HDFS-7179. DFSClient should instantiate a KeyProvider, not a KeyProviderCryptoExtension. (wang)
This commit is contained in:
parent
a56f3ecf86
commit
d2d5a0ea03
@ -900,6 +900,9 @@ Release 2.6.0 - UNRELEASED
|
||||
HDFS-7162. Wrong path when deleting through fuse-dfs a file which already
|
||||
exists in trash (Chengbing Liu via cmccabe)
|
||||
|
||||
HDFS-7179. DFSClient should instantiate a KeyProvider, not a
|
||||
KeyProviderCryptoExtension. (wang)
|
||||
|
||||
BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
|
||||
|
||||
HDFS-6387. HDFS CLI admin tool for creating & deleting an
|
||||
|
@ -104,6 +104,7 @@
|
||||
import org.apache.hadoop.crypto.CryptoInputStream;
|
||||
import org.apache.hadoop.crypto.CryptoOutputStream;
|
||||
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
||||
import org.apache.hadoop.crypto.key.KeyProvider;
|
||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||
import org.apache.hadoop.fs.BlockLocation;
|
||||
import org.apache.hadoop.fs.BlockStorageLocation;
|
||||
@ -264,7 +265,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||
new DFSHedgedReadMetrics();
|
||||
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
|
||||
@VisibleForTesting
|
||||
KeyProviderCryptoExtension provider;
|
||||
KeyProvider provider;
|
||||
/**
|
||||
* DFSClient configuration
|
||||
*/
|
||||
@ -596,7 +597,7 @@ public DFSClient(URI nameNodeUri, ClientProtocol rpcNamenode,
|
||||
this.authority = nameNodeUri == null? "null": nameNodeUri.getAuthority();
|
||||
this.clientName = "DFSClient_" + dfsClientConf.taskId + "_" +
|
||||
DFSUtil.getRandom().nextInt() + "_" + Thread.currentThread().getId();
|
||||
provider = DFSUtil.createKeyProviderCryptoExtension(conf);
|
||||
provider = DFSUtil.createKeyProvider(conf);
|
||||
if (LOG.isDebugEnabled()) {
|
||||
if (provider == null) {
|
||||
LOG.debug("No KeyProvider found.");
|
||||
@ -1315,7 +1316,9 @@ private KeyVersion decryptEncryptedDataEncryptionKey(FileEncryptionInfo
|
||||
feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
|
||||
feInfo.getEncryptedDataEncryptionKey());
|
||||
try {
|
||||
return provider.decryptEncryptedKey(ekv);
|
||||
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
|
||||
.createKeyProviderCryptoExtension(provider);
|
||||
return cryptoProvider.decryptEncryptedKey(ekv);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new IOException(e);
|
||||
}
|
||||
@ -3138,7 +3141,7 @@ DFSHedgedReadMetrics getHedgedReadMetrics() {
|
||||
return HEDGED_READ_METRIC;
|
||||
}
|
||||
|
||||
public KeyProviderCryptoExtension getKeyProvider() {
|
||||
public KeyProvider getKeyProvider() {
|
||||
return provider;
|
||||
}
|
||||
|
||||
|
@ -1791,15 +1791,14 @@ public static void assertAllResultsEqual(Collection<?> objects)
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new KeyProviderCryptoExtension by wrapping the
|
||||
* KeyProvider specified in the given Configuration.
|
||||
* Creates a new KeyProvider from the given Configuration.
|
||||
*
|
||||
* @param conf Configuration
|
||||
* @return new KeyProviderCryptoExtension, or null if no provider was found.
|
||||
* @return new KeyProvider, or null if no provider was found.
|
||||
* @throws IOException if the KeyProvider is improperly specified in
|
||||
* the Configuration
|
||||
*/
|
||||
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
|
||||
public static KeyProvider createKeyProvider(
|
||||
final Configuration conf) throws IOException {
|
||||
final String providerUriStr =
|
||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
||||
@ -1823,6 +1822,24 @@ public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
|
||||
throw new IOException("KeyProvider " + keyProvider.toString()
|
||||
+ " was found but it is a transient provider.");
|
||||
}
|
||||
return keyProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new KeyProviderCryptoExtension by wrapping the
|
||||
* KeyProvider specified in the given Configuration.
|
||||
*
|
||||
* @param conf Configuration
|
||||
* @return new KeyProviderCryptoExtension, or null if no provider was found.
|
||||
* @throws IOException if the KeyProvider is improperly specified in
|
||||
* the Configuration
|
||||
*/
|
||||
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
|
||||
final Configuration conf) throws IOException {
|
||||
KeyProvider keyProvider = createKeyProvider(conf);
|
||||
if (keyProvider == null) {
|
||||
return null;
|
||||
}
|
||||
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
|
||||
.createKeyProviderCryptoExtension(keyProvider);
|
||||
return cryptoProvider;
|
||||
|
@ -43,7 +43,6 @@
|
||||
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
||||
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
|
||||
import org.apache.hadoop.crypto.key.KeyProvider;
|
||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||
import org.apache.hadoop.crypto.key.KeyProviderFactory;
|
||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||
import org.apache.hadoop.fs.CreateFlag;
|
||||
@ -1043,7 +1042,7 @@ public void doCleanup() throws Exception {
|
||||
public void testDelegationToken() throws Exception {
|
||||
UserGroupInformation.createRemoteUser("JobTracker");
|
||||
DistributedFileSystem dfs = cluster.getFileSystem();
|
||||
KeyProviderCryptoExtension keyProvider = Mockito.mock(KeyProviderCryptoExtension.class,
|
||||
KeyProvider keyProvider = Mockito.mock(KeyProvider.class,
|
||||
withSettings().extraInterfaces(
|
||||
DelegationTokenExtension.class,
|
||||
CryptoExtension.class));
|
||||
|
Loading…
Reference in New Issue
Block a user