Java Code Examples for org.apache.hadoop.crypto.key.kms.KMSClientProvider#checkNotEmpty()

The following examples show how to use org.apache.hadoop.crypto.key.kms.KMSClientProvider#checkNotEmpty() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 
Example 2
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 3
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 4
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 5
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 6
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 
Example 7
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 8
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 9
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 10
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example 11
Source File: KMS.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("rawtypes")
@POST
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}/" +
    KMSRESTConstants.EEK_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response decryptEncryptedKey(
    @PathParam("versionName") final String versionName,
    @QueryParam(KMSRESTConstants.EEK_OP) String eekOp,
    Map jsonPayload)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSClientProvider.checkNotNull(eekOp, "eekOp");

  final String keyName = (String) jsonPayload.get(
      KMSRESTConstants.NAME_FIELD);
  String ivStr = (String) jsonPayload.get(KMSRESTConstants.IV_FIELD);
  String encMaterialStr = 
      (String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD);
  Object retJSON;
  if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) {
    assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName);
    KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD);
    final byte[] iv = Base64.decodeBase64(ivStr);
    KMSClientProvider.checkNotNull(encMaterialStr,
        KMSRESTConstants.MATERIAL_FIELD);
    final byte[] encMaterial = Base64.decodeBase64(encMaterialStr);

    KeyProvider.KeyVersion retKeyVersion = user.doAs(
        new PrivilegedExceptionAction<KeyVersion>() {
          @Override
          public KeyVersion run() throws Exception {
            return provider.decryptEncryptedKey(
                new KMSClientProvider.KMSEncryptedKeyVersion(keyName,
                    versionName, iv, KeyProviderCryptoExtension.EEK,
                    encMaterial)
            );
          }
        }
    );

    retJSON = KMSServerJSONUtils.toJSON(retKeyVersion);
    kmsAudit.ok(user, KMSOp.DECRYPT_EEK, keyName, "");
  } else {
    throw new IllegalArgumentException("Wrong " + KMSRESTConstants.EEK_OP +
        " value, it must be " + KMSRESTConstants.EEK_GENERATE + " or " +
        KMSRESTConstants.EEK_DECRYPT);
  }
  KMSWebApp.getDecryptEEKCallsMeter().mark();
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON)
      .build();
}
 
Example 12
Source File: KMS.java    From big-c with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("rawtypes")
@POST
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}/" +
    KMSRESTConstants.EEK_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response decryptEncryptedKey(
    @PathParam("versionName") final String versionName,
    @QueryParam(KMSRESTConstants.EEK_OP) String eekOp,
    Map jsonPayload)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSClientProvider.checkNotNull(eekOp, "eekOp");

  final String keyName = (String) jsonPayload.get(
      KMSRESTConstants.NAME_FIELD);
  String ivStr = (String) jsonPayload.get(KMSRESTConstants.IV_FIELD);
  String encMaterialStr = 
      (String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD);
  Object retJSON;
  if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) {
    assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName);
    KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD);
    final byte[] iv = Base64.decodeBase64(ivStr);
    KMSClientProvider.checkNotNull(encMaterialStr,
        KMSRESTConstants.MATERIAL_FIELD);
    final byte[] encMaterial = Base64.decodeBase64(encMaterialStr);

    KeyProvider.KeyVersion retKeyVersion = user.doAs(
        new PrivilegedExceptionAction<KeyVersion>() {
          @Override
          public KeyVersion run() throws Exception {
            return provider.decryptEncryptedKey(
                new KMSClientProvider.KMSEncryptedKeyVersion(keyName,
                    versionName, iv, KeyProviderCryptoExtension.EEK,
                    encMaterial)
            );
          }
        }
    );

    retJSON = KMSServerJSONUtils.toJSON(retKeyVersion);
    kmsAudit.ok(user, KMSOp.DECRYPT_EEK, keyName, "");
  } else {
    throw new IllegalArgumentException("Wrong " + KMSRESTConstants.EEK_OP +
        " value, it must be " + KMSRESTConstants.EEK_GENERATE + " or " +
        KMSRESTConstants.EEK_DECRYPT);
  }
  KMSWebApp.getDecryptEEKCallsMeter().mark();
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON)
      .build();
}