HADOOP-10757. KeyProvider KeyVersion should provide the key name. (asuresh via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1607896 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
5644f529f3
commit
7b5295513d
@ -168,6 +168,9 @@ Trunk (Unreleased)
|
|||||||
HADOOP-10695. KMSClientProvider should respect a configurable timeout.
|
HADOOP-10695. KMSClientProvider should respect a configurable timeout.
|
||||||
(yoderme via tucu)
|
(yoderme via tucu)
|
||||||
|
|
||||||
|
HADOOP-10757. KeyProvider KeyVersion should provide the key name.
|
||||||
|
(asuresh via tucu)
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
HADOOP-9451. Fault single-layer config if node group topology is enabled.
|
HADOOP-9451. Fault single-layer config if node group topology is enabled.
|
||||||
|
@ -173,7 +173,7 @@ public KeyVersion getKeyVersion(String versionName) throws IOException {
|
|||||||
} catch (UnrecoverableKeyException e) {
|
} catch (UnrecoverableKeyException e) {
|
||||||
throw new IOException("Can't recover key " + key + " from " + path, e);
|
throw new IOException("Can't recover key " + key + " from " + path, e);
|
||||||
}
|
}
|
||||||
return new KeyVersion(versionName, key.getEncoded());
|
return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded());
|
||||||
} finally {
|
} finally {
|
||||||
readLock.unlock();
|
readLock.unlock();
|
||||||
}
|
}
|
||||||
@ -277,7 +277,7 @@ public KeyVersion createKey(String name, byte[] material,
|
|||||||
}
|
}
|
||||||
cache.put(name, meta);
|
cache.put(name, meta);
|
||||||
String versionName = buildVersionName(name, 0);
|
String versionName = buildVersionName(name, 0);
|
||||||
return innerSetKeyVersion(versionName, material, meta.getCipher());
|
return innerSetKeyVersion(name, versionName, material, meta.getCipher());
|
||||||
} finally {
|
} finally {
|
||||||
writeLock.unlock();
|
writeLock.unlock();
|
||||||
}
|
}
|
||||||
@ -316,7 +316,7 @@ public void deleteKey(String name) throws IOException {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
KeyVersion innerSetKeyVersion(String versionName, byte[] material,
|
KeyVersion innerSetKeyVersion(String name, String versionName, byte[] material,
|
||||||
String cipher) throws IOException {
|
String cipher) throws IOException {
|
||||||
try {
|
try {
|
||||||
keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher),
|
keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher),
|
||||||
@ -326,7 +326,7 @@ KeyVersion innerSetKeyVersion(String versionName, byte[] material,
|
|||||||
e);
|
e);
|
||||||
}
|
}
|
||||||
changed = true;
|
changed = true;
|
||||||
return new KeyVersion(versionName, material);
|
return new KeyVersion(name, versionName, material);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -344,7 +344,7 @@ public KeyVersion rollNewVersion(String name,
|
|||||||
}
|
}
|
||||||
int nextVersion = meta.addVersion();
|
int nextVersion = meta.addVersion();
|
||||||
String versionName = buildVersionName(name, nextVersion);
|
String versionName = buildVersionName(name, nextVersion);
|
||||||
return innerSetKeyVersion(versionName, material, meta.getCipher());
|
return innerSetKeyVersion(name, versionName, material, meta.getCipher());
|
||||||
} finally {
|
} finally {
|
||||||
writeLock.unlock();
|
writeLock.unlock();
|
||||||
}
|
}
|
||||||
|
@ -63,14 +63,20 @@ public abstract class KeyProvider {
|
|||||||
* The combination of both the key version name and the key material.
|
* The combination of both the key version name and the key material.
|
||||||
*/
|
*/
|
||||||
public static class KeyVersion {
|
public static class KeyVersion {
|
||||||
|
private final String name;
|
||||||
private final String versionName;
|
private final String versionName;
|
||||||
private final byte[] material;
|
private final byte[] material;
|
||||||
|
|
||||||
protected KeyVersion(String versionName,
|
protected KeyVersion(String name, String versionName,
|
||||||
byte[] material) {
|
byte[] material) {
|
||||||
|
this.name = name;
|
||||||
this.versionName = versionName;
|
this.versionName = versionName;
|
||||||
this.material = material;
|
this.material = material;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getName() {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
public String getVersionName() {
|
public String getVersionName() {
|
||||||
return versionName;
|
return versionName;
|
||||||
|
@ -55,12 +55,13 @@ public boolean isTransient() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public synchronized KeyVersion getKeyVersion(String versionName) {
|
public synchronized KeyVersion getKeyVersion(String versionName)
|
||||||
|
throws IOException {
|
||||||
byte[] bytes = credentials.getSecretKey(new Text(versionName));
|
byte[] bytes = credentials.getSecretKey(new Text(versionName));
|
||||||
if (bytes == null) {
|
if (bytes == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return new KeyVersion(versionName, bytes);
|
return new KeyVersion(getBaseName(versionName), versionName, bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -94,7 +95,7 @@ public synchronized KeyVersion createKey(String name, byte[] material,
|
|||||||
String versionName = buildVersionName(name, 0);
|
String versionName = buildVersionName(name, 0);
|
||||||
credentials.addSecretKey(nameT, meta.serialize());
|
credentials.addSecretKey(nameT, meta.serialize());
|
||||||
credentials.addSecretKey(new Text(versionName), material);
|
credentials.addSecretKey(new Text(versionName), material);
|
||||||
return new KeyVersion(versionName, material);
|
return new KeyVersion(name, versionName, material);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -125,7 +126,7 @@ public synchronized KeyVersion rollNewVersion(String name,
|
|||||||
credentials.addSecretKey(new Text(name), meta.serialize());
|
credentials.addSecretKey(new Text(name), meta.serialize());
|
||||||
String versionName = buildVersionName(name, nextVersion);
|
String versionName = buildVersionName(name, nextVersion);
|
||||||
credentials.addSecretKey(new Text(versionName), material);
|
credentials.addSecretKey(new Text(versionName), material);
|
||||||
return new KeyVersion(versionName, material);
|
return new KeyVersion(name, versionName, material);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -84,8 +84,9 @@ private static KeyVersion parseJSONKeyVersion(Map valueMap) {
|
|||||||
byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD))
|
byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD))
|
||||||
? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD))
|
? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD))
|
||||||
: null;
|
: null;
|
||||||
keyVersion = new KMSKeyVersion((String)
|
String versionName = (String)valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD);
|
||||||
valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD), material);
|
String keyName = (String)valueMap.get(KMSRESTConstants.NAME_FIELD);
|
||||||
|
keyVersion = new KMSKeyVersion(keyName, versionName, material);
|
||||||
}
|
}
|
||||||
return keyVersion;
|
return keyVersion;
|
||||||
}
|
}
|
||||||
@ -362,8 +363,8 @@ private static <T> T call(HttpURLConnection conn, Map jsonOutput,
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static class KMSKeyVersion extends KeyVersion {
|
public static class KMSKeyVersion extends KeyVersion {
|
||||||
public KMSKeyVersion(String versionName, byte[] material) {
|
public KMSKeyVersion(String keyName, String versionName, byte[] material) {
|
||||||
super(versionName, material);
|
super(keyName, versionName, material);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ public void testParseVersionName() throws Exception {
|
|||||||
@Test
|
@Test
|
||||||
public void testKeyMaterial() throws Exception {
|
public void testKeyMaterial() throws Exception {
|
||||||
byte[] key1 = new byte[]{1,2,3,4};
|
byte[] key1 = new byte[]{1,2,3,4};
|
||||||
KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1@1", key1);
|
KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1);
|
||||||
assertEquals("key1@1", obj.getVersionName());
|
assertEquals("key1@1", obj.getVersionName());
|
||||||
assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial());
|
assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial());
|
||||||
}
|
}
|
||||||
|
@ -90,8 +90,8 @@ private static void assertAccess(KMSACLs.Type aclType, Principal principal,
|
|||||||
|
|
||||||
private static KeyProvider.KeyVersion removeKeyMaterial(
|
private static KeyProvider.KeyVersion removeKeyMaterial(
|
||||||
KeyProvider.KeyVersion keyVersion) {
|
KeyProvider.KeyVersion keyVersion) {
|
||||||
return new KMSClientProvider.KMSKeyVersion(keyVersion.getVersionName(),
|
return new KMSClientProvider.KMSKeyVersion(keyVersion.getName(),
|
||||||
null);
|
keyVersion.getVersionName(), null);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static URI getKeyURI(String name) throws URISyntaxException {
|
private static URI getKeyURI(String name) throws URISyntaxException {
|
||||||
|
@ -35,6 +35,8 @@ public class KMSServerJSONUtils {
|
|||||||
public static Map toJSON(KeyProvider.KeyVersion keyVersion) {
|
public static Map toJSON(KeyProvider.KeyVersion keyVersion) {
|
||||||
Map json = new LinkedHashMap();
|
Map json = new LinkedHashMap();
|
||||||
if (keyVersion != null) {
|
if (keyVersion != null) {
|
||||||
|
json.put(KMSRESTConstants.NAME_FIELD,
|
||||||
|
keyVersion.getName());
|
||||||
json.put(KMSRESTConstants.VERSION_NAME_FIELD,
|
json.put(KMSRESTConstants.VERSION_NAME_FIELD,
|
||||||
keyVersion.getVersionName());
|
keyVersion.getVersionName());
|
||||||
json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());
|
json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());
|
||||||
|
Loading…
Reference in New Issue
Block a user