org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey Java Examples

The following examples show how to use org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SaslDataTransferClient.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Checks if an address is already trusted and then sends client SASL
 * negotiation if required.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair checkTrustAndSend(InetAddress addr,
    OutputStream underlyingOut, InputStream underlyingIn,
    DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (!trustedChannelResolver.isTrusted() &&
      !trustedChannelResolver.isTrusted(addr)) {
    // The encryption key factory only returns a key if encryption is enabled.
    DataEncryptionKey encryptionKey =
      encryptionKeyFactory.newDataEncryptionKey();
    return send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken,
      datanodeId);
  } else {
    LOG.debug(
      "SASL client skipping handshake on trusted connection for addr = {}, "
      + "datanodeId = {}", addr, datanodeId);
    return null;
  }
}
 
Example #2
Source File: SaslDataTransferClient.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Sends client SASL negotiation for specialized encrypted handshake.
 *
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey)
    throws IOException {
  Map<String, String> saslProps = createSaslPropertiesForEncryption(
    encryptionKey.encryptionAlgorithm);

  LOG.debug("Client using encryption algorithm {}",
    encryptionKey.encryptionAlgorithm);

  String userName = getUserNameFromEncryptionKey(encryptionKey);
  char[] password = encryptionKeyToPassword(encryptionKey.encryptionKey);
  CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName,
    password);
  return doSaslHandshake(underlyingOut, underlyingIn, userName, saslProps,
    callbackHandler);
}
 
Example #3
Source File: SaslDataTransferClient.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Sends client SASL negotiation for specialized encrypted handshake.
 *
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey)
    throws IOException {
  Map<String, String> saslProps = createSaslPropertiesForEncryption(
    encryptionKey.encryptionAlgorithm);

  LOG.debug("Client using encryption algorithm {}",
    encryptionKey.encryptionAlgorithm);

  String userName = getUserNameFromEncryptionKey(encryptionKey);
  char[] password = encryptionKeyToPassword(encryptionKey.encryptionKey);
  CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName,
    password);
  return doSaslHandshake(underlyingOut, underlyingIn, userName, saslProps,
    callbackHandler);
}
 
Example #4
Source File: SaslDataTransferClient.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Checks if an address is already trusted and then sends client SASL
 * negotiation if required.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair checkTrustAndSend(InetAddress addr,
    OutputStream underlyingOut, InputStream underlyingIn,
    DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (!trustedChannelResolver.isTrusted() &&
      !trustedChannelResolver.isTrusted(addr)) {
    // The encryption key factory only returns a key if encryption is enabled.
    DataEncryptionKey encryptionKey =
      encryptionKeyFactory.newDataEncryptionKey();
    return send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken,
      datanodeId);
  } else {
    LOG.debug(
      "SASL client skipping handshake on trusted connection for addr = {}, "
      + "datanodeId = {}", addr, datanodeId);
    return null;
  }
}
 
Example #5
Source File: ClientNamenodeProtocolServerSideTranslatorPB.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public GetDataEncryptionKeyResponseProto getDataEncryptionKey(
    RpcController controller, GetDataEncryptionKeyRequestProto request)
    throws ServiceException {
  try {
    GetDataEncryptionKeyResponseProto.Builder builder = 
        GetDataEncryptionKeyResponseProto.newBuilder();
    DataEncryptionKey encryptionKey = server.getDataEncryptionKey();
    if (encryptionKey != null) {
      builder.setDataEncryptionKey(PBHelper.convert(encryptionKey));
    }
    return builder.build();
  } catch (IOException e) {
    throw new ServiceException(e);
  }
}
 
Example #6
Source File: ClientNamenodeProtocolServerSideTranslatorPB.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public GetDataEncryptionKeyResponseProto getDataEncryptionKey(
    RpcController controller, GetDataEncryptionKeyRequestProto request)
    throws ServiceException {
  try {
    GetDataEncryptionKeyResponseProto.Builder builder = 
        GetDataEncryptionKeyResponseProto.newBuilder();
    DataEncryptionKey encryptionKey = server.getDataEncryptionKey();
    if (encryptionKey != null) {
      builder.setDataEncryptionKey(PBHelper.convert(encryptionKey));
    }
    return builder.build();
  } catch (IOException e) {
    throw new ServiceException(e);
  }
}
 
Example #7
Source File: BlockManager.java    From big-c with Apache License 2.0 5 votes vote down vote up
public DataEncryptionKey generateDataEncryptionKey() {
  if (isBlockTokenEnabled() && encryptDataTransfer) {
    return blockTokenSecretManager.generateDataEncryptionKey();
  } else {
    return null;
  }
}
 
Example #8
Source File: KeyManager.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() {
  if (encryptDataTransfer) {
    synchronized (this) {
      if (encryptionKey == null) {
        encryptionKey = blockTokenSecretManager.generateDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example #9
Source File: DFSClient.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  if (shouldEncryptData()) {
    synchronized (this) {
      if (encryptionKey == null ||
          encryptionKey.expiryDate < Time.now()) {
        LOG.debug("Getting new encryption token from NN");
        encryptionKey = namenode.getDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example #10
Source File: DataNode.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Returns a new DataEncryptionKeyFactory that generates a key from the
 * BlockPoolTokenSecretManager, using the block pool ID of the given block.
 *
 * @param block for which the factory needs to create a key
 * @return DataEncryptionKeyFactory for block's block pool ID
 */
DataEncryptionKeyFactory getDataEncryptionKeyFactoryForBlock(
    final ExtendedBlock block) {
  return new DataEncryptionKeyFactory() {
    @Override
    public DataEncryptionKey newDataEncryptionKey() {
      return dnConf.encryptDataTransfer ?
        blockPoolTokenSecretManager.generateDataEncryptionKey(
          block.getBlockPoolId()) : null;
    }
  };
}
 
Example #11
Source File: PBHelper.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKey convert(DataEncryptionKeyProto bet) {
  String encryptionAlgorithm = bet.getEncryptionAlgorithm();
  return new DataEncryptionKey(bet.getKeyId(),
      bet.getBlockPoolId(),
      bet.getNonce().toByteArray(),
      bet.getEncryptionKey().toByteArray(),
      bet.getExpiryDate(),
      encryptionAlgorithm.isEmpty() ? null : encryptionAlgorithm);
}
 
Example #12
Source File: PBHelper.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) {
  DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder()
      .setKeyId(bet.keyId)
      .setBlockPoolId(bet.blockPoolId)
      .setNonce(ByteString.copyFrom(bet.nonce))
      .setEncryptionKey(ByteString.copyFrom(bet.encryptionKey))
      .setExpiryDate(bet.expiryDate);
  if (bet.encryptionAlgorithm != null) {
    b.setEncryptionAlgorithm(bet.encryptionAlgorithm);
  }
  return b.build();
}
 
Example #13
Source File: ClientNamenodeProtocolTranslatorPB.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  try {
    GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey(
        null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST);
   return rsp.hasDataEncryptionKey() ? 
        PBHelper.convert(rsp.getDataEncryptionKey()) : null;
  } catch (ServiceException e) {
    throw ProtobufHelper.getRemoteException(e);
  }
}
 
Example #14
Source File: PBHelper.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) {
  DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder()
      .setKeyId(bet.keyId)
      .setBlockPoolId(bet.blockPoolId)
      .setNonce(ByteString.copyFrom(bet.nonce))
      .setEncryptionKey(ByteString.copyFrom(bet.encryptionKey))
      .setExpiryDate(bet.expiryDate);
  if (bet.encryptionAlgorithm != null) {
    b.setEncryptionAlgorithm(bet.encryptionAlgorithm);
  }
  return b.build();
}
 
Example #15
Source File: PBHelper.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public static DataEncryptionKey convert(DataEncryptionKeyProto bet) {
  String encryptionAlgorithm = bet.getEncryptionAlgorithm();
  return new DataEncryptionKey(bet.getKeyId(),
      bet.getBlockPoolId(),
      bet.getNonce().toByteArray(),
      bet.getEncryptionKey().toByteArray(),
      bet.getExpiryDate(),
      encryptionAlgorithm.isEmpty() ? null : encryptionAlgorithm);
}
 
Example #16
Source File: DataNode.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Returns a new DataEncryptionKeyFactory that generates a key from the
 * BlockPoolTokenSecretManager, using the block pool ID of the given block.
 *
 * @param block for which the factory needs to create a key
 * @return DataEncryptionKeyFactory for block's block pool ID
 */
DataEncryptionKeyFactory getDataEncryptionKeyFactoryForBlock(
    final ExtendedBlock block) {
  return new DataEncryptionKeyFactory() {
    @Override
    public DataEncryptionKey newDataEncryptionKey() {
      return dnConf.encryptDataTransfer ?
        blockPoolTokenSecretManager.generateDataEncryptionKey(
          block.getBlockPoolId()) : null;
    }
  };
}
 
Example #17
Source File: BlockManager.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public DataEncryptionKey generateDataEncryptionKey() {
  if (isBlockTokenEnabled() && encryptDataTransfer) {
    return blockTokenSecretManager.generateDataEncryptionKey();
  } else {
    return null;
  }
}
 
Example #18
Source File: KeyManager.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() {
  if (encryptDataTransfer) {
    synchronized (this) {
      if (encryptionKey == null) {
        encryptionKey = blockTokenSecretManager.generateDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example #19
Source File: DFSClient.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  if (shouldEncryptData()) {
    synchronized (this) {
      if (encryptionKey == null ||
          encryptionKey.expiryDate < Time.now()) {
        LOG.debug("Getting new encryption token from NN");
        encryptionKey = namenode.getDataEncryptionKey();
      }
      return encryptionKey;
    }
  } else {
    return null;
  }
}
 
Example #20
Source File: ClientNamenodeProtocolTranslatorPB.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  try {
    GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey(
        null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST);
   return rsp.hasDataEncryptionKey() ? 
        PBHelper.convert(rsp.getDataEncryptionKey()) : null;
  } catch (ServiceException e) {
    throw ProtobufHelper.getRemoteException(e);
  }
}
 
Example #21
Source File: ProxyClientProtocolHandler.java    From nnproxy with Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
    return router.getRoot().upstream.getDataEncryptionKey();
}
 
Example #22
Source File: NameNodeRpcServer.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  checkNNStartup();
  return namesystem.getBlockManager().generateDataEncryptionKey();
}
 
Example #23
Source File: NamenodeFsck.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  return namenode.getRpcServer().getDataEncryptionKey();
}
 
Example #24
Source File: SaslDataTransferClient.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Sends client SASL negotiation if required.  Determines the correct type of
 * SASL handshake based on configuration.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (encryptionKey != null) {
    LOG.debug(
      "SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getEncryptedStreams(underlyingOut, underlyingIn,
      encryptionKey);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL client skipping handshake in unsecured configuration for "
      + "addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "unsecured cluster for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (saslPropsResolver != null) {
    LOG.debug(
      "SASL client doing general handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getSaslStreams(addr, underlyingOut, underlyingIn, accessToken,
      datanodeId);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL client skipping handshake in secured configuration with no SASL "
      + "protection configured for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return null;
  }
}
 
Example #25
Source File: FanOutOneBlockAsyncDFSOutputSaslHelper.java    From hbase with Apache License 2.0 4 votes vote down vote up
private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {
  return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER
      + Base64.getEncoder().encodeToString(encryptionKey.nonce);
}
 
Example #26
Source File: SaslDataTransferClient.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Sends client SASL negotiation if required.  Determines the correct type of
 * SASL handshake based on configuration.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (encryptionKey != null) {
    LOG.debug(
      "SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getEncryptedStreams(underlyingOut, underlyingIn,
      encryptionKey);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL client skipping handshake in unsecured configuration for "
      + "addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "unsecured cluster for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (saslPropsResolver != null) {
    LOG.debug(
      "SASL client doing general handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getSaslStreams(addr, underlyingOut, underlyingIn, accessToken,
      datanodeId);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL client skipping handshake in secured configuration with no SASL "
      + "protection configured for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return null;
  }
}
 
Example #27
Source File: NamenodeFsck.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey newDataEncryptionKey() throws IOException {
  return namenode.getRpcServer().getDataEncryptionKey();
}
 
Example #28
Source File: NameNodeRpcServer.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public DataEncryptionKey getDataEncryptionKey() throws IOException {
  checkNNStartup();
  return namesystem.getBlockManager().generateDataEncryptionKey();
}
 
Example #29
Source File: FanOutOneBlockAsyncDFSOutputSaslHelper.java    From hbase with Apache License 2.0 4 votes vote down vote up
static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,
    int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,
    Promise<Void> saslPromise) throws IOException {
  SaslDataTransferClient saslClient = client.getSaslDataTransferClient();
  SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);
  TrustedChannelResolver trustedChannelResolver =
      SASL_ADAPTOR.getTrustedChannelResolver(saslClient);
  AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);
  InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
  if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {
    saslPromise.trySuccess(null);
    return;
  }
  DataEncryptionKey encryptionKey = client.newDataEncryptionKey();
  if (encryptionKey != null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug(
        "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),
      encryptionKeyToPassword(encryptionKey.encryptionKey),
      createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,
        client);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr
          + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (dnInfo.getXferPort() < 1024) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with "
          + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with "
          + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  } else if (saslPropsResolver != null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug(
        "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),
      buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,
        client);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL. The only way this can
    // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare
    // edge case.
    if (LOG.isDebugEnabled()) {
      LOG.debug("SASL client skipping handshake in secured configuration with no SASL "
          + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);
    }
    saslPromise.trySuccess(null);
  }
}
 
Example #30
Source File: SaslDataTransferClient.java    From hadoop with Apache License 2.0 3 votes vote down vote up
/**
 * Sends client SASL negotiation for a newly allocated socket if required.
 *
 * @param socket connection socket
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKeyFactory for creation of an encryption key
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
public IOStreamPair newSocketSend(Socket socket, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  // The encryption key factory only returns a key if encryption is enabled.
  DataEncryptionKey encryptionKey = !trustedChannelResolver.isTrusted() ?
    encryptionKeyFactory.newDataEncryptionKey() : null;
  IOStreamPair ios = send(socket.getInetAddress(), underlyingOut,
    underlyingIn, encryptionKey, accessToken, datanodeId);
  return ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut);
}