Search in sources :

Example 1 with DefaultCryptoModule

use of org.apache.accumulo.core.security.crypto.DefaultCryptoModule in project accumulo by apache.

the class DfsLogger method readHeaderAndReturnStream.

public static DFSLoggerInputStreams readHeaderAndReturnStream(FSDataInputStream input, AccumuloConfiguration conf) throws IOException {
    DataInputStream decryptingInput = null;
    byte[] magic = DfsLogger.LOG_FILE_HEADER_V3.getBytes(UTF_8);
    byte[] magicBuffer = new byte[magic.length];
    try {
        input.readFully(magicBuffer);
        if (Arrays.equals(magicBuffer, magic)) {
            // additional parameters it needs from the underlying stream.
            String cryptoModuleClassname = input.readUTF();
            CryptoModule cryptoModule = CryptoModuleFactory.getCryptoModule(cryptoModuleClassname);
            // Create the parameters and set the input stream into those parameters
            CryptoModuleParameters params = CryptoModuleFactory.createParamsObjectFromAccumuloConfiguration(conf);
            params.setEncryptedInputStream(input);
            // Create the plaintext input stream from the encrypted one
            params = cryptoModule.getDecryptingInputStream(params);
            if (params.getPlaintextInputStream() instanceof DataInputStream) {
                decryptingInput = (DataInputStream) params.getPlaintextInputStream();
            } else {
                decryptingInput = new DataInputStream(params.getPlaintextInputStream());
            }
        } else {
            input.seek(0);
            byte[] magicV2 = DfsLogger.LOG_FILE_HEADER_V2.getBytes(UTF_8);
            byte[] magicBufferV2 = new byte[magicV2.length];
            input.readFully(magicBufferV2);
            if (Arrays.equals(magicBufferV2, magicV2)) {
                // Log files from 1.5 dump their options in raw to the logger files. Since we don't know the class
                // that needs to read those files, we can make a couple of basic assumptions. Either it's going to be
                // the NullCryptoModule (no crypto) or the DefaultCryptoModule.
                // If it's null, we won't have any parameters whatsoever. First, let's attempt to read
                // parameters
                Map<String, String> opts = new HashMap<>();
                int count = input.readInt();
                for (int i = 0; i < count; i++) {
                    String key = input.readUTF();
                    String value = input.readUTF();
                    opts.put(key, value);
                }
                if (opts.size() == 0) {
                    // NullCryptoModule, we're done
                    decryptingInput = input;
                } else {
                    // The DefaultCryptoModule will want to read the parameters from the underlying file, so we will put the file back to that spot.
                    org.apache.accumulo.core.security.crypto.CryptoModule cryptoModule = org.apache.accumulo.core.security.crypto.CryptoModuleFactory.getCryptoModule(DefaultCryptoModule.class.getName());
                    CryptoModuleParameters params = CryptoModuleFactory.createParamsObjectFromAccumuloConfiguration(conf);
                    // go back to the beginning, but skip over magicV2 already checked earlier
                    input.seek(magicV2.length);
                    params.setEncryptedInputStream(input);
                    params = cryptoModule.getDecryptingInputStream(params);
                    if (params.getPlaintextInputStream() instanceof DataInputStream) {
                        decryptingInput = (DataInputStream) params.getPlaintextInputStream();
                    } else {
                        decryptingInput = new DataInputStream(params.getPlaintextInputStream());
                    }
                }
            } else {
                input.seek(0);
                decryptingInput = input;
            }
        }
    } catch (EOFException e) {
        log.warn("Got EOFException trying to read WAL header information, assuming the rest of the file has no data.");
        // A TabletServer might have died before the (complete) header was written
        throw new LogHeaderIncompleteException(e);
    }
    return new DFSLoggerInputStreams(input, decryptingInput);
}
Also used : CryptoModule(org.apache.accumulo.core.security.crypto.CryptoModule) DefaultCryptoModule(org.apache.accumulo.core.security.crypto.DefaultCryptoModule) HashMap(java.util.HashMap) DefaultCryptoModule(org.apache.accumulo.core.security.crypto.DefaultCryptoModule) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) DataInputStream(java.io.DataInputStream) CryptoModule(org.apache.accumulo.core.security.crypto.CryptoModule) CryptoModuleParameters(org.apache.accumulo.core.security.crypto.CryptoModuleParameters) EOFException(java.io.EOFException)

Aggregations

DataInputStream (java.io.DataInputStream)1 EOFException (java.io.EOFException)1 HashMap (java.util.HashMap)1 CryptoModule (org.apache.accumulo.core.security.crypto.CryptoModule)1 CryptoModuleParameters (org.apache.accumulo.core.security.crypto.CryptoModuleParameters)1 DefaultCryptoModule (org.apache.accumulo.core.security.crypto.DefaultCryptoModule)1 FSDataInputStream (org.apache.hadoop.fs.FSDataInputStream)1