org.apache.hadoop.crypto.CipherSuite Java Examples
The following examples show how to use
org.apache.hadoop.crypto.CipherSuite.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ProxiedDFSClient.java From spliceengine with GNU Affero General Public License v3.0 | 6 votes |
/** * O * btain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo * and the available CryptoCodecs configured in the Configuration. * * @param conf Configuration * @param feInfo FileEncryptionInfo * @return CryptoCodec * @throws IOException if no suitable CryptoCodec for the CipherSuite is * available. */ private static CryptoCodec getCryptoCodec(Configuration conf, FileEncryptionInfo feInfo) throws IOException { final CipherSuite suite = feInfo.getCipherSuite(); if (suite.equals(CipherSuite.UNKNOWN)) { throw new IOException("NameNode specified unknown CipherSuite with ID " + suite.getUnknownValue() + ", cannot instantiate CryptoCodec."); } final CryptoCodec codec = CryptoCodec.getInstance(conf, suite); if (codec == null) { throw new UnknownCipherSuiteException( "No configuration found for the cipher suite " + suite.getConfigSuffix() + " prefixed with " + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + ". Please see the example configuration " + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE " + "at core-default.xml for details."); } return codec; }
Example #2
Source File: FileEncryptionInfo.java From big-c with Apache License 2.0 | 6 votes |
/** * Create a FileEncryptionInfo. * * @param suite CipherSuite used to encrypt the file * @param edek encrypted data encryption key (EDEK) of the file * @param iv initialization vector (IV) used to encrypt the file * @param keyName name of the key used for the encryption zone * @param ezKeyVersionName name of the KeyVersion used to encrypt the * encrypted data encryption key. */ public FileEncryptionInfo(final CipherSuite suite, final CryptoProtocolVersion version, final byte[] edek, final byte[] iv, final String keyName, final String ezKeyVersionName) { checkNotNull(suite); checkNotNull(version); checkNotNull(edek); checkNotNull(iv); checkNotNull(keyName); checkNotNull(ezKeyVersionName); checkArgument(iv.length == suite.getAlgorithmBlockSize(), "Unexpected IV length"); this.cipherSuite = suite; this.version = version; this.edek = edek; this.iv = iv; this.keyName = keyName; this.ezKeyVersionName = ezKeyVersionName; }
Example #3
Source File: TestEncryptionZones.java From big-c with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private static void mockCreate(ClientProtocol mcp, CipherSuite suite, CryptoProtocolVersion version) throws Exception { Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, new FileEncryptionInfo(suite, version, new byte[suite.getAlgorithmBlockSize()], new byte[suite.getAlgorithmBlockSize()], "fakeKey", "fakeVersion"), (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); }
Example #4
Source File: PBHelper.java From hadoop with Apache License 2.0 | 6 votes |
public static CipherOption convert(CipherOptionProto proto) { if (proto != null) { CipherSuite suite = null; if (proto.getSuite() != null) { suite = convert(proto.getSuite()); } byte[] inKey = null; if (proto.getInKey() != null) { inKey = proto.getInKey().toByteArray(); } byte[] inIv = null; if (proto.getInIv() != null) { inIv = proto.getInIv().toByteArray(); } byte[] outKey = null; if (proto.getOutKey() != null) { outKey = proto.getOutKey().toByteArray(); } byte[] outIv = null; if (proto.getOutIv() != null) { outIv = proto.getOutIv().toByteArray(); } return new CipherOption(suite, inKey, inIv, outKey, outIv); } return null; }
Example #5
Source File: OzoneKMSUtil.java From hadoop-ozone with Apache License 2.0 | 6 votes |
public static CryptoCodec getCryptoCodec(ConfigurationSource conf, FileEncryptionInfo feInfo) throws IOException { CipherSuite suite = feInfo.getCipherSuite(); if (suite.equals(CipherSuite.UNKNOWN)) { throw new IOException("NameNode specified unknown CipherSuite with ID " + suite.getUnknownValue() + ", cannot instantiate CryptoCodec."); } else { Configuration hadoopConfig = LegacyHadoopConfigurationSource.asHadoopConfiguration(conf); CryptoCodec codec = CryptoCodec.getInstance(hadoopConfig, suite); if (codec == null) { throw new OMException("No configuration found for the cipher suite " + suite.getConfigSuffix() + " prefixed with " + "hadoop.security.crypto.codec.classes. Please see the" + " example configuration hadoop.security.crypto.codec.classes." + "EXAMPLE CIPHER SUITE at core-default.xml for details.", OMException.ResultCodes.UNKNOWN_CIPHER_SUITE); } else { return codec; } } }
Example #6
Source File: TestEncryptionZones.java From hadoop with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private static void mockCreate(ClientProtocol mcp, CipherSuite suite, CryptoProtocolVersion version) throws Exception { Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, new FileEncryptionInfo(suite, version, new byte[suite.getAlgorithmBlockSize()], new byte[suite.getAlgorithmBlockSize()], "fakeKey", "fakeVersion"), (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); }
Example #7
Source File: FileEncryptionInfo.java From hadoop with Apache License 2.0 | 6 votes |
/** * Create a FileEncryptionInfo. * * @param suite CipherSuite used to encrypt the file * @param edek encrypted data encryption key (EDEK) of the file * @param iv initialization vector (IV) used to encrypt the file * @param keyName name of the key used for the encryption zone * @param ezKeyVersionName name of the KeyVersion used to encrypt the * encrypted data encryption key. */ public FileEncryptionInfo(final CipherSuite suite, final CryptoProtocolVersion version, final byte[] edek, final byte[] iv, final String keyName, final String ezKeyVersionName) { checkNotNull(suite); checkNotNull(version); checkNotNull(edek); checkNotNull(iv); checkNotNull(keyName); checkNotNull(ezKeyVersionName); checkArgument(iv.length == suite.getAlgorithmBlockSize(), "Unexpected IV length"); this.cipherSuite = suite; this.version = version; this.edek = edek; this.iv = iv; this.keyName = keyName; this.ezKeyVersionName = ezKeyVersionName; }
Example #8
Source File: PBHelper.java From big-c with Apache License 2.0 | 6 votes |
public static CipherOption convert(CipherOptionProto proto) { if (proto != null) { CipherSuite suite = null; if (proto.getSuite() != null) { suite = convert(proto.getSuite()); } byte[] inKey = null; if (proto.getInKey() != null) { inKey = proto.getInKey().toByteArray(); } byte[] inIv = null; if (proto.getInIv() != null) { inIv = proto.getInIv().toByteArray(); } byte[] outKey = null; if (proto.getOutKey() != null) { outKey = proto.getOutKey().toByteArray(); } byte[] outIv = null; if (proto.getOutIv() != null) { outIv = proto.getOutIv().toByteArray(); } return new CipherOption(suite, inKey, inIv, outKey, outIv); } return null; }
Example #9
Source File: DFSClient.java From big-c with Apache License 2.0 | 6 votes |
/** * Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo * and the available CryptoCodecs configured in the Configuration. * * @param conf Configuration * @param feInfo FileEncryptionInfo * @return CryptoCodec * @throws IOException if no suitable CryptoCodec for the CipherSuite is * available. */ private static CryptoCodec getCryptoCodec(Configuration conf, FileEncryptionInfo feInfo) throws IOException { final CipherSuite suite = feInfo.getCipherSuite(); if (suite.equals(CipherSuite.UNKNOWN)) { throw new IOException("NameNode specified unknown CipherSuite with ID " + suite.getUnknownValue() + ", cannot instantiate CryptoCodec."); } final CryptoCodec codec = CryptoCodec.getInstance(conf, suite); if (codec == null) { throw new UnknownCipherSuiteException( "No configuration found for the cipher suite " + suite.getConfigSuffix() + " prefixed with " + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + ". Please see the example configuration " + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE " + "at core-default.xml for details."); } return codec; }
Example #10
Source File: DFSClient.java From hadoop with Apache License 2.0 | 6 votes |
/** * Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo * and the available CryptoCodecs configured in the Configuration. * * @param conf Configuration * @param feInfo FileEncryptionInfo * @return CryptoCodec * @throws IOException if no suitable CryptoCodec for the CipherSuite is * available. */ private static CryptoCodec getCryptoCodec(Configuration conf, FileEncryptionInfo feInfo) throws IOException { final CipherSuite suite = feInfo.getCipherSuite(); if (suite.equals(CipherSuite.UNKNOWN)) { throw new IOException("NameNode specified unknown CipherSuite with ID " + suite.getUnknownValue() + ", cannot instantiate CryptoCodec."); } final CryptoCodec codec = CryptoCodec.getInstance(conf, suite); if (codec == null) { throw new UnknownCipherSuiteException( "No configuration found for the cipher suite " + suite.getConfigSuffix() + " prefixed with " + HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + ". Please see the example configuration " + "hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE " + "at core-default.xml for details."); } return codec; }
Example #11
Source File: PBHelper.java From hadoop with Apache License 2.0 | 5 votes |
public static HdfsProtos.ZoneEncryptionInfoProto convert( CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (suite == null || version == null || keyName == null) { return null; } return HdfsProtos.ZoneEncryptionInfoProto.newBuilder() .setSuite(convert(suite)) .setCryptoProtocolVersion(convert(version)) .setKeyName(keyName) .build(); }
Example #12
Source File: PBHelper.java From hadoop with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.PerFileEncryptionInfoProto fileProto, CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (fileProto == null || suite == null || version == null || keyName == null) { return null; } byte[] key = fileProto.getKey().toByteArray(); byte[] iv = fileProto.getIv().toByteArray(); String ezKeyVersionName = fileProto.getEzKeyVersionName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #13
Source File: PBHelper.java From hadoop with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.FileEncryptionInfoProto proto) { if (proto == null) { return null; } CipherSuite suite = convert(proto.getSuite()); CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion()); byte[] key = proto.getKey().toByteArray(); byte[] iv = proto.getIv().toByteArray(); String ezKeyVersionName = proto.getEzKeyVersionName(); String keyName = proto.getKeyName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #14
Source File: DataTransferSaslUtil.java From big-c with Apache License 2.0 | 5 votes |
/** * Negotiate a cipher option which server supports. * * @param conf the configuration * @param options the cipher options which client supports * @return CipherOption negotiated cipher option */ public static CipherOption negotiateCipherOption(Configuration conf, List<CipherOption> options) throws IOException { // Negotiate cipher suites if configured. Currently, the only supported // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple // values for future expansion. String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY); if (cipherSuites == null || cipherSuites.isEmpty()) { return null; } if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) { throw new IOException(String.format("Invalid cipher suite, %s=%s", DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites)); } if (options != null) { for (CipherOption option : options) { CipherSuite suite = option.getCipherSuite(); if (suite == CipherSuite.AES_CTR_NOPADDING) { int keyLen = conf.getInt( DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY, DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8; CryptoCodec codec = CryptoCodec.getInstance(conf, suite); byte[] inKey = new byte[keyLen]; byte[] inIv = new byte[suite.getAlgorithmBlockSize()]; byte[] outKey = new byte[keyLen]; byte[] outIv = new byte[suite.getAlgorithmBlockSize()]; codec.generateSecureRandom(inKey); codec.generateSecureRandom(inIv); codec.generateSecureRandom(outKey); codec.generateSecureRandom(outIv); return new CipherOption(suite, inKey, inIv, outKey, outIv); } } } return null; }
Example #15
Source File: EncryptionZone.java From big-c with Apache License 2.0 | 5 votes |
public EncryptionZone(long id, String path, CipherSuite suite, CryptoProtocolVersion version, String keyName) { this.id = id; this.path = path; this.suite = suite; this.version = version; this.keyName = keyName; }
Example #16
Source File: FSDirectory.java From big-c with Apache License 2.0 | 5 votes |
XAttr createEncryptionZone(String src, CipherSuite suite, CryptoProtocolVersion version, String keyName) throws IOException { writeLock(); try { return ezManager.createEncryptionZone(src, suite, version, keyName); } finally { writeUnlock(); } }
Example #17
Source File: EncryptionZoneManager.java From big-c with Apache License 2.0 | 5 votes |
EncryptionZoneInt(long inodeId, CipherSuite suite, CryptoProtocolVersion version, String keyName) { Preconditions.checkArgument(suite != CipherSuite.UNKNOWN); Preconditions.checkArgument(version != CryptoProtocolVersion.UNKNOWN); this.inodeId = inodeId; this.suite = suite; this.version = version; this.keyName = keyName; }
Example #18
Source File: EncryptionZoneManager.java From big-c with Apache License 2.0 | 5 votes |
/** * Create a new encryption zone. * <p/> * Called while holding the FSDirectory lock. */ XAttr createEncryptionZone(String src, CipherSuite suite, CryptoProtocolVersion version, String keyName) throws IOException { assert dir.hasWriteLock(); final INodesInPath srcIIP = dir.getINodesInPath4Write(src, false); if (dir.isNonEmptyDirectory(srcIIP)) { throw new IOException( "Attempt to create an encryption zone for a non-empty directory."); } if (srcIIP != null && srcIIP.getLastINode() != null && !srcIIP.getLastINode().isDirectory()) { throw new IOException("Attempt to create an encryption zone for a file."); } EncryptionZoneInt ezi = getEncryptionZoneForPath(srcIIP); if (ezi != null) { throw new IOException("Directory " + src + " is already in an " + "encryption zone. (" + getFullPathName(ezi) + ")"); } final HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.convert(suite, version, keyName); final XAttr ezXAttr = XAttrHelper .buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, proto.toByteArray()); final List<XAttr> xattrs = Lists.newArrayListWithCapacity(1); xattrs.add(ezXAttr); // updating the xattr will call addEncryptionZone, // done this way to handle edit log loading FSDirXAttrOp.unprotectedSetXAttrs(dir, src, xattrs, EnumSet.of(XAttrSetFlag.CREATE)); return ezXAttr; }
Example #19
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static CipherSuiteProto convert(CipherSuite suite) { switch (suite) { case UNKNOWN: return CipherSuiteProto.UNKNOWN; case AES_CTR_NOPADDING: return CipherSuiteProto.AES_CTR_NOPADDING; default: return null; } }
Example #20
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static CipherSuite convert(CipherSuiteProto proto) { switch (proto) { case AES_CTR_NOPADDING: return CipherSuite.AES_CTR_NOPADDING; default: // Set to UNKNOWN and stash the unknown enum value CipherSuite suite = CipherSuite.UNKNOWN; suite.setUnknownValue(proto.getNumber()); return suite; } }
Example #21
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static HdfsProtos.ZoneEncryptionInfoProto convert( CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (suite == null || version == null || keyName == null) { return null; } return HdfsProtos.ZoneEncryptionInfoProto.newBuilder() .setSuite(convert(suite)) .setCryptoProtocolVersion(convert(version)) .setKeyName(keyName) .build(); }
Example #22
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.FileEncryptionInfoProto proto) { if (proto == null) { return null; } CipherSuite suite = convert(proto.getSuite()); CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion()); byte[] key = proto.getKey().toByteArray(); byte[] iv = proto.getIv().toByteArray(); String ezKeyVersionName = proto.getEzKeyVersionName(); String keyName = proto.getKeyName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #23
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.PerFileEncryptionInfoProto fileProto, CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (fileProto == null || suite == null || version == null || keyName == null) { return null; } byte[] key = fileProto.getKey().toByteArray(); byte[] iv = fileProto.getIv().toByteArray(); String ezKeyVersionName = fileProto.getEzKeyVersionName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #24
Source File: FanOutOneBlockAsyncDFSOutputSaslHelper.java From hbase with Apache License 2.0 | 5 votes |
private List<CipherOption> getCipherOptions() throws IOException { // Negotiate cipher suites if configured. Currently, the only supported // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple // values for future expansion. String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY); if (StringUtils.isBlank(cipherSuites)) { return null; } if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) { throw new IOException(String.format("Invalid cipher suite, %s=%s", DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites)); } return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING)); }
Example #25
Source File: TestSaslFanOutOneBlockAsyncDFSOutput.java From hbase with Apache License 2.0 | 5 votes |
@Parameters(name = "{index}: protection={0}, encryption={1}, cipherSuite={2}") public static Iterable<Object[]> data() { List<Object[]> params = new ArrayList<>(); for (String protection : Arrays.asList("authentication", "integrity", "privacy")) { for (String encryptionAlgorithm : Arrays.asList("", "3des", "rc4")) { for (String cipherSuite : Arrays.asList("", CipherSuite.AES_CTR_NOPADDING.getName())) { params.add(new Object[] { protection, encryptionAlgorithm, cipherSuite }); } } } return params; }
Example #26
Source File: PBHelper.java From hadoop with Apache License 2.0 | 5 votes |
public static CipherSuiteProto convert(CipherSuite suite) { switch (suite) { case UNKNOWN: return CipherSuiteProto.UNKNOWN; case AES_CTR_NOPADDING: return CipherSuiteProto.AES_CTR_NOPADDING; default: return null; } }
Example #27
Source File: EncryptionBucketInfo.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public EncryptionBucketInfo(long id, String path, CipherSuite suite, CryptoProtocolVersion version, String keyName) { this.id = id; this.path = path; this.suite = suite; this.version = version; this.keyName = keyName; }
Example #28
Source File: BucketEncryptionKeyInfo.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public BucketEncryptionKeyInfo( CryptoProtocolVersion version, CipherSuite suite, String keyName) { this.version = version; this.suite = suite; this.keyName = keyName; }
Example #29
Source File: OMPBHelper.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert(FileEncryptionInfoProto proto) { if (proto == null) { return null; } CipherSuite suite = convert(proto.getSuite()); CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion()); byte[] key = proto.getKey().toByteArray(); byte[] iv = proto.getIv().toByteArray(); String ezKeyVersionName = proto.getEzKeyVersionName(); String keyName = proto.getKeyName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #30
Source File: OMPBHelper.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static CipherSuite convert(CipherSuiteProto proto) { switch(proto) { case AES_CTR_NOPADDING: return CipherSuite.AES_CTR_NOPADDING; default: // Set to UNKNOWN and stash the unknown enum value CipherSuite suite = CipherSuite.UNKNOWN; suite.setUnknownValue(proto.getNumber()); return suite; } }