diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 85aeaf40f4..f7f20ede41 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -197,6 +197,8 @@ Trunk (Unreleased) HADOOP-10793. KeyShell args should use single-dash style. (wang) + HADOOP-10936. Change default KeyProvider bitlength to 128. (wang) + BUG FIXES HADOOP-9451. Fault single-layer config if node group topology is enabled. diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java index 3576badada..a34ae10a71 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java @@ -54,7 +54,7 @@ public abstract class KeyProvider { public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding"; public static final String DEFAULT_BITLENGTH_NAME = "hadoop.security.key.default.bitlength"; - public static final int DEFAULT_BITLENGTH = 256; + public static final int DEFAULT_BITLENGTH = 128; /** * The combination of both the key version name and the key material. @@ -341,6 +341,16 @@ public String getDescription() { public Map getAttributes() { return (attributes == null) ? Collections.EMPTY_MAP : attributes; } + + @Override + public String toString() { + return "Options{" + + "cipher='" + cipher + '\'' + + ", bitLength=" + bitLength + + ", description='" + description + '\'' + + ", attributes=" + attributes + + '}'; + } } /** diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java index 6d50c9168d..1fb91c65e7 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java @@ -445,7 +445,7 @@ private class CreateCommand extends Command { "by the argument within the provider specified by the\n" + "-provider argument. You may specify a cipher with the -cipher\n" + "argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" + - "The default keysize is 256. You may specify the requested key\n" + + "The default keysize is 128. You may specify the requested key\n" + "length using the -size argument. Arbitrary attribute=value\n" + "style attributes may be specified using the -attr argument.\n" + "-attr may be specified multiple times, once per attribute.\n"; @@ -479,7 +479,8 @@ public void execute() throws IOException, NoSuchAlgorithmException { warnIfTransientProvider(); try { provider.createKey(keyName, options); - out.println(keyName + " has been successfully created."); + out.println(keyName + " has been successfully created with options " + + options.toString() + "."); provider.flush(); printProviderWritten(); } catch (InvalidParameterException e) { diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java index 5981a2a6a3..d65d9b212b 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java @@ -110,7 +110,7 @@ public void testKeySuccessfulKeyLifecycle() throws Exception { rc = ks.run(args1); assertEquals(0, rc); assertTrue(outContent.toString().contains(keyName + " has been " + - "successfully created.")); + "successfully created")); String listOut = listKeys(ks, false); assertTrue(listOut.contains(keyName)); @@ -145,7 +145,7 @@ public void testKeySuccessfulCreationWithDescription() throws Exception { rc = ks.run(args1); assertEquals(0, rc); assertTrue(outContent.toString().contains("key1 has been successfully " + - "created.")); + "created")); String listOut = listKeys(ks, true); assertTrue(listOut.contains("description")); @@ -233,7 +233,7 @@ public void testFullCipher() throws Exception { rc = ks.run(args1); assertEquals(0, rc); assertTrue(outContent.toString().contains(keyName + " has been " + - "successfully " + "created.")); + "successfully created")); deleteKey(ks, keyName); } @@ -250,7 +250,7 @@ public void testAttributes() throws Exception { rc = ks.run(args1); assertEquals(0, rc); assertTrue(outContent.toString().contains("keyattr1 has been " + - "successfully " + "created.")); + "successfully created")); /* ...and list to see that we have the attr */ String listOut = listKeys(ks, true); diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java index 571ab96535..aaf90e8cff 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java @@ -181,12 +181,19 @@ public void contextInitialized(ServletContextEvent sce) { keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis); } + LOG.info("Initialized KeyProvider " + keyProvider); + keyProviderCryptoExtension = KeyProviderCryptoExtension. createKeyProviderCryptoExtension(keyProvider); keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf, keyProviderCryptoExtension); - + LOG.info("Initialized KeyProviderCryptoExtension " + + keyProviderCryptoExtension); + final int defaultBitlength = kmsConf + .getInt(KeyProvider.DEFAULT_BITLENGTH_NAME, + KeyProvider.DEFAULT_BITLENGTH); + LOG.info("Default key bitlength is {}", defaultBitlength); LOG.info("KMS Started"); } catch (Throwable ex) { System.out.println();