diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
index 8ac78f21c1..c0ae070c4b 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java
@@ -21,7 +21,6 @@
import com.google.common.base.Preconditions;
import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
@@ -95,7 +94,6 @@ public class SecurityConfig {
private final Duration certDuration;
private final String x509SignatureAlgo;
private final Boolean grpcBlockTokenEnabled;
- private final int getMaxKeyLength;
private final String certificateDir;
private final String certificateFileName;
private final Boolean grpcTlsEnabled;
@@ -112,9 +110,6 @@ public class SecurityConfig {
public SecurityConfig(Configuration configuration) {
Preconditions.checkNotNull(configuration, "Configuration cannot be null");
this.configuration = configuration;
- this.getMaxKeyLength = configuration.getInt(
- OzoneConfigKeys.OZONE_MAX_KEY_LEN,
- OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
HDDS_DEFAULT_KEY_ALGORITHM);
@@ -421,8 +416,4 @@ private Provider initSecurityProvider(String providerName) {
throw new SecurityException("Unknown security provider:" + provider);
}
}
-
- public int getMaxKeyLength() {
- return this.getMaxKeyLength;
- }
}
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
index e0b23052b8..e9a52f8aae 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java
@@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
public static final String OZONE_CONTAINER_COPY_WORKDIR =
"hdds.datanode.replication.work.dir";
- public static final String OZONE_MAX_KEY_LEN =
- "ozone.max.key.len";
- public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
-
/**
* Config properties to set client side checksum properties.
*/
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index e6a7393089..6975843c42 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -992,15 +992,6 @@
the logs. Very useful when debugging REST protocol.
-
- ozone.max.key.len
- 1048576
- OZONE, SECURITY
-
- Maximum length of private key in Ozone. Used in Ozone delegation and
- block tokens.
-
-
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java
index 9b2f912af3..39260fe506 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java
@@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
private long expiryDate;
private PrivateKey privateKey;
private PublicKey publicKey;
- private int maxKeyLen;
private SecurityConfig securityConfig;
- public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
- int maxKeyLen) {
+ public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
Preconditions.checkNotNull(keyId);
this.keyId = keyId;
this.expiryDate = expiryDate;
- byte[] encodedKey = keyPair.getPrivate().getEncoded();
- this.maxKeyLen = maxKeyLen;
- if (encodedKey.length > maxKeyLen) {
- throw new RuntimeException("can't create " + encodedKey.length +
- " byte long DelegationKey.");
- }
this.privateKey = keyPair.getPrivate();
this.publicKey = keyPair.getPublic();
}
@@ -70,18 +62,13 @@ public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
* Create new instance using default signature algorithm and provider.
* */
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
- byte[] publicKey, int maxKeyLen) {
+ byte[] publicKey) {
Preconditions.checkNotNull(pvtKey);
Preconditions.checkNotNull(publicKey);
this.securityConfig = new SecurityConfig(new OzoneConfiguration());
this.keyId = keyId;
this.expiryDate = expiryDate;
- this.maxKeyLen = maxKeyLen;
- if (pvtKey.length > maxKeyLen) {
- throw new RuntimeException("can't create " + pvtKey.length +
- " byte long DelegationKey. Max allowed length is " + maxKeyLen);
- }
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
}
@@ -102,10 +89,6 @@ public PublicKey getPublicKey() {
return publicKey;
}
- public int getMaxKeyLen() {
- return maxKeyLen;
- }
-
public byte[] getEncodedPrivateKey() {
return privateKey.getEncoded();
}
@@ -125,7 +108,6 @@ public void write(DataOutput out) throws IOException {
.setExpiryDate(getExpiryDate())
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
- .setMaxKeyLen(getMaxKeyLen())
.build();
out.write(token.toByteArray());
}
@@ -139,7 +121,6 @@ public void readFields(DataInput in) throws IOException {
.toByteArray(), securityConfig);
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
.toByteArray(), securityConfig);
- maxKeyLen = secretKey.getMaxKeyLen();
}
@Override
@@ -179,7 +160,7 @@ static OzoneSecretKey readProtoBuf(DataInput in) throws IOException {
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
key.getPrivateKeyBytes().toByteArray(),
- key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
+ key.getPublicKeyBytes().toByteArray());
}
/**
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
index 01ef8bb6c8..5f909bbdb7 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java
@@ -59,7 +59,6 @@ public abstract class OzoneSecretManager
private final Text service;
private volatile boolean running;
private OzoneSecretKey currentKey;
- private int maxKeyLength;
private AtomicInteger currentKeyId;
private AtomicInteger tokenSequenceNumber;
protected final Map allKeys;
@@ -83,7 +82,6 @@ public OzoneSecretManager(OzoneConfiguration conf, long tokenMaxLifetime,
tokenSequenceNumber = new AtomicInteger();
allKeys = new ConcurrentHashMap<>();
this.service = service;
- this.maxKeyLength = securityConfig.getMaxKeyLength();
this.logger = logger;
}
@@ -189,7 +187,7 @@ private OzoneSecretKey updateCurrentKey(KeyPair keyPair) throws IOException {
// expire time.
int newCurrentId = incrementCurrentKeyId();
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
- keyPair, maxKeyLength);
+ keyPair);
currentKey = newKey;
return currentKey;
}
diff --git a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
index cfa1e4373f..80462c83bd 100644
--- a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
+++ b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
@@ -497,7 +497,6 @@ message SecretKeyProto {
required uint64 expiryDate = 2;
required bytes privateKeyBytes = 3;
required bytes publicKeyBytes = 4;
- required uint32 maxKeyLen = 5;
}
message ListKeysRequest {