From 021ae471153ce2566924b0f6d29809669074c06d Mon Sep 17 00:00:00 2001 From: Alejandro Abdelnur Date: Fri, 8 Aug 2014 23:10:11 +0000 Subject: [PATCH] HADOOP-10862. Miscellaneous trivial corrections to KMS classes. (asuresh via tucu) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616903 13f79535-47bb-0310-9956-ffa450edef68 --- .../hadoop-common/CHANGES.txt | 3 + .../crypto/key/kms/KMSClientProvider.java | 4 +- .../crypto/key/kms/KMSRESTConstants.java | 2 +- .../hadoop/crypto/key/kms/server/KMS.java | 80 +++++++++---------- .../crypto/key/kms/server/KMSAudit.java | 25 +++--- .../key/kms/server/KMSConfiguration.java | 2 + .../crypto/key/kms/server/KMSJMXServlet.java | 3 + .../crypto/key/kms/server/TestKMSAudit.java | 35 ++++---- 8 files changed, 79 insertions(+), 75 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 84a35228e9..104f2b7728 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -421,6 +421,9 @@ Trunk (Unreleased) HADOOP-10939. Fix TestKeyProviderFactory testcases to use default 128 bit length keys. (Arun Suresh via wang) + HADOOP-10862. Miscellaneous trivial corrections to KMS classes. + (asuresh via tucu) + OPTIMIZATIONS HADOOP-7761. Improve the performance of raw comparisons. (todd) diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index c5624ee1c4..cf5b11315f 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -512,7 +512,7 @@ private List createKeySets(String[] keyNames) { List batch = new ArrayList(); int batchLen = 0; for (String name : keyNames) { - int additionalLen = KMSRESTConstants.KEY_OP.length() + 1 + name.length(); + int additionalLen = KMSRESTConstants.KEY.length() + 1 + name.length(); batchLen += additionalLen; // topping at 1500 to account for initial URL and encoded names if (batchLen > 1500) { @@ -536,7 +536,7 @@ public Metadata[] getKeysMetadata(String ... keyNames) throws IOException { for (String[] keySet : keySets) { if (keyNames.length > 0) { Map queryStr = new HashMap(); - queryStr.put(KMSRESTConstants.KEY_OP, keySet); + queryStr.put(KMSRESTConstants.KEY, keySet); URL url = createURL(KMSRESTConstants.KEYS_METADATA_RESOURCE, null, null, queryStr); HttpURLConnection conn = createConnection(url, HTTP_GET); diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSRESTConstants.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSRESTConstants.java index b949ab91b5..b7d7898735 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSRESTConstants.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSRESTConstants.java @@ -37,7 +37,7 @@ public class KMSRESTConstants { public static final String EEK_SUB_RESOURCE = "_eek"; public static final String CURRENT_VERSION_SUB_RESOURCE = "_currentversion"; - public static final String KEY_OP = "key"; + public static final String KEY = "key"; public static final String EEK_OP = "eek_op"; public static final String EEK_GENERATE = "generate"; public static final String EEK_DECRYPT = "decrypt"; diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java index 9c4e794092..08cb91f650 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java @@ -47,7 +47,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.security.Principal; -import java.text.MessageFormat; import java.util.ArrayList; import java.util.LinkedList; import java.util.List; @@ -59,19 +58,14 @@ @Path(KMSRESTConstants.SERVICE_VERSION) @InterfaceAudience.Private public class KMS { - public static final String CREATE_KEY = "CREATE_KEY"; - public static final String DELETE_KEY = "DELETE_KEY"; - public static final String ROLL_NEW_VERSION = "ROLL_NEW_VERSION"; - public static final String GET_KEYS = "GET_KEYS"; - public static final String GET_KEYS_METADATA = "GET_KEYS_METADATA"; - public static final String GET_KEY_VERSIONS = "GET_KEY_VERSIONS"; - public static final String GET_METADATA = "GET_METADATA"; - public static final String GET_KEY_VERSION = "GET_KEY_VERSION"; - public static final String GET_CURRENT_KEY = "GET_CURRENT_KEY"; - public static final String GENERATE_EEK = "GENERATE_EEK"; - public static final String DECRYPT_EEK = "DECRYPT_EEK"; - + public static enum KMSOp { + CREATE_KEY, DELETE_KEY, ROLL_NEW_VERSION, + GET_KEYS, GET_KEYS_METADATA, + GET_KEY_VERSIONS, GET_METADATA, GET_KEY_VERSION, GET_CURRENT_KEY, + GENERATE_EEK, DECRYPT_EEK + } + private KeyProviderCryptoExtension provider; private KMSAudit kmsAudit; @@ -91,22 +85,22 @@ private static Principal getPrincipal(SecurityContext securityContext) private static final String UNAUTHORIZED_MSG_WITH_KEY = - "User:{0} not allowed to do ''{1}'' on ''{2}''"; + "User:%s not allowed to do '%s' on '%s'"; private static final String UNAUTHORIZED_MSG_WITHOUT_KEY = - "User:{0} not allowed to do ''{1}''"; + "User:%s not allowed to do '%s'"; private void assertAccess(KMSACLs.Type aclType, Principal principal, - String operation) throws AccessControlException { + KMSOp operation) throws AccessControlException { assertAccess(aclType, principal, operation, null); } private void assertAccess(KMSACLs.Type aclType, Principal principal, - String operation, String key) throws AccessControlException { + KMSOp operation, String key) throws AccessControlException { if (!KMSWebApp.getACLs().hasAccess(aclType, principal.getName())) { KMSWebApp.getUnauthorizedCallsMeter().mark(); kmsAudit.unauthorized(principal, operation, key); - throw new AuthorizationException(MessageFormat.format( + throw new AuthorizationException(String.format( (key != null) ? UNAUTHORIZED_MSG_WITH_KEY : UNAUTHORIZED_MSG_WITHOUT_KEY, principal.getName(), operation, key)); @@ -135,7 +129,7 @@ public Response createKey(@Context SecurityContext securityContext, Principal user = getPrincipal(securityContext); String name = (String) jsonKey.get(KMSRESTConstants.NAME_FIELD); KMSClientProvider.checkNotEmpty(name, KMSRESTConstants.NAME_FIELD); - assertAccess(KMSACLs.Type.CREATE, user, CREATE_KEY, name); + assertAccess(KMSACLs.Type.CREATE, user, KMSOp.CREATE_KEY, name); String cipher = (String) jsonKey.get(KMSRESTConstants.CIPHER_FIELD); String material = (String) jsonKey.get(KMSRESTConstants.MATERIAL_FIELD); int length = (jsonKey.containsKey(KMSRESTConstants.LENGTH_FIELD)) @@ -146,7 +140,7 @@ public Response createKey(@Context SecurityContext securityContext, jsonKey.get(KMSRESTConstants.ATTRIBUTES_FIELD); if (material != null) { assertAccess(KMSACLs.Type.SET_KEY_MATERIAL, user, - CREATE_KEY + " with user provided material", name); + KMSOp.CREATE_KEY, name); } KeyProvider.Options options = new KeyProvider.Options( KMSWebApp.getConfiguration()); @@ -165,7 +159,7 @@ public Response createKey(@Context SecurityContext securityContext, provider.flush(); - kmsAudit.ok(user, CREATE_KEY, name, "UserProvidedMaterial:" + + kmsAudit.ok(user, KMSOp.CREATE_KEY, name, "UserProvidedMaterial:" + (material != null) + " Description:" + description); if (!KMSWebApp.getACLs().hasAccess(KMSACLs.Type.GET, user.getName())) { @@ -186,12 +180,12 @@ public Response deleteKey(@Context SecurityContext securityContext, @PathParam("name") String name) throws Exception { KMSWebApp.getAdminCallsMeter().mark(); Principal user = getPrincipal(securityContext); - assertAccess(KMSACLs.Type.DELETE, user, DELETE_KEY, name); + assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name); KMSClientProvider.checkNotEmpty(name, "name"); provider.deleteKey(name); provider.flush(); - kmsAudit.ok(user, DELETE_KEY, name, ""); + kmsAudit.ok(user, KMSOp.DELETE_KEY, name, ""); return Response.ok().build(); } @@ -205,13 +199,13 @@ public Response rolloverKey(@Context SecurityContext securityContext, throws Exception { KMSWebApp.getAdminCallsMeter().mark(); Principal user = getPrincipal(securityContext); - assertAccess(KMSACLs.Type.ROLLOVER, user, ROLL_NEW_VERSION, name); + assertAccess(KMSACLs.Type.ROLLOVER, user, KMSOp.ROLL_NEW_VERSION, name); KMSClientProvider.checkNotEmpty(name, "name"); String material = (String) jsonMaterial.get(KMSRESTConstants.MATERIAL_FIELD); if (material != null) { assertAccess(KMSACLs.Type.SET_KEY_MATERIAL, user, - ROLL_NEW_VERSION + " with user provided material", name); + KMSOp.ROLL_NEW_VERSION, name); } KeyProvider.KeyVersion keyVersion = (material != null) ? provider.rollNewVersion(name, Base64.decodeBase64(material)) @@ -219,7 +213,7 @@ public Response rolloverKey(@Context SecurityContext securityContext, provider.flush(); - kmsAudit.ok(user, ROLL_NEW_VERSION, name, "UserProvidedMaterial:" + + kmsAudit.ok(user, KMSOp.ROLL_NEW_VERSION, name, "UserProvidedMaterial:" + (material != null) + " NewVersion:" + keyVersion.getVersionName()); if (!KMSWebApp.getACLs().hasAccess(KMSACLs.Type.GET, user.getName())) { @@ -233,15 +227,15 @@ public Response rolloverKey(@Context SecurityContext securityContext, @Path(KMSRESTConstants.KEYS_METADATA_RESOURCE) @Produces(MediaType.APPLICATION_JSON) public Response getKeysMetadata(@Context SecurityContext securityContext, - @QueryParam(KMSRESTConstants.KEY_OP) List keyNamesList) + @QueryParam(KMSRESTConstants.KEY) List keyNamesList) throws Exception { KMSWebApp.getAdminCallsMeter().mark(); Principal user = getPrincipal(securityContext); String[] keyNames = keyNamesList.toArray(new String[keyNamesList.size()]); - assertAccess(KMSACLs.Type.GET_METADATA, user, GET_KEYS_METADATA); + assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA); KeyProvider.Metadata[] keysMeta = provider.getKeysMetadata(keyNames); Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta); - kmsAudit.ok(user, GET_KEYS_METADATA, ""); + kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); } @@ -252,9 +246,9 @@ public Response getKeyNames(@Context SecurityContext securityContext) throws Exception { KMSWebApp.getAdminCallsMeter().mark(); Principal user = getPrincipal(securityContext); - assertAccess(KMSACLs.Type.GET_KEYS, user, GET_KEYS); + assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS); Object json = provider.getKeys(); - kmsAudit.ok(user, GET_KEYS, ""); + kmsAudit.ok(user, KMSOp.GET_KEYS, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); } @@ -276,9 +270,9 @@ public Response getMetadata(@Context SecurityContext securityContext, Principal user = getPrincipal(securityContext); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getAdminCallsMeter().mark(); - assertAccess(KMSACLs.Type.GET_METADATA, user, GET_METADATA, name); + assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name); Object json = KMSServerJSONUtils.toJSON(name, provider.getMetadata(name)); - kmsAudit.ok(user, GET_METADATA, name, ""); + kmsAudit.ok(user, KMSOp.GET_METADATA, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); } @@ -292,9 +286,9 @@ public Response getCurrentVersion(@Context SecurityContext securityContext, Principal user = getPrincipal(securityContext); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); - assertAccess(KMSACLs.Type.GET, user, GET_CURRENT_KEY, name); + assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name); Object json = KMSServerJSONUtils.toJSON(provider.getCurrentKey(name)); - kmsAudit.ok(user, GET_CURRENT_KEY, name, ""); + kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); } @@ -308,9 +302,9 @@ public Response getKeyVersion(@Context SecurityContext securityContext, KMSClientProvider.checkNotEmpty(versionName, "versionName"); KMSWebApp.getKeyCallsMeter().mark(); KeyVersion keyVersion = provider.getKeyVersion(versionName); - assertAccess(KMSACLs.Type.GET, user, GET_KEY_VERSION); + assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION); if (keyVersion != null) { - kmsAudit.ok(user, GET_KEY_VERSION, keyVersion.getName(), ""); + kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), ""); } Object json = KMSServerJSONUtils.toJSON(keyVersion); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); @@ -334,7 +328,7 @@ public Response generateEncryptedKeys( Object retJSON; if (edekOp.equals(KMSRESTConstants.EEK_GENERATE)) { - assertAccess(KMSACLs.Type.GENERATE_EEK, user, GENERATE_EEK, name); + assertAccess(KMSACLs.Type.GENERATE_EEK, user, KMSOp.GENERATE_EEK, name); List retEdeks = new LinkedList(); @@ -345,7 +339,7 @@ public Response generateEncryptedKeys( } catch (Exception e) { throw new IOException(e); } - kmsAudit.ok(user, GENERATE_EEK, name, ""); + kmsAudit.ok(user, KMSOp.GENERATE_EEK, name, ""); retJSON = new ArrayList(); for (EncryptedKeyVersion edek : retEdeks) { ((ArrayList)retJSON).add(KMSServerJSONUtils.toJSON(edek)); @@ -380,7 +374,7 @@ public Response decryptEncryptedKey(@Context SecurityContext securityContext, (String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD); Object retJSON; if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) { - assertAccess(KMSACLs.Type.DECRYPT_EEK, user, DECRYPT_EEK, keyName); + assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName); KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD); byte[] iv = Base64.decodeBase64(ivStr); KMSClientProvider.checkNotNull(encMaterialStr, @@ -391,7 +385,7 @@ public Response decryptEncryptedKey(@Context SecurityContext securityContext, new KMSClientProvider.KMSEncryptedKeyVersion(keyName, versionName, iv, KeyProviderCryptoExtension.EEK, encMaterial)); retJSON = KMSServerJSONUtils.toJSON(retKeyVersion); - kmsAudit.ok(user, DECRYPT_EEK, keyName, ""); + kmsAudit.ok(user, KMSOp.DECRYPT_EEK, keyName, ""); } else { throw new IllegalArgumentException("Wrong " + KMSRESTConstants.EEK_OP + " value, it must be " + KMSRESTConstants.EEK_GENERATE + " or " + @@ -412,9 +406,9 @@ public Response getKeyVersions(@Context SecurityContext securityContext, Principal user = getPrincipal(securityContext); KMSClientProvider.checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark(); - assertAccess(KMSACLs.Type.GET, user, GET_KEY_VERSIONS, name); + assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name); Object json = KMSServerJSONUtils.toJSON(provider.getKeyVersions(name)); - kmsAudit.ok(user, GET_KEY_VERSIONS, name, ""); + kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, ""); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build(); } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java index 3d387eb354..30d340d785 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java @@ -50,11 +50,11 @@ private static class AuditEvent { private final AtomicLong accessCount = new AtomicLong(-1); private final String keyName; private final String user; - private final String op; + private final KMS.KMSOp op; private final String extraMsg; private final long startTime = System.currentTimeMillis(); - private AuditEvent(String keyName, String user, String op, String msg) { + private AuditEvent(String keyName, String user, KMS.KMSOp op, String msg) { this.keyName = keyName; this.user = user; this.op = op; @@ -77,7 +77,7 @@ public String getUser() { return user; } - public String getOp() { + public KMS.KMSOp getOp() { return op; } @@ -90,8 +90,9 @@ public static enum OpStatus { OK, UNAUTHORIZED, UNAUTHENTICATED, ERROR; } - private static Set AGGREGATE_OPS_WHITELIST = Sets.newHashSet( - KMS.GET_KEY_VERSION, KMS.GET_CURRENT_KEY, KMS.DECRYPT_EEK, KMS.GENERATE_EEK + private static Set AGGREGATE_OPS_WHITELIST = Sets.newHashSet( + KMS.KMSOp.GET_KEY_VERSION, KMS.KMSOp.GET_CURRENT_KEY, + KMS.KMSOp.DECRYPT_EEK, KMS.KMSOp.GENERATE_EEK ); private Cache cache; @@ -137,10 +138,10 @@ private void logEvent(AuditEvent event) { event.getExtraMsg()); } - private void op(OpStatus opStatus, final String op, final String user, + private void op(OpStatus opStatus, final KMS.KMSOp op, final String user, final String key, final String extraMsg) { if (!Strings.isNullOrEmpty(user) && !Strings.isNullOrEmpty(key) - && !Strings.isNullOrEmpty(op) + && (op != null) && AGGREGATE_OPS_WHITELIST.contains(op)) { String cacheKey = createCacheKey(user, key, op); if (opStatus == OpStatus.UNAUTHORIZED) { @@ -167,7 +168,7 @@ public AuditEvent call() throws Exception { } } else { List kvs = new LinkedList(); - if (!Strings.isNullOrEmpty(op)) { + if (op != null) { kvs.add("op=" + op); } if (!Strings.isNullOrEmpty(key)) { @@ -185,16 +186,16 @@ public AuditEvent call() throws Exception { } } - public void ok(Principal user, String op, String key, + public void ok(Principal user, KMS.KMSOp op, String key, String extraMsg) { op(OpStatus.OK, op, user.getName(), key, extraMsg); } - public void ok(Principal user, String op, String extraMsg) { + public void ok(Principal user, KMS.KMSOp op, String extraMsg) { op(OpStatus.OK, op, user.getName(), null, extraMsg); } - public void unauthorized(Principal user, String op, String key) { + public void unauthorized(Principal user, KMS.KMSOp op, String key) { op(OpStatus.UNAUTHORIZED, op, user.getName(), key, ""); } @@ -211,7 +212,7 @@ public void unauthenticated(String remoteHost, String method, + " URL:" + url + " ErrorMsg:'" + extraMsg + "'"); } - private static String createCacheKey(String user, String key, String op) { + private static String createCacheKey(String user, String key, KMS.KMSOp op) { return user + "#" + key + "#" + op; } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java index 30d742e7fe..35dccfc489 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.crypto.key.kms.server; +import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; import java.io.File; @@ -26,6 +27,7 @@ /** * Utility class to load KMS configuration files. */ +@InterfaceAudience.Private public class KMSConfiguration { public static final String KMS_CONFIG_DIR = "kms.config.dir"; diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java index c8556af193..6918015a90 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java @@ -17,12 +17,15 @@ */ package org.apache.hadoop.crypto.key.kms.server; +import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.jmx.JMXJsonServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import java.io.IOException; +@InterfaceAudience.Private public class KMSJMXServlet extends JMXJsonServlet { @Override diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java index b5d9a36d19..857884d4e1 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java @@ -23,6 +23,7 @@ import java.io.PrintStream; import java.security.Principal; +import org.apache.hadoop.crypto.key.kms.server.KMS.KMSOp; import org.apache.log4j.LogManager; import org.apache.log4j.PropertyConfigurator; import org.junit.After; @@ -82,16 +83,16 @@ private String getAndResetLogOutput() { public void testAggregation() throws Exception { Principal luser = Mockito.mock(Principal.class); Mockito.when(luser.getName()).thenReturn("luser"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DELETE_KEY, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.ROLL_NEW_VERSION, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DELETE_KEY, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.ROLL_NEW_VERSION, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); Thread.sleep(1500); - kmsAudit.ok(luser, KMS.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); Thread.sleep(1500); String out = getAndResetLogOutput(); System.out.println(out); @@ -110,15 +111,15 @@ public void testAggregation() throws Exception { public void testAggregationUnauth() throws Exception { Principal luser = Mockito.mock(Principal.class); Mockito.when(luser.getName()).thenReturn("luser"); - kmsAudit.unauthorized(luser, KMS.GENERATE_EEK, "k2"); + kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k2"); Thread.sleep(1000); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); - kmsAudit.unauthorized(luser, KMS.GENERATE_EEK, "k3"); - kmsAudit.ok(luser, KMS.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k3"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); Thread.sleep(2000); String out = getAndResetLogOutput(); System.out.println(out);