HADOOP-10757. KeyProvider KeyVersion should provide the key name. (asuresh via tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1607896 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-07-04 17:31:55 +00:00
parent 5644f529f3
commit 7b5295513d
8 changed files with 30 additions and 17 deletions

View File

@ -168,6 +168,9 @@ Trunk (Unreleased)
HADOOP-10695. KMSClientProvider should respect a configurable timeout. HADOOP-10695. KMSClientProvider should respect a configurable timeout.
(yoderme via tucu) (yoderme via tucu)
HADOOP-10757. KeyProvider KeyVersion should provide the key name.
(asuresh via tucu)
BUG FIXES BUG FIXES
HADOOP-9451. Fault single-layer config if node group topology is enabled. HADOOP-9451. Fault single-layer config if node group topology is enabled.

View File

@ -173,7 +173,7 @@ public KeyVersion getKeyVersion(String versionName) throws IOException {
} catch (UnrecoverableKeyException e) { } catch (UnrecoverableKeyException e) {
throw new IOException("Can't recover key " + key + " from " + path, e); throw new IOException("Can't recover key " + key + " from " + path, e);
} }
return new KeyVersion(versionName, key.getEncoded()); return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded());
} finally { } finally {
readLock.unlock(); readLock.unlock();
} }
@ -277,7 +277,7 @@ public KeyVersion createKey(String name, byte[] material,
} }
cache.put(name, meta); cache.put(name, meta);
String versionName = buildVersionName(name, 0); String versionName = buildVersionName(name, 0);
return innerSetKeyVersion(versionName, material, meta.getCipher()); return innerSetKeyVersion(name, versionName, material, meta.getCipher());
} finally { } finally {
writeLock.unlock(); writeLock.unlock();
} }
@ -316,7 +316,7 @@ public void deleteKey(String name) throws IOException {
} }
} }
KeyVersion innerSetKeyVersion(String versionName, byte[] material, KeyVersion innerSetKeyVersion(String name, String versionName, byte[] material,
String cipher) throws IOException { String cipher) throws IOException {
try { try {
keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher), keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher),
@ -326,7 +326,7 @@ KeyVersion innerSetKeyVersion(String versionName, byte[] material,
e); e);
} }
changed = true; changed = true;
return new KeyVersion(versionName, material); return new KeyVersion(name, versionName, material);
} }
@Override @Override
@ -344,7 +344,7 @@ public KeyVersion rollNewVersion(String name,
} }
int nextVersion = meta.addVersion(); int nextVersion = meta.addVersion();
String versionName = buildVersionName(name, nextVersion); String versionName = buildVersionName(name, nextVersion);
return innerSetKeyVersion(versionName, material, meta.getCipher()); return innerSetKeyVersion(name, versionName, material, meta.getCipher());
} finally { } finally {
writeLock.unlock(); writeLock.unlock();
} }

View File

@ -63,14 +63,20 @@ public abstract class KeyProvider {
* The combination of both the key version name and the key material. * The combination of both the key version name and the key material.
*/ */
public static class KeyVersion { public static class KeyVersion {
private final String name;
private final String versionName; private final String versionName;
private final byte[] material; private final byte[] material;
protected KeyVersion(String versionName, protected KeyVersion(String name, String versionName,
byte[] material) { byte[] material) {
this.name = name;
this.versionName = versionName; this.versionName = versionName;
this.material = material; this.material = material;
} }
public String getName() {
return name;
}
public String getVersionName() { public String getVersionName() {
return versionName; return versionName;

View File

@ -55,12 +55,13 @@ public boolean isTransient() {
} }
@Override @Override
public synchronized KeyVersion getKeyVersion(String versionName) { public synchronized KeyVersion getKeyVersion(String versionName)
throws IOException {
byte[] bytes = credentials.getSecretKey(new Text(versionName)); byte[] bytes = credentials.getSecretKey(new Text(versionName));
if (bytes == null) { if (bytes == null) {
return null; return null;
} }
return new KeyVersion(versionName, bytes); return new KeyVersion(getBaseName(versionName), versionName, bytes);
} }
@Override @Override
@ -94,7 +95,7 @@ public synchronized KeyVersion createKey(String name, byte[] material,
String versionName = buildVersionName(name, 0); String versionName = buildVersionName(name, 0);
credentials.addSecretKey(nameT, meta.serialize()); credentials.addSecretKey(nameT, meta.serialize());
credentials.addSecretKey(new Text(versionName), material); credentials.addSecretKey(new Text(versionName), material);
return new KeyVersion(versionName, material); return new KeyVersion(name, versionName, material);
} }
@Override @Override
@ -125,7 +126,7 @@ public synchronized KeyVersion rollNewVersion(String name,
credentials.addSecretKey(new Text(name), meta.serialize()); credentials.addSecretKey(new Text(name), meta.serialize());
String versionName = buildVersionName(name, nextVersion); String versionName = buildVersionName(name, nextVersion);
credentials.addSecretKey(new Text(versionName), material); credentials.addSecretKey(new Text(versionName), material);
return new KeyVersion(versionName, material); return new KeyVersion(name, versionName, material);
} }
@Override @Override

View File

@ -84,8 +84,9 @@ private static KeyVersion parseJSONKeyVersion(Map valueMap) {
byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD)) byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD))
? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD)) ? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD))
: null; : null;
keyVersion = new KMSKeyVersion((String) String versionName = (String)valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD);
valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD), material); String keyName = (String)valueMap.get(KMSRESTConstants.NAME_FIELD);
keyVersion = new KMSKeyVersion(keyName, versionName, material);
} }
return keyVersion; return keyVersion;
} }
@ -362,8 +363,8 @@ private static <T> T call(HttpURLConnection conn, Map jsonOutput,
} }
public static class KMSKeyVersion extends KeyVersion { public static class KMSKeyVersion extends KeyVersion {
public KMSKeyVersion(String versionName, byte[] material) { public KMSKeyVersion(String keyName, String versionName, byte[] material) {
super(versionName, material); super(keyName, versionName, material);
} }
} }

View File

@ -64,7 +64,7 @@ public void testParseVersionName() throws Exception {
@Test @Test
public void testKeyMaterial() throws Exception { public void testKeyMaterial() throws Exception {
byte[] key1 = new byte[]{1,2,3,4}; byte[] key1 = new byte[]{1,2,3,4};
KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1@1", key1); KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1);
assertEquals("key1@1", obj.getVersionName()); assertEquals("key1@1", obj.getVersionName());
assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial()); assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial());
} }

View File

@ -90,8 +90,8 @@ private static void assertAccess(KMSACLs.Type aclType, Principal principal,
private static KeyProvider.KeyVersion removeKeyMaterial( private static KeyProvider.KeyVersion removeKeyMaterial(
KeyProvider.KeyVersion keyVersion) { KeyProvider.KeyVersion keyVersion) {
return new KMSClientProvider.KMSKeyVersion(keyVersion.getVersionName(), return new KMSClientProvider.KMSKeyVersion(keyVersion.getName(),
null); keyVersion.getVersionName(), null);
} }
private static URI getKeyURI(String name) throws URISyntaxException { private static URI getKeyURI(String name) throws URISyntaxException {

View File

@ -35,6 +35,8 @@ public class KMSServerJSONUtils {
public static Map toJSON(KeyProvider.KeyVersion keyVersion) { public static Map toJSON(KeyProvider.KeyVersion keyVersion) {
Map json = new LinkedHashMap(); Map json = new LinkedHashMap();
if (keyVersion != null) { if (keyVersion != null) {
json.put(KMSRESTConstants.NAME_FIELD,
keyVersion.getName());
json.put(KMSRESTConstants.VERSION_NAME_FIELD, json.put(KMSRESTConstants.VERSION_NAME_FIELD,
keyVersion.getVersionName()); keyVersion.getVersionName());
json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial()); json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());