HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.
This commit is contained in:
parent
f894d86b2f
commit
2b115222cd
@ -21,7 +21,6 @@
|
|||||||
|
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.ozone.OzoneConfigKeys;
|
|
||||||
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
|
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
@ -95,7 +94,6 @@ public class SecurityConfig {
|
|||||||
private final Duration certDuration;
|
private final Duration certDuration;
|
||||||
private final String x509SignatureAlgo;
|
private final String x509SignatureAlgo;
|
||||||
private final Boolean grpcBlockTokenEnabled;
|
private final Boolean grpcBlockTokenEnabled;
|
||||||
private final int getMaxKeyLength;
|
|
||||||
private final String certificateDir;
|
private final String certificateDir;
|
||||||
private final String certificateFileName;
|
private final String certificateFileName;
|
||||||
private final Boolean grpcTlsEnabled;
|
private final Boolean grpcTlsEnabled;
|
||||||
@ -112,9 +110,6 @@ public class SecurityConfig {
|
|||||||
public SecurityConfig(Configuration configuration) {
|
public SecurityConfig(Configuration configuration) {
|
||||||
Preconditions.checkNotNull(configuration, "Configuration cannot be null");
|
Preconditions.checkNotNull(configuration, "Configuration cannot be null");
|
||||||
this.configuration = configuration;
|
this.configuration = configuration;
|
||||||
this.getMaxKeyLength = configuration.getInt(
|
|
||||||
OzoneConfigKeys.OZONE_MAX_KEY_LEN,
|
|
||||||
OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
|
|
||||||
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
|
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
|
||||||
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
|
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
|
||||||
HDDS_DEFAULT_KEY_ALGORITHM);
|
HDDS_DEFAULT_KEY_ALGORITHM);
|
||||||
@ -421,8 +416,4 @@ private Provider initSecurityProvider(String providerName) {
|
|||||||
throw new SecurityException("Unknown security provider:" + provider);
|
throw new SecurityException("Unknown security provider:" + provider);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getMaxKeyLength() {
|
|
||||||
return this.getMaxKeyLength;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
|
|||||||
public static final String OZONE_CONTAINER_COPY_WORKDIR =
|
public static final String OZONE_CONTAINER_COPY_WORKDIR =
|
||||||
"hdds.datanode.replication.work.dir";
|
"hdds.datanode.replication.work.dir";
|
||||||
|
|
||||||
public static final String OZONE_MAX_KEY_LEN =
|
|
||||||
"ozone.max.key.len";
|
|
||||||
public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Config properties to set client side checksum properties.
|
* Config properties to set client side checksum properties.
|
||||||
*/
|
*/
|
||||||
|
@ -992,15 +992,6 @@
|
|||||||
the logs. Very useful when debugging REST protocol.
|
the logs. Very useful when debugging REST protocol.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
<property>
|
|
||||||
<name>ozone.max.key.len</name>
|
|
||||||
<value>1048576</value>
|
|
||||||
<tag>OZONE, SECURITY</tag>
|
|
||||||
<description>
|
|
||||||
Maximum length of private key in Ozone. Used in Ozone delegation and
|
|
||||||
block tokens.
|
|
||||||
</description>
|
|
||||||
</property>
|
|
||||||
|
|
||||||
<!--Client Settings-->
|
<!--Client Settings-->
|
||||||
<property>
|
<property>
|
||||||
|
@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
|
|||||||
private long expiryDate;
|
private long expiryDate;
|
||||||
private PrivateKey privateKey;
|
private PrivateKey privateKey;
|
||||||
private PublicKey publicKey;
|
private PublicKey publicKey;
|
||||||
private int maxKeyLen;
|
|
||||||
private SecurityConfig securityConfig;
|
private SecurityConfig securityConfig;
|
||||||
|
|
||||||
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
|
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
|
||||||
int maxKeyLen) {
|
|
||||||
Preconditions.checkNotNull(keyId);
|
Preconditions.checkNotNull(keyId);
|
||||||
this.keyId = keyId;
|
this.keyId = keyId;
|
||||||
this.expiryDate = expiryDate;
|
this.expiryDate = expiryDate;
|
||||||
byte[] encodedKey = keyPair.getPrivate().getEncoded();
|
|
||||||
this.maxKeyLen = maxKeyLen;
|
|
||||||
if (encodedKey.length > maxKeyLen) {
|
|
||||||
throw new RuntimeException("can't create " + encodedKey.length +
|
|
||||||
" byte long DelegationKey.");
|
|
||||||
}
|
|
||||||
this.privateKey = keyPair.getPrivate();
|
this.privateKey = keyPair.getPrivate();
|
||||||
this.publicKey = keyPair.getPublic();
|
this.publicKey = keyPair.getPublic();
|
||||||
}
|
}
|
||||||
@ -70,18 +62,13 @@ public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
|
|||||||
* Create new instance using default signature algorithm and provider.
|
* Create new instance using default signature algorithm and provider.
|
||||||
* */
|
* */
|
||||||
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
|
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
|
||||||
byte[] publicKey, int maxKeyLen) {
|
byte[] publicKey) {
|
||||||
Preconditions.checkNotNull(pvtKey);
|
Preconditions.checkNotNull(pvtKey);
|
||||||
Preconditions.checkNotNull(publicKey);
|
Preconditions.checkNotNull(publicKey);
|
||||||
|
|
||||||
this.securityConfig = new SecurityConfig(new OzoneConfiguration());
|
this.securityConfig = new SecurityConfig(new OzoneConfiguration());
|
||||||
this.keyId = keyId;
|
this.keyId = keyId;
|
||||||
this.expiryDate = expiryDate;
|
this.expiryDate = expiryDate;
|
||||||
this.maxKeyLen = maxKeyLen;
|
|
||||||
if (pvtKey.length > maxKeyLen) {
|
|
||||||
throw new RuntimeException("can't create " + pvtKey.length +
|
|
||||||
" byte long DelegationKey. Max allowed length is " + maxKeyLen);
|
|
||||||
}
|
|
||||||
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
|
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
|
||||||
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
|
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
|
||||||
}
|
}
|
||||||
@ -102,10 +89,6 @@ public PublicKey getPublicKey() {
|
|||||||
return publicKey;
|
return publicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getMaxKeyLen() {
|
|
||||||
return maxKeyLen;
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] getEncodedPrivateKey() {
|
public byte[] getEncodedPrivateKey() {
|
||||||
return privateKey.getEncoded();
|
return privateKey.getEncoded();
|
||||||
}
|
}
|
||||||
@ -125,7 +108,6 @@ public void write(DataOutput out) throws IOException {
|
|||||||
.setExpiryDate(getExpiryDate())
|
.setExpiryDate(getExpiryDate())
|
||||||
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
|
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
|
||||||
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
|
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
|
||||||
.setMaxKeyLen(getMaxKeyLen())
|
|
||||||
.build();
|
.build();
|
||||||
out.write(token.toByteArray());
|
out.write(token.toByteArray());
|
||||||
}
|
}
|
||||||
@ -139,7 +121,6 @@ public void readFields(DataInput in) throws IOException {
|
|||||||
.toByteArray(), securityConfig);
|
.toByteArray(), securityConfig);
|
||||||
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
|
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
|
||||||
.toByteArray(), securityConfig);
|
.toByteArray(), securityConfig);
|
||||||
maxKeyLen = secretKey.getMaxKeyLen();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -179,7 +160,7 @@ static OzoneSecretKey readProtoBuf(DataInput in) throws IOException {
|
|||||||
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
|
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
|
||||||
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
|
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
|
||||||
key.getPrivateKeyBytes().toByteArray(),
|
key.getPrivateKeyBytes().toByteArray(),
|
||||||
key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
|
key.getPublicKeyBytes().toByteArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
|
|||||||
private final Text service;
|
private final Text service;
|
||||||
private volatile boolean running;
|
private volatile boolean running;
|
||||||
private OzoneSecretKey currentKey;
|
private OzoneSecretKey currentKey;
|
||||||
private int maxKeyLength;
|
|
||||||
private AtomicInteger currentKeyId;
|
private AtomicInteger currentKeyId;
|
||||||
private AtomicInteger tokenSequenceNumber;
|
private AtomicInteger tokenSequenceNumber;
|
||||||
protected final Map<Integer, OzoneSecretKey> allKeys;
|
protected final Map<Integer, OzoneSecretKey> allKeys;
|
||||||
@ -83,7 +82,6 @@ public OzoneSecretManager(OzoneConfiguration conf, long tokenMaxLifetime,
|
|||||||
tokenSequenceNumber = new AtomicInteger();
|
tokenSequenceNumber = new AtomicInteger();
|
||||||
allKeys = new ConcurrentHashMap<>();
|
allKeys = new ConcurrentHashMap<>();
|
||||||
this.service = service;
|
this.service = service;
|
||||||
this.maxKeyLength = securityConfig.getMaxKeyLength();
|
|
||||||
this.logger = logger;
|
this.logger = logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -189,7 +187,7 @@ private OzoneSecretKey updateCurrentKey(KeyPair keyPair) throws IOException {
|
|||||||
// expire time.
|
// expire time.
|
||||||
int newCurrentId = incrementCurrentKeyId();
|
int newCurrentId = incrementCurrentKeyId();
|
||||||
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
|
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
|
||||||
keyPair, maxKeyLength);
|
keyPair);
|
||||||
currentKey = newKey;
|
currentKey = newKey;
|
||||||
return currentKey;
|
return currentKey;
|
||||||
}
|
}
|
||||||
|
@ -497,7 +497,6 @@ message SecretKeyProto {
|
|||||||
required uint64 expiryDate = 2;
|
required uint64 expiryDate = 2;
|
||||||
required bytes privateKeyBytes = 3;
|
required bytes privateKeyBytes = 3;
|
||||||
required bytes publicKeyBytes = 4;
|
required bytes publicKeyBytes = 4;
|
||||||
required uint32 maxKeyLen = 5;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
message ListKeysRequest {
|
message ListKeysRequest {
|
||||||
|
Loading…
Reference in New Issue
Block a user