HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.

2018-12-19 14:40:26 -08:00 · 2018-12-19 14:40:26 -08:00 · 2b115222cd
commit 2b115222cd
parent f894d86b2f
6 changed files with 4 additions and 48 deletions
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
@ -21,7 +21,6 @@

 import com.google.common.base.Preconditions;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.ozone.OzoneConfigKeys;
 import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
@ -95,7 +94,6 @@ public class SecurityConfig {
  private final Duration certDuration;
  private final String x509SignatureAlgo;
  private final Boolean grpcBlockTokenEnabled;
-  private final int getMaxKeyLength;
  private final String certificateDir;
  private final String certificateFileName;
  private final Boolean grpcTlsEnabled;
@ -112,9 +110,6 @@ public class SecurityConfig {
  public SecurityConfig(Configuration configuration) {
    Preconditions.checkNotNull(configuration, "Configuration cannot be null");
    this.configuration = configuration;
-    this.getMaxKeyLength = configuration.getInt(
-        OzoneConfigKeys.OZONE_MAX_KEY_LEN,
-        OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
    this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
    this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
        HDDS_DEFAULT_KEY_ALGORITHM);
@ -421,8 +416,4 @@ private Provider initSecurityProvider(String providerName) {
      throw new SecurityException("Unknown security provider:" + provider);
    }
  }
-
-  public int getMaxKeyLength() {
-    return this.getMaxKeyLength;
-  }
 }
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
  public static final String OZONE_CONTAINER_COPY_WORKDIR =
      "hdds.datanode.replication.work.dir";

-  public static final String OZONE_MAX_KEY_LEN =
-      "ozone.max.key.len";
-  public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
-
  /**
   * Config properties to set client side checksum properties.
   */
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@ -992,15 +992,6 @@
      the logs. Very useful when debugging REST protocol.
    </description>
  </property>
-  <property>
-    <name>ozone.max.key.len</name>
-    <value>1048576</value>
-    <tag>OZONE, SECURITY</tag>
-    <description>
-      Maximum length of private key in Ozone. Used in Ozone delegation and
-      block tokens.
-    </description>
-  </property>

  <!--Client Settings-->
  <property>
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java
@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
  private long expiryDate;
  private PrivateKey privateKey;
  private PublicKey publicKey;
-  private int maxKeyLen;
  private SecurityConfig securityConfig;

-  public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
-      int maxKeyLen) {
+  public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
    Preconditions.checkNotNull(keyId);
    this.keyId = keyId;
    this.expiryDate = expiryDate;
-    byte[] encodedKey = keyPair.getPrivate().getEncoded();
-    this.maxKeyLen = maxKeyLen;
-    if (encodedKey.length > maxKeyLen) {
-      throw new RuntimeException("can't create " + encodedKey.length +
-          " byte long DelegationKey.");
-    }
    this.privateKey = keyPair.getPrivate();
    this.publicKey = keyPair.getPublic();
  }
@ -70,18 +62,13 @@ public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
   * Create new instance using default signature algorithm and provider.
   * */
  public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
-      byte[] publicKey, int maxKeyLen) {
+      byte[] publicKey) {
    Preconditions.checkNotNull(pvtKey);
    Preconditions.checkNotNull(publicKey);

    this.securityConfig = new SecurityConfig(new OzoneConfiguration());
    this.keyId = keyId;
    this.expiryDate = expiryDate;
-    this.maxKeyLen = maxKeyLen;
-    if (pvtKey.length > maxKeyLen) {
-      throw new RuntimeException("can't create " + pvtKey.length +
-          " byte long DelegationKey. Max allowed length is " + maxKeyLen);
-    }
    this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
    this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
  }
@ -102,10 +89,6 @@ public PublicKey getPublicKey() {
    return publicKey;
  }

-  public int getMaxKeyLen() {
-    return maxKeyLen;
-  }
-
  public byte[] getEncodedPrivateKey() {
    return privateKey.getEncoded();
  }
@ -125,7 +108,6 @@ public void write(DataOutput out) throws IOException {
        .setExpiryDate(getExpiryDate())
        .setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
        .setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
-        .setMaxKeyLen(getMaxKeyLen())
        .build();
    out.write(token.toByteArray());
  }
@ -139,7 +121,6 @@ public void readFields(DataInput in) throws IOException {
        .toByteArray(), securityConfig);
    publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
        .toByteArray(), securityConfig);
-    maxKeyLen = secretKey.getMaxKeyLen();
  }

  @Override
@ -179,7 +160,7 @@ static OzoneSecretKey readProtoBuf(DataInput in) throws IOException {
    SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
    return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
        key.getPrivateKeyBytes().toByteArray(),
-        key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
+        key.getPublicKeyBytes().toByteArray());
  }

  /**
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
  private final Text service;
  private volatile boolean running;
  private OzoneSecretKey currentKey;
-  private int maxKeyLength;
  private AtomicInteger currentKeyId;
  private AtomicInteger tokenSequenceNumber;
  protected final Map<Integer, OzoneSecretKey> allKeys;
@ -83,7 +82,6 @@ public OzoneSecretManager(OzoneConfiguration conf, long tokenMaxLifetime,
    tokenSequenceNumber = new AtomicInteger();
    allKeys = new ConcurrentHashMap<>();
    this.service = service;
-    this.maxKeyLength = securityConfig.getMaxKeyLength();
    this.logger = logger;
  }

@ -189,7 +187,7 @@ private OzoneSecretKey updateCurrentKey(KeyPair keyPair) throws IOException {
    // expire time.
    int newCurrentId = incrementCurrentKeyId();
    OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
-        keyPair, maxKeyLength);
+        keyPair);
    currentKey = newKey;
    return currentKey;
  }
--- a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
+++ b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
@ -497,7 +497,6 @@ message SecretKeyProto {
    required uint64 expiryDate = 2;
    required bytes privateKeyBytes = 3;
    required bytes publicKeyBytes = 4;
-    required uint32 maxKeyLen = 5;
 }

 message ListKeysRequest {