keyProvider = getKeyProvider();
  } catch (IOException ioe) {
    LOG.debug("Error retrieving KeyProvider.", ioe);
    return null;
  }
  if (keyProvider instanceof DelegationTokenIssuer) {
    return new DelegationTokenIssuer[]{(DelegationTokenIssuer)keyProvider};
  }
  return null;
}
 
Example 18
Source Project: hadoop-ozone   Source File: RootedOzoneFileSystem.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DelegationTokenIssuer[] getAdditionalTokenIssuers()
    throws IOException {
  KeyProvider keyProvider;
  try {
    keyProvider = getKeyProvider();
  } catch (IOException ioe) {
    LOG.debug("Error retrieving KeyProvider.", ioe);
    return null;
  }
  if (keyProvider instanceof DelegationTokenIssuer) {
    return new DelegationTokenIssuer[]{(DelegationTokenIssuer)keyProvider};
  }
  return null;
}
 
Example 19
Source Project: hadoop-ozone   Source File: OzoneKMSUtil.java    License: Apache License 2.0 5 votes vote down vote up
public static KeyProvider getKeyProvider(final ConfigurationSource conf,
    final URI serverProviderUri) throws IOException{
  if (serverProviderUri == null) {
    throw new IOException("KMS serverProviderUri is not configured.");
  }
  return KMSUtil.createKeyProviderFromUri(
      LegacyHadoopConfigurationSource.asHadoopConfiguration(conf),
      serverProviderUri);
}
 
Example 20
Source Project: hadoop-ozone   Source File: RpcClient.java    License: Apache License 2.0 5 votes vote down vote up
private KeyProvider.KeyVersion getDEK(FileEncryptionInfo feInfo)
    throws IOException {
  // check crypto protocol version
  OzoneKMSUtil.checkCryptoProtocolVersion(feInfo);
  KeyProvider.KeyVersion decrypted;
  decrypted = OzoneKMSUtil.decryptEncryptedDataEncryptionKey(feInfo,
      getKeyProvider());
  return decrypted;
}
 
Example 21
Source Project: hadoop-ozone   Source File: RpcClient.java    License: Apache License 2.0 5 votes vote down vote up
private OzoneInputStream createInputStream(
    OmKeyInfo keyInfo, Function<OmKeyInfo, OmKeyInfo> retryFunction)
    throws IOException {
  LengthInputStream lengthInputStream = KeyInputStream
      .getFromOmKeyInfo(keyInfo, xceiverClientManager,
          verifyChecksum, retryFunction);
  FileEncryptionInfo feInfo = keyInfo.getFileEncryptionInfo();
  if (feInfo != null) {
    final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
    final CryptoInputStream cryptoIn =
        new CryptoInputStream(lengthInputStream.getWrappedStream(),
            OzoneKMSUtil.getCryptoCodec(conf, feInfo),
            decrypted.getMaterial(), feInfo.getIV());
    return new OzoneInputStream(cryptoIn);
  } else {
    try{
      GDPRSymmetricKey gk;
      Map<String, String> keyInfoMetadata = keyInfo.getMetadata();
      if(Boolean.valueOf(keyInfoMetadata.get(OzoneConsts.GDPR_FLAG))){
        gk = new GDPRSymmetricKey(
            keyInfoMetadata.get(OzoneConsts.GDPR_SECRET),
            keyInfoMetadata.get(OzoneConsts.GDPR_ALGORITHM)
        );
        gk.getCipher().init(Cipher.DECRYPT_MODE, gk.getSecretKey());
        return new OzoneInputStream(
            new CipherInputStream(lengthInputStream, gk.getCipher()));
      }
    }catch (Exception ex){
      throw new IOException(ex);
    }
  }
  return new OzoneInputStream(lengthInputStream.getWrappedStream());
}
 
Example 22
Source Project: hadoop-ozone   Source File: TestOzoneAtRestEncryption.java    License: Apache License 2.0 5 votes vote down vote up
private static void createKey(String keyName, KeyProvider
    provider, OzoneConfiguration config)
    throws NoSuchAlgorithmException, IOException {
  final KeyProvider.Options options = KeyProvider.options(config);
  options.setDescription(keyName);
  options.setBitLength(128);
  provider.createKey(keyName, options);
  provider.flush();
}
 
Example 23
Source Project: ranger   Source File: KMS.java    License: Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList, @Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeysMetadata method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    final String[] keyNames = keyNamesList.toArray( new String[keyNamesList.size()]);
    assertAccess(Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA, request.getRemoteAddr());
    KeyProvider.Metadata[] keysMeta = user.doAs(new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
      @Override
      public KeyProvider.Metadata[] run() throws Exception {
        return provider.getKeysMetadata(keyNames);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
    kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeysMetadata method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getKeysmetadata.", e);
    throw e;
  }
}
 
Example 24
Source Project: hadoop-ozone   Source File: OMBucketCreateRequest.java    License: Apache License 2.0 5 votes vote down vote up
private BucketEncryptionInfoProto getBeinfo(
    KeyProviderCryptoExtension kmsProvider, BucketInfo bucketInfo)
    throws IOException {
  BucketEncryptionInfoProto bek = bucketInfo.getBeinfo();
  BucketEncryptionInfoProto.Builder bekb = null;
  if (kmsProvider == null) {
    throw new OMException("Invalid KMS provider, check configuration " +
        CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
        OMException.ResultCodes.INVALID_KMS_PROVIDER);
  }
  if (bek.getKeyName() == null) {
    throw new OMException("Bucket encryption key needed.", OMException
        .ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // Talk to KMS to retrieve the bucket encryption key info.
  KeyProvider.Metadata metadata = kmsProvider.getMetadata(
      bek.getKeyName());
  if (metadata == null) {
    throw new OMException("Bucket encryption key " + bek.getKeyName()
        + " doesn't exist.",
        OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
  }
  // If the provider supports pool for EDEKs, this will fill in the pool
  kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
  bekb = BucketEncryptionInfoProto.newBuilder()
      .setKeyName(bek.getKeyName())
      .setCryptoProtocolVersion(ENCRYPTION_ZONES)
      .setSuite(OMPBHelper.convert(
          CipherSuite.convert(metadata.getCipher())));
  return bekb.build();
}
 
Example 25
Source Project: hadoop-ozone   Source File: OzoneManager.java    License: Apache License 2.0 5 votes vote down vote up
private KeyProviderCryptoExtension createKeyProviderExt(
    OzoneConfiguration conf) throws IOException {
  KeyProvider keyProvider = KMSUtil.createKeyProvider(conf,
      keyProviderUriKeyName);
  if (keyProvider == null) {
    return null;
  }
  KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
      .createKeyProviderCryptoExtension(keyProvider);
  return cryptoProvider;
}
 
Example 26
private static void setUpKeyProvider(Configuration conf) throws Exception {
  URI keyProviderUri =
    new URI("jceks://file" + UTIL.getDataTestDir("test.jks").toUri().toString());
  conf.set("dfs.encryption.key.provider.uri", keyProviderUri.toString());
  KeyProvider keyProvider = KeyProviderFactory.get(keyProviderUri, conf);
  keyProvider.createKey(TEST_KEY_NAME, KeyProvider.options(conf));
  keyProvider.flush();
  keyProvider.close();
}
 
Example 27
Source Project: hadoop   Source File: DFSUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Creates a new KeyProviderCryptoExtension by wrapping the
 * KeyProvider specified in the given Configuration.
 *
 * @param conf Configuration
 * @return new KeyProviderCryptoExtension, or null if no provider was found.
 * @throws IOException if the KeyProvider is improperly specified in
 *                             the Configuration
 */
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
    final Configuration conf) throws IOException {
  KeyProvider keyProvider = createKeyProvider(conf);
  if (keyProvider == null) {
    return null;
  }
  KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
      .createKeyProviderCryptoExtension(keyProvider);
  return cryptoProvider;
}
 
Example 28
Source Project: ranger   Source File: KMSServerJSONUtils.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static List toJSON(String[] keyNames, KeyProvider.Metadata[] metas) {
  List json = new ArrayList();
  for (int i = 0; i < keyNames.length; i++) {
    json.add(toJSON(keyNames[i], metas[i]));
  }
  return json;
}
 
Example 29
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
public void setKeyProvider(KeyProvider provider) {
  try {
    clientContext.getKeyProviderCache().setKeyProvider(conf, provider);
  } catch (IOException e) {
   LOG.error("Could not set KeyProvider !!", e);
  }
}
 
Example 30
Source Project: hadoop   Source File: DFSTestUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Helper function to create a key in the Key Provider.
 *
 * @param keyName The name of the key to create
 * @param cluster The cluster to create it in
 * @param idx The NameNode index
 * @param conf Configuration to use
 */
public static void createKey(String keyName, MiniDFSCluster cluster,
                             int idx, Configuration conf)
    throws NoSuchAlgorithmException, IOException {
  NameNode nn = cluster.getNameNode(idx);
  KeyProvider provider = nn.getNamesystem().getProvider();
  final KeyProvider.Options options = KeyProvider.options(conf);
  options.setDescription(keyName);
  options.setBitLength(128);
  provider.createKey(keyName, options);
  provider.flush();
}