Java Code Examples for org.apache.hadoop.crypto.key.kms.KMSClientProvider#checkNotEmpty()
The following examples show how to use
org.apache.hadoop.crypto.key.kms.KMSClientProvider#checkNotEmpty() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
@DELETE @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}") public Response deleteKey(@PathParam("name") final String name) throws Exception { KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name); KMSClientProvider.checkNotEmpty(name, "name"); user.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { provider.deleteKey(name); provider.flush(); return null; } }); kmsAudit.ok(user, KMSOp.DELETE_KEY, name, ""); return Response.ok().build(); }
Example 2
Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.METADATA_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getMetadata(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getAdminCallsMeter().mark(); assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name); KeyProvider.Metadata metadata = user.doAs( new PrivilegedExceptionAction<KeyProvider.Metadata>() { @Override public KeyProvider.Metadata run() throws Exception { return provider.getMetadata(name); } } ); Object json = KMSServerJSONUtils.toJSON(name, metadata); kmsAudit.ok(user, KMSOp.GET_METADATA, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 3
Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getCurrentVersion(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name); KeyVersion keyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.getCurrentKey(name); } } ); Object json = KMSServerJSONUtils.toJSON(keyVersion); kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 4
Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}") @Produces(MediaType.APPLICATION_JSON) public Response getKeyVersion( @PathParam("versionName") final String versionName) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(versionName, "versionName"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION); KeyVersion keyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.getKeyVersion(versionName); } } ); if (keyVersion != null) { kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), ""); } Object json = KMSServerJSONUtils.toJSON(keyVersion); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 5
Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.VERSIONS_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getKeyVersions(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name); List<KeyVersion> ret = user.doAs( new PrivilegedExceptionAction<List<KeyVersion>>() { @Override public List<KeyVersion> run() throws Exception { return provider.getKeyVersions(name); } } ); Object json = KMSServerJSONUtils.toJSON(ret); kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 6
Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
@DELETE @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}") public Response deleteKey(@PathParam("name") final String name) throws Exception { KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name); KMSClientProvider.checkNotEmpty(name, "name"); user.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { provider.deleteKey(name); provider.flush(); return null; } }); kmsAudit.ok(user, KMSOp.DELETE_KEY, name, ""); return Response.ok().build(); }
Example 7
Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.METADATA_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getMetadata(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getAdminCallsMeter().mark(); assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name); KeyProvider.Metadata metadata = user.doAs( new PrivilegedExceptionAction<KeyProvider.Metadata>() { @Override public KeyProvider.Metadata run() throws Exception { return provider.getMetadata(name); } } ); Object json = KMSServerJSONUtils.toJSON(name, metadata); kmsAudit.ok(user, KMSOp.GET_METADATA, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 8
Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getCurrentVersion(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name); KeyVersion keyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.getCurrentKey(name); } } ); Object json = KMSServerJSONUtils.toJSON(keyVersion); kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 9
Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}") @Produces(MediaType.APPLICATION_JSON) public Response getKeyVersion( @PathParam("versionName") final String versionName) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(versionName, "versionName"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION); KeyVersion keyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.getKeyVersion(versionName); } } ); if (keyVersion != null) { kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), ""); } Object json = KMSServerJSONUtils.toJSON(keyVersion); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 10
Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
@GET @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.VERSIONS_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getKeyVersions(@PathParam("name") final String name) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name); List<KeyVersion> ret = user.doAs( new PrivilegedExceptionAction<List<KeyVersion>>() { @Override public List<KeyVersion> run() throws Exception { return provider.getKeyVersions(name); } } ); Object json = KMSServerJSONUtils.toJSON(ret); kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); }
Example 11
Source File: KMS.java From hadoop with Apache License 2.0 | 4 votes |
@SuppressWarnings("rawtypes") @POST @Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}/" + KMSRESTConstants.EEK_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response decryptEncryptedKey( @PathParam("versionName") final String versionName, @QueryParam(KMSRESTConstants.EEK_OP) String eekOp, Map jsonPayload) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(versionName, "versionName"); KMSClientProvider.checkNotNull(eekOp, "eekOp"); final String keyName = (String) jsonPayload.get( KMSRESTConstants.NAME_FIELD); String ivStr = (String) jsonPayload.get(KMSRESTConstants.IV_FIELD); String encMaterialStr = (String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD); Object retJSON; if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) { assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName); KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD); final byte[] iv = Base64.decodeBase64(ivStr); KMSClientProvider.checkNotNull(encMaterialStr, KMSRESTConstants.MATERIAL_FIELD); final byte[] encMaterial = Base64.decodeBase64(encMaterialStr); KeyProvider.KeyVersion retKeyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.decryptEncryptedKey( new KMSClientProvider.KMSEncryptedKeyVersion(keyName, versionName, iv, KeyProviderCryptoExtension.EEK, encMaterial) ); } } ); retJSON = KMSServerJSONUtils.toJSON(retKeyVersion); kmsAudit.ok(user, KMSOp.DECRYPT_EEK, keyName, ""); } else { throw new IllegalArgumentException("Wrong " + KMSRESTConstants.EEK_OP + " value, it must be " + KMSRESTConstants.EEK_GENERATE + " or " + KMSRESTConstants.EEK_DECRYPT); } KMSWebApp.getDecryptEEKCallsMeter().mark(); return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON) .build(); }
Example 12
Source File: KMS.java From big-c with Apache License 2.0 | 4 votes |
@SuppressWarnings("rawtypes") @POST @Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}/" + KMSRESTConstants.EEK_SUB_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response decryptEncryptedKey( @PathParam("versionName") final String versionName, @QueryParam(KMSRESTConstants.EEK_OP) String eekOp, Map jsonPayload) throws Exception { UserGroupInformation user = HttpUserGroupInformation.get(); KMSClientProvider.checkNotEmpty(versionName, "versionName"); KMSClientProvider.checkNotNull(eekOp, "eekOp"); final String keyName = (String) jsonPayload.get( KMSRESTConstants.NAME_FIELD); String ivStr = (String) jsonPayload.get(KMSRESTConstants.IV_FIELD); String encMaterialStr = (String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD); Object retJSON; if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) { assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName); KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD); final byte[] iv = Base64.decodeBase64(ivStr); KMSClientProvider.checkNotNull(encMaterialStr, KMSRESTConstants.MATERIAL_FIELD); final byte[] encMaterial = Base64.decodeBase64(encMaterialStr); KeyProvider.KeyVersion retKeyVersion = user.doAs( new PrivilegedExceptionAction<KeyVersion>() { @Override public KeyVersion run() throws Exception { return provider.decryptEncryptedKey( new KMSClientProvider.KMSEncryptedKeyVersion(keyName, versionName, iv, KeyProviderCryptoExtension.EEK, encMaterial) ); } } ); retJSON = KMSServerJSONUtils.toJSON(retKeyVersion); kmsAudit.ok(user, KMSOp.DECRYPT_EEK, keyName, ""); } else { throw new IllegalArgumentException("Wrong " + KMSRESTConstants.EEK_OP + " value, it must be " + KMSRESTConstants.EEK_GENERATE + " or " + KMSRESTConstants.EEK_DECRYPT); } KMSWebApp.getDecryptEEKCallsMeter().mark(); return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON) .build(); }