HADOOP-10757. KeyProvider KeyVersion should provide the key name. (asuresh via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1607896 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
5644f529f3
commit
7b5295513d
@ -168,6 +168,9 @@ Trunk (Unreleased)
|
||||
HADOOP-10695. KMSClientProvider should respect a configurable timeout.
|
||||
(yoderme via tucu)
|
||||
|
||||
HADOOP-10757. KeyProvider KeyVersion should provide the key name.
|
||||
(asuresh via tucu)
|
||||
|
||||
BUG FIXES
|
||||
|
||||
HADOOP-9451. Fault single-layer config if node group topology is enabled.
|
||||
|
@ -173,7 +173,7 @@ public KeyVersion getKeyVersion(String versionName) throws IOException {
|
||||
} catch (UnrecoverableKeyException e) {
|
||||
throw new IOException("Can't recover key " + key + " from " + path, e);
|
||||
}
|
||||
return new KeyVersion(versionName, key.getEncoded());
|
||||
return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded());
|
||||
} finally {
|
||||
readLock.unlock();
|
||||
}
|
||||
@ -277,7 +277,7 @@ public KeyVersion createKey(String name, byte[] material,
|
||||
}
|
||||
cache.put(name, meta);
|
||||
String versionName = buildVersionName(name, 0);
|
||||
return innerSetKeyVersion(versionName, material, meta.getCipher());
|
||||
return innerSetKeyVersion(name, versionName, material, meta.getCipher());
|
||||
} finally {
|
||||
writeLock.unlock();
|
||||
}
|
||||
@ -316,7 +316,7 @@ public void deleteKey(String name) throws IOException {
|
||||
}
|
||||
}
|
||||
|
||||
KeyVersion innerSetKeyVersion(String versionName, byte[] material,
|
||||
KeyVersion innerSetKeyVersion(String name, String versionName, byte[] material,
|
||||
String cipher) throws IOException {
|
||||
try {
|
||||
keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher),
|
||||
@ -326,7 +326,7 @@ KeyVersion innerSetKeyVersion(String versionName, byte[] material,
|
||||
e);
|
||||
}
|
||||
changed = true;
|
||||
return new KeyVersion(versionName, material);
|
||||
return new KeyVersion(name, versionName, material);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -344,7 +344,7 @@ public KeyVersion rollNewVersion(String name,
|
||||
}
|
||||
int nextVersion = meta.addVersion();
|
||||
String versionName = buildVersionName(name, nextVersion);
|
||||
return innerSetKeyVersion(versionName, material, meta.getCipher());
|
||||
return innerSetKeyVersion(name, versionName, material, meta.getCipher());
|
||||
} finally {
|
||||
writeLock.unlock();
|
||||
}
|
||||
|
@ -63,14 +63,20 @@ public abstract class KeyProvider {
|
||||
* The combination of both the key version name and the key material.
|
||||
*/
|
||||
public static class KeyVersion {
|
||||
private final String name;
|
||||
private final String versionName;
|
||||
private final byte[] material;
|
||||
|
||||
protected KeyVersion(String versionName,
|
||||
protected KeyVersion(String name, String versionName,
|
||||
byte[] material) {
|
||||
this.name = name;
|
||||
this.versionName = versionName;
|
||||
this.material = material;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public String getVersionName() {
|
||||
return versionName;
|
||||
|
@ -55,12 +55,13 @@ public boolean isTransient() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized KeyVersion getKeyVersion(String versionName) {
|
||||
public synchronized KeyVersion getKeyVersion(String versionName)
|
||||
throws IOException {
|
||||
byte[] bytes = credentials.getSecretKey(new Text(versionName));
|
||||
if (bytes == null) {
|
||||
return null;
|
||||
}
|
||||
return new KeyVersion(versionName, bytes);
|
||||
return new KeyVersion(getBaseName(versionName), versionName, bytes);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -94,7 +95,7 @@ public synchronized KeyVersion createKey(String name, byte[] material,
|
||||
String versionName = buildVersionName(name, 0);
|
||||
credentials.addSecretKey(nameT, meta.serialize());
|
||||
credentials.addSecretKey(new Text(versionName), material);
|
||||
return new KeyVersion(versionName, material);
|
||||
return new KeyVersion(name, versionName, material);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -125,7 +126,7 @@ public synchronized KeyVersion rollNewVersion(String name,
|
||||
credentials.addSecretKey(new Text(name), meta.serialize());
|
||||
String versionName = buildVersionName(name, nextVersion);
|
||||
credentials.addSecretKey(new Text(versionName), material);
|
||||
return new KeyVersion(versionName, material);
|
||||
return new KeyVersion(name, versionName, material);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -84,8 +84,9 @@ private static KeyVersion parseJSONKeyVersion(Map valueMap) {
|
||||
byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD))
|
||||
? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD))
|
||||
: null;
|
||||
keyVersion = new KMSKeyVersion((String)
|
||||
valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD), material);
|
||||
String versionName = (String)valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD);
|
||||
String keyName = (String)valueMap.get(KMSRESTConstants.NAME_FIELD);
|
||||
keyVersion = new KMSKeyVersion(keyName, versionName, material);
|
||||
}
|
||||
return keyVersion;
|
||||
}
|
||||
@ -362,8 +363,8 @@ private static <T> T call(HttpURLConnection conn, Map jsonOutput,
|
||||
}
|
||||
|
||||
public static class KMSKeyVersion extends KeyVersion {
|
||||
public KMSKeyVersion(String versionName, byte[] material) {
|
||||
super(versionName, material);
|
||||
public KMSKeyVersion(String keyName, String versionName, byte[] material) {
|
||||
super(keyName, versionName, material);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -64,7 +64,7 @@ public void testParseVersionName() throws Exception {
|
||||
@Test
|
||||
public void testKeyMaterial() throws Exception {
|
||||
byte[] key1 = new byte[]{1,2,3,4};
|
||||
KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1@1", key1);
|
||||
KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1);
|
||||
assertEquals("key1@1", obj.getVersionName());
|
||||
assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial());
|
||||
}
|
||||
|
@ -90,8 +90,8 @@ private static void assertAccess(KMSACLs.Type aclType, Principal principal,
|
||||
|
||||
private static KeyProvider.KeyVersion removeKeyMaterial(
|
||||
KeyProvider.KeyVersion keyVersion) {
|
||||
return new KMSClientProvider.KMSKeyVersion(keyVersion.getVersionName(),
|
||||
null);
|
||||
return new KMSClientProvider.KMSKeyVersion(keyVersion.getName(),
|
||||
keyVersion.getVersionName(), null);
|
||||
}
|
||||
|
||||
private static URI getKeyURI(String name) throws URISyntaxException {
|
||||
|
@ -35,6 +35,8 @@ public class KMSServerJSONUtils {
|
||||
public static Map toJSON(KeyProvider.KeyVersion keyVersion) {
|
||||
Map json = new LinkedHashMap();
|
||||
if (keyVersion != null) {
|
||||
json.put(KMSRESTConstants.NAME_FIELD,
|
||||
keyVersion.getName());
|
||||
json.put(KMSRESTConstants.VERSION_NAME_FIELD,
|
||||
keyVersion.getVersionName());
|
||||
json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());
|
||||
|
Loading…
Reference in New Issue
Block a user