Search in sources :

Example 1 with CryptoEnvironment

use of org.apache.accumulo.core.spi.crypto.CryptoEnvironment in project accumulo by apache.

the class CryptoUtils method getFileDecrypter.

/**
 * Read the decryption parameters from the DataInputStream and get the FileDecrypter associated
 * with the provided CryptoService and CryptoEnvironment.Scope.
 */
public static FileDecrypter getFileDecrypter(CryptoService cs, CryptoEnvironment.Scope scope, DataInputStream in) throws IOException {
    byte[] decryptionParams = readParams(in);
    CryptoEnvironment decEnv = new CryptoEnvironmentImpl(scope, decryptionParams);
    return cs.getFileDecrypter(decEnv);
}
Also used : CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment)

Example 2 with CryptoEnvironment

use of org.apache.accumulo.core.spi.crypto.CryptoEnvironment in project accumulo by apache.

the class CryptoTest method simpleGCMTest.

@Test
public void simpleGCMTest() throws Exception {
    AccumuloConfiguration conf = getAccumuloConfig(ConfigMode.CRYPTO_ON);
    CryptoService cs = new AESCryptoService();
    cs.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
    CryptoEnvironment encEnv = new CryptoEnvironmentImpl(Scope.RFILE, null);
    FileEncrypter encrypter = cs.getFileEncrypter(encEnv);
    byte[] params = encrypter.getDecryptionParameters();
    assertNotNull(params);
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    DataOutputStream dataOut = new DataOutputStream(out);
    CryptoUtils.writeParams(params, dataOut);
    OutputStream encrypted = encrypter.encryptStream(dataOut);
    assertNotNull(encrypted);
    DataOutputStream cipherOut = new DataOutputStream(encrypted);
    cipherOut.writeUTF(MARKER_STRING);
    cipherOut.close();
    dataOut.close();
    encrypted.close();
    out.close();
    byte[] cipherText = out.toByteArray();
    // decrypt
    ByteArrayInputStream in = new ByteArrayInputStream(cipherText);
    FileDecrypter decrypter = getFileDecrypter(cs, Scope.RFILE, new DataInputStream(in));
    DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(in));
    String plainText = decrypted.readUTF();
    decrypted.close();
    in.close();
    assertEquals(MARKER_STRING, new String(plainText));
}
Also used : CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment) DataOutputStream(java.io.DataOutputStream) FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream) CryptoUtils.getFileDecrypter(org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter) FileDecrypter(org.apache.accumulo.core.spi.crypto.FileDecrypter) DataOutputStream(java.io.DataOutputStream) NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DataInputStream(java.io.DataInputStream) FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter) AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService) AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService) CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService) ByteArrayInputStream(java.io.ByteArrayInputStream) AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration) Test(org.junit.jupiter.api.Test)

Example 3 with CryptoEnvironment

use of org.apache.accumulo.core.spi.crypto.CryptoEnvironment in project accumulo by apache.

the class DfsLogger method open.

/**
 * Opens a Write-Ahead Log file and writes the necessary header information and OPEN entry to the
 * file. The file is ready to be used for ingest if this method returns successfully. If an
 * exception is thrown from this method, it is the callers responsibility to ensure that
 * {@link #close()} is called to prevent leaking the file handle and/or syncing thread.
 *
 * @param address
 *          The address of the host using this WAL
 */
public synchronized void open(String address) throws IOException {
    String filename = UUID.randomUUID().toString();
    log.debug("Address is {}", address);
    String logger = Joiner.on("+").join(address.split(":"));
    log.debug("DfsLogger.open() begin");
    VolumeManager fs = conf.getVolumeManager();
    var chooserEnv = new VolumeChooserEnvironmentImpl(org.apache.accumulo.core.spi.fs.VolumeChooserEnvironment.Scope.LOGGER, context);
    logPath = fs.choose(chooserEnv, context.getBaseUris()) + Path.SEPARATOR + Constants.WAL_DIR + Path.SEPARATOR + logger + Path.SEPARATOR + filename;
    metaReference = toString();
    LoggerOperation op = null;
    try {
        Path logfilePath = new Path(logPath);
        short replication = (short) conf.getConfiguration().getCount(Property.TSERV_WAL_REPLICATION);
        if (replication == 0)
            replication = fs.getDefaultReplication(logfilePath);
        long blockSize = getWalBlockSize(conf.getConfiguration());
        if (conf.getConfiguration().getBoolean(Property.TSERV_WAL_SYNC))
            logFile = fs.createSyncable(logfilePath, 0, replication, blockSize);
        else
            logFile = fs.create(logfilePath, true, 0, replication, blockSize);
        // check again that logfile can be sync'd
        if (!fs.canSyncAndFlush(logfilePath)) {
            log.warn("sync not supported for log file {}. Data loss may occur.", logPath);
        }
        // Initialize the log file with a header and its encryption
        CryptoService cryptoService = context.getCryptoService();
        logFile.write(LOG_FILE_HEADER_V4.getBytes(UTF_8));
        log.debug("Using {} for encrypting WAL {}", cryptoService.getClass().getSimpleName(), filename);
        CryptoEnvironment env = new CryptoEnvironmentImpl(Scope.WAL, null);
        FileEncrypter encrypter = cryptoService.getFileEncrypter(env);
        byte[] cryptoParams = encrypter.getDecryptionParameters();
        CryptoUtils.writeParams(cryptoParams, logFile);
        /**
         * Always wrap the WAL in a NoFlushOutputStream to prevent extra flushing to HDFS. The
         * {@link #write(LogFileKey, LogFileValue)} method will flush crypto data or do nothing when
         * crypto is not enabled.
         */
        OutputStream encryptedStream = encrypter.encryptStream(new NoFlushOutputStream(logFile));
        if (encryptedStream instanceof NoFlushOutputStream) {
            encryptingLogFile = (NoFlushOutputStream) encryptedStream;
        } else {
            encryptingLogFile = new DataOutputStream(encryptedStream);
        }
        LogFileKey key = new LogFileKey();
        key.event = OPEN;
        key.tserverSession = filename;
        key.filename = filename;
        op = logKeyData(key, Durability.SYNC);
    } catch (Exception ex) {
        if (logFile != null)
            logFile.close();
        logFile = null;
        encryptingLogFile = null;
        throw new IOException(ex);
    }
    syncThread = Threads.createThread("Accumulo WALog thread " + this, new LogSyncingTask());
    syncThread.start();
    op.await();
    log.debug("Got new write-ahead log: {}", this);
}
Also used : Path(org.apache.hadoop.fs.Path) VolumeManager(org.apache.accumulo.server.fs.VolumeManager) CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment) DataOutputStream(java.io.DataOutputStream) FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream) DataOutputStream(java.io.DataOutputStream) NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream) FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream) DFSOutputStream(org.apache.hadoop.hdfs.DFSOutputStream) OutputStream(java.io.OutputStream) LogFileKey(org.apache.accumulo.tserver.logger.LogFileKey) IOException(java.io.IOException) EOFException(java.io.EOFException) ClosedChannelException(java.nio.channels.ClosedChannelException) IOException(java.io.IOException) FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter) CryptoEnvironmentImpl(org.apache.accumulo.core.crypto.CryptoEnvironmentImpl) VolumeChooserEnvironmentImpl(org.apache.accumulo.server.fs.VolumeChooserEnvironmentImpl) NoCryptoService(org.apache.accumulo.core.spi.crypto.NoCryptoService) CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService) NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)

Aggregations

CryptoEnvironment (org.apache.accumulo.core.spi.crypto.CryptoEnvironment)3 DataOutputStream (java.io.DataOutputStream)2 OutputStream (java.io.OutputStream)2 NoFlushOutputStream (org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)2 CryptoService (org.apache.accumulo.core.spi.crypto.CryptoService)2 FileEncrypter (org.apache.accumulo.core.spi.crypto.FileEncrypter)2 FSDataOutputStream (org.apache.hadoop.fs.FSDataOutputStream)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 DataInputStream (java.io.DataInputStream)1 EOFException (java.io.EOFException)1 IOException (java.io.IOException)1 ClosedChannelException (java.nio.channels.ClosedChannelException)1 AccumuloConfiguration (org.apache.accumulo.core.conf.AccumuloConfiguration)1 CryptoEnvironmentImpl (org.apache.accumulo.core.crypto.CryptoEnvironmentImpl)1 CryptoUtils.getFileDecrypter (org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)1 AESCryptoService (org.apache.accumulo.core.spi.crypto.AESCryptoService)1 FileDecrypter (org.apache.accumulo.core.spi.crypto.FileDecrypter)1 NoCryptoService (org.apache.accumulo.core.spi.crypto.NoCryptoService)1 VolumeChooserEnvironmentImpl (org.apache.accumulo.server.fs.VolumeChooserEnvironmentImpl)1