From 7b5295513dce9768083ae53282013e31d74573c6 Mon Sep 17 00:00:00 2001 From: Alejandro Abdelnur Date: Fri, 4 Jul 2014 17:31:55 +0000 Subject: [PATCH] HADOOP-10757. KeyProvider KeyVersion should provide the key name. (asuresh via tucu) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1607896 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../apache/hadoop/crypto/key/JavaKeyStoreProvider.java | 10 +++++----- .../java/org/apache/hadoop/crypto/key/KeyProvider.java | 8 +++++++- .../org/apache/hadoop/crypto/key/UserProvider.java | 9 +++++---- .../hadoop/crypto/key/kms/KMSClientProvider.java | 9 +++++---- .../org/apache/hadoop/crypto/key/TestKeyProvider.java | 2 +- .../org/apache/hadoop/crypto/key/kms/server/KMS.java | 4 ++-- .../crypto/key/kms/server/KMSServerJSONUtils.java | 2 ++ 8 files changed, 30 insertions(+), 17 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index beaf28d9a4..abbb4ae26f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -168,6 +168,9 @@ Trunk (Unreleased) HADOOP-10695. KMSClientProvider should respect a configurable timeout. (yoderme via tucu) + HADOOP-10757. KeyProvider KeyVersion should provide the key name. + (asuresh via tucu) + BUG FIXES HADOOP-9451. Fault single-layer config if node group topology is enabled. diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java index 0f22f6343a..529a21287c 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java @@ -173,7 +173,7 @@ public KeyVersion getKeyVersion(String versionName) throws IOException { } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key " + key + " from " + path, e); } - return new KeyVersion(versionName, key.getEncoded()); + return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); } finally { readLock.unlock(); } @@ -277,7 +277,7 @@ public KeyVersion createKey(String name, byte[] material, } cache.put(name, meta); String versionName = buildVersionName(name, 0); - return innerSetKeyVersion(versionName, material, meta.getCipher()); + return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } @@ -316,7 +316,7 @@ public void deleteKey(String name) throws IOException { } } - KeyVersion innerSetKeyVersion(String versionName, byte[] material, + KeyVersion innerSetKeyVersion(String name, String versionName, byte[] material, String cipher) throws IOException { try { keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher), @@ -326,7 +326,7 @@ KeyVersion innerSetKeyVersion(String versionName, byte[] material, e); } changed = true; - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override @@ -344,7 +344,7 @@ public KeyVersion rollNewVersion(String name, } int nextVersion = meta.addVersion(); String versionName = buildVersionName(name, nextVersion); - return innerSetKeyVersion(versionName, material, meta.getCipher()); + return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java index 01d7b697ae..7fd0aa27c3 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java @@ -63,14 +63,20 @@ public abstract class KeyProvider { * The combination of both the key version name and the key material. */ public static class KeyVersion { + private final String name; private final String versionName; private final byte[] material; - protected KeyVersion(String versionName, + protected KeyVersion(String name, String versionName, byte[] material) { + this.name = name; this.versionName = versionName; this.material = material; } + + public String getName() { + return name; + } public String getVersionName() { return versionName; diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java index 6cfb46bd71..e09b3f8d43 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java @@ -55,12 +55,13 @@ public boolean isTransient() { } @Override - public synchronized KeyVersion getKeyVersion(String versionName) { + public synchronized KeyVersion getKeyVersion(String versionName) + throws IOException { byte[] bytes = credentials.getSecretKey(new Text(versionName)); if (bytes == null) { return null; } - return new KeyVersion(versionName, bytes); + return new KeyVersion(getBaseName(versionName), versionName, bytes); } @Override @@ -94,7 +95,7 @@ public synchronized KeyVersion createKey(String name, byte[] material, String versionName = buildVersionName(name, 0); credentials.addSecretKey(nameT, meta.serialize()); credentials.addSecretKey(new Text(versionName), material); - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override @@ -125,7 +126,7 @@ public synchronized KeyVersion rollNewVersion(String name, credentials.addSecretKey(new Text(name), meta.serialize()); String versionName = buildVersionName(name, nextVersion); credentials.addSecretKey(new Text(versionName), material); - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index c18e8613d0..7d52854845 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -84,8 +84,9 @@ private static KeyVersion parseJSONKeyVersion(Map valueMap) { byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD)) ? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD)) : null; - keyVersion = new KMSKeyVersion((String) - valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD), material); + String versionName = (String)valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD); + String keyName = (String)valueMap.get(KMSRESTConstants.NAME_FIELD); + keyVersion = new KMSKeyVersion(keyName, versionName, material); } return keyVersion; } @@ -362,8 +363,8 @@ private static T call(HttpURLConnection conn, Map jsonOutput, } public static class KMSKeyVersion extends KeyVersion { - public KMSKeyVersion(String versionName, byte[] material) { - super(versionName, material); + public KMSKeyVersion(String keyName, String versionName, byte[] material) { + super(keyName, versionName, material); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java index 7da1675763..892cec82ff 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java @@ -64,7 +64,7 @@ public void testParseVersionName() throws Exception { @Test public void testKeyMaterial() throws Exception { byte[] key1 = new byte[]{1,2,3,4}; - KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1@1", key1); + KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1); assertEquals("key1@1", obj.getVersionName()); assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial()); } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java index 3446c787b8..3574bf43b7 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java @@ -90,8 +90,8 @@ private static void assertAccess(KMSACLs.Type aclType, Principal principal, private static KeyProvider.KeyVersion removeKeyMaterial( KeyProvider.KeyVersion keyVersion) { - return new KMSClientProvider.KMSKeyVersion(keyVersion.getVersionName(), - null); + return new KMSClientProvider.KMSKeyVersion(keyVersion.getName(), + keyVersion.getVersionName(), null); } private static URI getKeyURI(String name) throws URISyntaxException { diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java index 9131a189ad..94501ecf3d 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java @@ -35,6 +35,8 @@ public class KMSServerJSONUtils { public static Map toJSON(KeyProvider.KeyVersion keyVersion) { Map json = new LinkedHashMap(); if (keyVersion != null) { + json.put(KMSRESTConstants.NAME_FIELD, + keyVersion.getName()); json.put(KMSRESTConstants.VERSION_NAME_FIELD, keyVersion.getVersionName()); json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());