Java Code Examples for org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey

The following examples show how to use org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: SaslDataTransferClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Checks if an address is already trusted and then sends client SASL
 * negotiation if required.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair checkTrustAndSend(InetAddress addr,
    OutputStream underlyingOut, InputStream underlyingIn,
    DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (!trustedChannelResolver.isTrusted() &&
      !trustedChannelResolver.isTrusted(addr)) {
    // The encryption key factory only returns a key if encryption is enabled.
    DataEncryptionKey encryptionKey =
      encryptionKeyFactory.newDataEncryptionKey();
    return send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken,
      datanodeId);
  } else {
    LOG.debug(
      "SASL client skipping handshake on trusted connection for addr = {}, "
      + "datanodeId = {}", addr, datanodeId);
    return null;
  }
}
 
Example 2
Source Project: hadoop   Source File: SaslDataTransferClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Sends client SASL negotiation for specialized encrypted handshake.
 *
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey)
    throws IOException {
  Map<String, String> saslProps = createSaslPropertiesForEncryption(
    encryptionKey.encryptionAlgorithm);

  LOG.debug("Client using encryption algorithm {}",
    encryptionKey.encryptionAlgorithm);

  String userName = getUserNameFromEncryptionKey(encryptionKey);
  char[] password = encryptionKeyToPassword(encryptionKey.encryptionKey);
  CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName,
    password);
  return doSaslHandshake(underlyingOut, underlyingIn, userName, saslProps,
    callbackHandler);
}
 
Example 3
@Override
public GetDataEncryptionKeyResponseProto getDataEncryptionKey(
    RpcController controller, GetDataEncryptionKeyRequestProto request)
    throws ServiceException {
  try {
    GetDataEncryptionKeyResponseProto.Builder builder = 
        GetDataEncryptionKeyResponseProto.newBuilder();
    DataEncryptionKey encryptionKey = server.getDataEncryptionKey();
    if (encryptionKey != null) {
      builder.setDataEncryptionKey(PBHelper.convert(encryptionKey));
    }
    return builder.build();
  } catch (IOException e) {
    throw new ServiceException(e);
  }
}
 
Example 4
Source Project: big-c   Source File: SaslDataTransferClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Checks if an address is already trusted and then sends client SASL
 * negotiation if required.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair checkTrustAndSend(InetAddress addr,
    OutputStream underlyingOut, InputStream underlyingIn,
    DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (!trustedChannelResolver.isTrusted() &&
      !trustedChannelResolver.isTrusted(addr)) {
    // The encryption key factory only returns a key if encryption is enabled.
    DataEncryptionKey encryptionKey =
      encryptionKeyFactory.newDataEncryptionKey();
    return send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken,
      datanodeId);
  } else {
    LOG.debug(
      "SASL client skipping handshake on trusted connection for addr = {}, "
      + "datanodeId = {}", addr, datanodeId);
    return null;
  }
}
 
Example 5
Source Project: big-c   Source File: SaslDataTransferClient.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Sends client SASL negotiation for specialized encrypted handshake.
 *
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey)
    throws IOException {
  Map<String, String> saslProps = createSaslPropertiesForEncryption(
    encryptionKey.encryptionAlgorithm);

  LOG.debug("Client using encryption algorithm {}",
    encryptionKey.encryptionAlgorithm);

  String userName = getUserNameFromEncryptionKey(encryptionKey);
  char[] password = encryptionKeyToPassword(encryptionKey.encryptionKey);
  CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName,
    password);
  return doSaslHandshake(underlyingOut, underlyingIn, userName, saslProps,
    callbackHandler);
}
 
Example 6
@Override
public GetDataEncryptionKeyResponseProto getDataEncryptionKey(
    RpcController controller, GetDataEncryptionKeyRequestProto request)
    throws ServiceException {
  try {
    GetDataEncryptionKeyResponseProto.Builder builder = 
        GetDataEncryptionKeyResponseProto.newBuilder();
    DataEncryptionKey encryptionKey = server.getDataEncryptionKey();
    if (encryptionKey != null) {
      builder.setDataEncryptionKey(PBHelper.convert(encryptionKey));
    }
    return builder.build();
  } catch (IOException e) {
    throw new ServiceException(e);
  }
}
 
Example 7
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  if (shouldEncryptData()) {
    synchronized (this) {
      if (encryptionKey == null ||
          encryptionKey.expiryDate < Time.now()) {
        LOG.debug("Getting new encryption token from NN");
        encryptionKey = namenode.getDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example 8
Source Project: hadoop   Source File: KeyManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() {
  if (encryptDataTransfer) {
    synchronized (this) {
      if (encryptionKey == null) {
        encryptionKey = blockTokenSecretManager.generateDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example 9
Source Project: hadoop   Source File: BlockManager.java    License: Apache License 2.0 5 votes vote down vote up
public DataEncryptionKey generateDataEncryptionKey() {
  if (isBlockTokenEnabled() && encryptDataTransfer) {
    return blockTokenSecretManager.generateDataEncryptionKey();
  } else {
    return null;
  }
}
 
Example 10
Source Project: hadoop   Source File: DataNode.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns a new DataEncryptionKeyFactory that generates a key from the
 * BlockPoolTokenSecretManager, using the block pool ID of the given block.
 *
 * @param block for which the factory needs to create a key
 * @return DataEncryptionKeyFactory for block's block pool ID
 */
DataEncryptionKeyFactory getDataEncryptionKeyFactoryForBlock(
    final ExtendedBlock block) {
  return new DataEncryptionKeyFactory() {
    @Override
    public DataEncryptionKey newDataEncryptionKey() {
      return dnConf.encryptDataTransfer ?
        blockPoolTokenSecretManager.generateDataEncryptionKey(
          block.getBlockPoolId()) : null;
    }
  };
}
 
Example 11
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKey convert(DataEncryptionKeyProto bet) {
  String encryptionAlgorithm = bet.getEncryptionAlgorithm();
  return new DataEncryptionKey(bet.getKeyId(),
      bet.getBlockPoolId(),
      bet.getNonce().toByteArray(),
      bet.getEncryptionKey().toByteArray(),
      bet.getExpiryDate(),
      encryptionAlgorithm.isEmpty() ? null : encryptionAlgorithm);
}
 
Example 12
Source Project: hadoop   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) {
  DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder()
      .setKeyId(bet.keyId)
      .setBlockPoolId(bet.blockPoolId)
      .setNonce(ByteString.copyFrom(bet.nonce))
      .setEncryptionKey(ByteString.copyFrom(bet.encryptionKey))
      .setExpiryDate(bet.expiryDate);
  if (bet.encryptionAlgorithm != null) {
    b.setEncryptionAlgorithm(bet.encryptionAlgorithm);
  }
  return b.build();
}
 
Example 13
Source Project: hadoop   Source File: ClientNamenodeProtocolTranslatorPB.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  try {
    GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey(
        null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST);
   return rsp.hasDataEncryptionKey() ? 
        PBHelper.convert(rsp.getDataEncryptionKey()) : null;
  } catch (ServiceException e) {
    throw ProtobufHelper.getRemoteException(e);
  }
}
 
Example 14
Source Project: big-c   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  if (shouldEncryptData()) {
    synchronized (this) {
      if (encryptionKey == null ||
          encryptionKey.expiryDate < Time.now()) {
        LOG.debug("Getting new encryption token from NN");
        encryptionKey = namenode.getDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example 15
Source Project: big-c   Source File: KeyManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() {
  if (encryptDataTransfer) {
    synchronized (this) {
      if (encryptionKey == null) {
        encryptionKey = blockTokenSecretManager.generateDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example 16
Source Project: big-c   Source File: BlockManager.java    License: Apache License 2.0 5 votes vote down vote up
public DataEncryptionKey generateDataEncryptionKey() {
  if (isBlockTokenEnabled() && encryptDataTransfer) {
    return blockTokenSecretManager.generateDataEncryptionKey();
  } else {
    return null;
  }
}
 
Example 17
Source Project: big-c   Source File: DataNode.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns a new DataEncryptionKeyFactory that generates a key from the
 * BlockPoolTokenSecretManager, using the block pool ID of the given block.
 *
 * @param block for which the factory needs to create a key
 * @return DataEncryptionKeyFactory for block's block pool ID
 */
DataEncryptionKeyFactory getDataEncryptionKeyFactoryForBlock(
    final ExtendedBlock block) {
  return new DataEncryptionKeyFactory() {
    @Override
    public DataEncryptionKey newDataEncryptionKey() {
      return dnConf.encryptDataTransfer ?
        blockPoolTokenSecretManager.generateDataEncryptionKey(
          block.getBlockPoolId()) : null;
    }
  };
}
 
Example 18
Source Project: big-c   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKey convert(DataEncryptionKeyProto bet) {
  String encryptionAlgorithm = bet.getEncryptionAlgorithm();
  return new DataEncryptionKey(bet.getKeyId(),
      bet.getBlockPoolId(),
      bet.getNonce().toByteArray(),
      bet.getEncryptionKey().toByteArray(),
      bet.getExpiryDate(),
      encryptionAlgorithm.isEmpty() ? null : encryptionAlgorithm);
}
 
Example 19
Source Project: big-c   Source File: PBHelper.java    License: Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) {
  DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder()
      .setKeyId(bet.keyId)
      .setBlockPoolId(bet.blockPoolId)
      .setNonce(ByteString.copyFrom(bet.nonce))
      .setEncryptionKey(ByteString.copyFrom(bet.encryptionKey))
      .setExpiryDate(bet.expiryDate);
  if (bet.encryptionAlgorithm != null) {
    b.setEncryptionAlgorithm(bet.encryptionAlgorithm);
  }
  return b.build();
}
 
Example 20
Source Project: big-c   Source File: ClientNamenodeProtocolTranslatorPB.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  try {
    GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey(
        null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST);
   return rsp.hasDataEncryptionKey() ? 
        PBHelper.convert(rsp.getDataEncryptionKey()) : null;
  } catch (ServiceException e) {
    throw ProtobufHelper.getRemoteException(e);
  }
}
 
Example 21
Source Project: hadoop   Source File: SaslDataTransferClient.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Sends client SASL negotiation if required.  Determines the correct type of
 * SASL handshake based on configuration.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (encryptionKey != null) {
    LOG.debug(
      "SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getEncryptedStreams(underlyingOut, underlyingIn,
      encryptionKey);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL client skipping handshake in unsecured configuration for "
      + "addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "unsecured cluster for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (saslPropsResolver != null) {
    LOG.debug(
      "SASL client doing general handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getSaslStreams(addr, underlyingOut, underlyingIn, accessToken,
      datanodeId);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL client skipping handshake in secured configuration with no SASL "
      + "protection configured for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return null;
  }
}
 
Example 22
Source Project: hadoop   Source File: NamenodeFsck.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  return namenode.getRpcServer().getDataEncryptionKey();
}
 
Example 23
Source Project: hadoop   Source File: NameNodeRpcServer.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  checkNNStartup();
  return namesystem.getBlockManager().generateDataEncryptionKey();
}
 
Example 24
Source Project: nnproxy   Source File: ProxyClientProtocolHandler.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
    return router.getRoot().upstream.getDataEncryptionKey();
}
 
Example 25
Source Project: big-c   Source File: SaslDataTransferClient.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Sends client SASL negotiation if required.  Determines the correct type of
 * SASL handshake based on configuration.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (encryptionKey != null) {
    LOG.debug(
      "SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getEncryptedStreams(underlyingOut, underlyingIn,
      encryptionKey);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL client skipping handshake in unsecured configuration for "
      + "addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "unsecured cluster for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (saslPropsResolver != null) {
    LOG.debug(
      "SASL client doing general handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getSaslStreams(addr, underlyingOut, underlyingIn, accessToken,
      datanodeId);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL client skipping handshake in secured configuration with no SASL "
      + "protection configured for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return null;
  }
}
 
Example 26
Source Project: big-c   Source File: NamenodeFsck.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  return namenode.getRpcServer().getDataEncryptionKey();
}
 
Example 27
Source Project: big-c   Source File: NameNodeRpcServer.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  checkNNStartup();
  return namesystem.getBlockManager().generateDataEncryptionKey();
}
 
Example 28
private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {
  return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER
      + Base64.getEncoder().encodeToString(encryptionKey.nonce);
}
 
Example 29
static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,
    int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,
    Promise<Void> saslPromise) throws IOException {
  SaslDataTransferClient saslClient = client.getSaslDataTransferClient();
  SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);
  TrustedChannelResolver trustedChannelResolver =
      SASL_ADAPTOR.getTrustedChannelResolver(saslClient);
  AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);
  InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
  if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {
    saslPromise.trySuccess(null);
    return;
  }
  DataEncryptionKey encryptionKey = client.newDataEncryptionKey();
  if (encryptionKey != null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug(
        "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
      encryptionKeyToPassword(encryptionKey.encryptionKey),
      createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
        client);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
          + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (dnInfo.getXferPort() < 1024) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with "
          + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with "
          + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (saslPropsResolver != null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug(
        "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
      buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
        client);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL. The only way this can
    // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare
    // edge case.
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with no SASL "
          + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  }
}
 
Example 30
Source Project: hadoop   Source File: SaslDataTransferClient.java    License: Apache License 2.0 3 votes vote down vote up
/**
 * Sends client SASL negotiation for a newly allocated socket if required.
 *
 * @param socket connection socket
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
public IOStreamPair newSocketSend(Socket socket, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  // The encryption key factory only returns a key if encryption is enabled.
  DataEncryptionKey encryptionKey = !trustedChannelResolver.isTrusted() ?
    encryptionKeyFactory.newDataEncryptionKey() : null;
  IOStreamPair ios = send(socket.getInetAddress(), underlyingOut,
    underlyingIn, encryptionKey, accessToken, datanodeId);
  return ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut);
}