HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.

This commit is contained in:
Xiaoyu Yao 2018-12-19 14:40:26 -08:00
parent f894d86b2f
commit 2b115222cd
6 changed files with 4 additions and 48 deletions

View File

@ -21,7 +21,6 @@
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider; import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -95,7 +94,6 @@ public class SecurityConfig {
private final Duration certDuration; private final Duration certDuration;
private final String x509SignatureAlgo; private final String x509SignatureAlgo;
private final Boolean grpcBlockTokenEnabled; private final Boolean grpcBlockTokenEnabled;
private final int getMaxKeyLength;
private final String certificateDir; private final String certificateDir;
private final String certificateFileName; private final String certificateFileName;
private final Boolean grpcTlsEnabled; private final Boolean grpcTlsEnabled;
@ -112,9 +110,6 @@ public class SecurityConfig {
public SecurityConfig(Configuration configuration) { public SecurityConfig(Configuration configuration) {
Preconditions.checkNotNull(configuration, "Configuration cannot be null"); Preconditions.checkNotNull(configuration, "Configuration cannot be null");
this.configuration = configuration; this.configuration = configuration;
this.getMaxKeyLength = configuration.getInt(
OzoneConfigKeys.OZONE_MAX_KEY_LEN,
OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN); this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM, this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
HDDS_DEFAULT_KEY_ALGORITHM); HDDS_DEFAULT_KEY_ALGORITHM);
@ -421,8 +416,4 @@ private Provider initSecurityProvider(String providerName) {
throw new SecurityException("Unknown security provider:" + provider); throw new SecurityException("Unknown security provider:" + provider);
} }
} }
public int getMaxKeyLength() {
return this.getMaxKeyLength;
}
} }

View File

@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
public static final String OZONE_CONTAINER_COPY_WORKDIR = public static final String OZONE_CONTAINER_COPY_WORKDIR =
"hdds.datanode.replication.work.dir"; "hdds.datanode.replication.work.dir";
public static final String OZONE_MAX_KEY_LEN =
"ozone.max.key.len";
public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
/** /**
* Config properties to set client side checksum properties. * Config properties to set client side checksum properties.
*/ */

View File

@ -992,15 +992,6 @@
the logs. Very useful when debugging REST protocol. the logs. Very useful when debugging REST protocol.
</description> </description>
</property> </property>
<property>
<name>ozone.max.key.len</name>
<value>1048576</value>
<tag>OZONE, SECURITY</tag>
<description>
Maximum length of private key in Ozone. Used in Ozone delegation and
block tokens.
</description>
</property>
<!--Client Settings--> <!--Client Settings-->
<property> <property>

View File

@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
private long expiryDate; private long expiryDate;
private PrivateKey privateKey; private PrivateKey privateKey;
private PublicKey publicKey; private PublicKey publicKey;
private int maxKeyLen;
private SecurityConfig securityConfig; private SecurityConfig securityConfig;
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair, public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
int maxKeyLen) {
Preconditions.checkNotNull(keyId); Preconditions.checkNotNull(keyId);
this.keyId = keyId; this.keyId = keyId;
this.expiryDate = expiryDate; this.expiryDate = expiryDate;
byte[] encodedKey = keyPair.getPrivate().getEncoded();
this.maxKeyLen = maxKeyLen;
if (encodedKey.length > maxKeyLen) {
throw new RuntimeException("can't create " + encodedKey.length +
" byte long DelegationKey.");
}
this.privateKey = keyPair.getPrivate(); this.privateKey = keyPair.getPrivate();
this.publicKey = keyPair.getPublic(); this.publicKey = keyPair.getPublic();
} }
@ -70,18 +62,13 @@ public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
* Create new instance using default signature algorithm and provider. * Create new instance using default signature algorithm and provider.
* */ * */
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey, public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
byte[] publicKey, int maxKeyLen) { byte[] publicKey) {
Preconditions.checkNotNull(pvtKey); Preconditions.checkNotNull(pvtKey);
Preconditions.checkNotNull(publicKey); Preconditions.checkNotNull(publicKey);
this.securityConfig = new SecurityConfig(new OzoneConfiguration()); this.securityConfig = new SecurityConfig(new OzoneConfiguration());
this.keyId = keyId; this.keyId = keyId;
this.expiryDate = expiryDate; this.expiryDate = expiryDate;
this.maxKeyLen = maxKeyLen;
if (pvtKey.length > maxKeyLen) {
throw new RuntimeException("can't create " + pvtKey.length +
" byte long DelegationKey. Max allowed length is " + maxKeyLen);
}
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig); this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig); this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
} }
@ -102,10 +89,6 @@ public PublicKey getPublicKey() {
return publicKey; return publicKey;
} }
public int getMaxKeyLen() {
return maxKeyLen;
}
public byte[] getEncodedPrivateKey() { public byte[] getEncodedPrivateKey() {
return privateKey.getEncoded(); return privateKey.getEncoded();
} }
@ -125,7 +108,6 @@ public void write(DataOutput out) throws IOException {
.setExpiryDate(getExpiryDate()) .setExpiryDate(getExpiryDate())
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey())) .setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey())) .setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
.setMaxKeyLen(getMaxKeyLen())
.build(); .build();
out.write(token.toByteArray()); out.write(token.toByteArray());
} }
@ -139,7 +121,6 @@ public void readFields(DataInput in) throws IOException {
.toByteArray(), securityConfig); .toByteArray(), securityConfig);
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes() publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
.toByteArray(), securityConfig); .toByteArray(), securityConfig);
maxKeyLen = secretKey.getMaxKeyLen();
} }
@Override @Override
@ -179,7 +160,7 @@ static OzoneSecretKey readProtoBuf(DataInput in) throws IOException {
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in); SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(), return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
key.getPrivateKeyBytes().toByteArray(), key.getPrivateKeyBytes().toByteArray(),
key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen()); key.getPublicKeyBytes().toByteArray());
} }
/** /**

View File

@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
private final Text service; private final Text service;
private volatile boolean running; private volatile boolean running;
private OzoneSecretKey currentKey; private OzoneSecretKey currentKey;
private int maxKeyLength;
private AtomicInteger currentKeyId; private AtomicInteger currentKeyId;
private AtomicInteger tokenSequenceNumber; private AtomicInteger tokenSequenceNumber;
protected final Map<Integer, OzoneSecretKey> allKeys; protected final Map<Integer, OzoneSecretKey> allKeys;
@ -83,7 +82,6 @@ public OzoneSecretManager(OzoneConfiguration conf, long tokenMaxLifetime,
tokenSequenceNumber = new AtomicInteger(); tokenSequenceNumber = new AtomicInteger();
allKeys = new ConcurrentHashMap<>(); allKeys = new ConcurrentHashMap<>();
this.service = service; this.service = service;
this.maxKeyLength = securityConfig.getMaxKeyLength();
this.logger = logger; this.logger = logger;
} }
@ -189,7 +187,7 @@ private OzoneSecretKey updateCurrentKey(KeyPair keyPair) throws IOException {
// expire time. // expire time.
int newCurrentId = incrementCurrentKeyId(); int newCurrentId = incrementCurrentKeyId();
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1, OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
keyPair, maxKeyLength); keyPair);
currentKey = newKey; currentKey = newKey;
return currentKey; return currentKey;
} }

View File

@ -497,7 +497,6 @@ message SecretKeyProto {
required uint64 expiryDate = 2; required uint64 expiryDate = 2;
required bytes privateKeyBytes = 3; required bytes privateKeyBytes = 3;
required bytes publicKeyBytes = 4; required bytes publicKeyBytes = 4;
required uint32 maxKeyLen = 5;
} }
message ListKeysRequest { message ListKeysRequest {