Example 1 with FileEncrypter
use of org.apache.accumulo.core.spi.crypto.FileEncrypter in project accumulo by apache.
the class CryptoTest method simpleGCMTest.
@Test
public void simpleGCMTest() throws Exception {
AccumuloConfiguration conf = getAccumuloConfig(ConfigMode.CRYPTO_ON);
CryptoService cs = new AESCryptoService();
cs.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
CryptoEnvironment encEnv = new CryptoEnvironmentImpl(Scope.RFILE, null);
FileEncrypter encrypter = cs.getFileEncrypter(encEnv);
byte[] params = encrypter.getDecryptionParameters();
assertNotNull(params);
ByteArrayOutputStream out = new ByteArrayOutputStream();
DataOutputStream dataOut = new DataOutputStream(out);
CryptoUtils.writeParams(params, dataOut);
OutputStream encrypted = encrypter.encryptStream(dataOut);
assertNotNull(encrypted);
DataOutputStream cipherOut = new DataOutputStream(encrypted);
cipherOut.writeUTF(MARKER_STRING);
cipherOut.close();
dataOut.close();
encrypted.close();
out.close();
byte[] cipherText = out.toByteArray();
// decrypt
ByteArrayInputStream in = new ByteArrayInputStream(cipherText);
FileDecrypter decrypter = getFileDecrypter(cs, Scope.RFILE, new DataInputStream(in));
DataInputStream decrypted = new DataInputStream(decrypter.decryptStream(in));
String plainText = decrypted.readUTF();
decrypted.close();
in.close();
assertEquals(MARKER_STRING, new String(plainText));
}
Also used :
CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment)
DataOutputStream(java.io.DataOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
CryptoUtils.getFileDecrypter(org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)
FileDecrypter(org.apache.accumulo.core.spi.crypto.FileDecrypter)
DataOutputStream(java.io.DataOutputStream)
NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DataInputStream(java.io.DataInputStream)
FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter)
AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService)
AESCryptoService(org.apache.accumulo.core.spi.crypto.AESCryptoService)
CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration)
Test(org.junit.jupiter.api.Test)
Example 2 with FileEncrypter
use of org.apache.accumulo.core.spi.crypto.FileEncrypter in project accumulo by apache.
the class DfsLogger method open.
/**
* Opens a Write-Ahead Log file and writes the necessary header information and OPEN entry to the
* file. The file is ready to be used for ingest if this method returns successfully. If an
* exception is thrown from this method, it is the callers responsibility to ensure that
* {@link #close()} is called to prevent leaking the file handle and/or syncing thread.
*
* @param address
* The address of the host using this WAL
*/
public synchronized void open(String address) throws IOException {
String filename = UUID.randomUUID().toString();
log.debug("Address is {}", address);
String logger = Joiner.on("+").join(address.split(":"));
log.debug("DfsLogger.open() begin");
VolumeManager fs = conf.getVolumeManager();
var chooserEnv = new VolumeChooserEnvironmentImpl(org.apache.accumulo.core.spi.fs.VolumeChooserEnvironment.Scope.LOGGER, context);
logPath = fs.choose(chooserEnv, context.getBaseUris()) + Path.SEPARATOR + Constants.WAL_DIR + Path.SEPARATOR + logger + Path.SEPARATOR + filename;
metaReference = toString();
LoggerOperation op = null;
try {
Path logfilePath = new Path(logPath);
short replication = (short) conf.getConfiguration().getCount(Property.TSERV_WAL_REPLICATION);
if (replication == 0)
replication = fs.getDefaultReplication(logfilePath);
long blockSize = getWalBlockSize(conf.getConfiguration());
if (conf.getConfiguration().getBoolean(Property.TSERV_WAL_SYNC))
logFile = fs.createSyncable(logfilePath, 0, replication, blockSize);
else
logFile = fs.create(logfilePath, true, 0, replication, blockSize);
// check again that logfile can be sync'd
if (!fs.canSyncAndFlush(logfilePath)) {
log.warn("sync not supported for log file {}. Data loss may occur.", logPath);
}
// Initialize the log file with a header and its encryption
CryptoService cryptoService = context.getCryptoService();
logFile.write(LOG_FILE_HEADER_V4.getBytes(UTF_8));
log.debug("Using {} for encrypting WAL {}", cryptoService.getClass().getSimpleName(), filename);
CryptoEnvironment env = new CryptoEnvironmentImpl(Scope.WAL, null);
FileEncrypter encrypter = cryptoService.getFileEncrypter(env);
byte[] cryptoParams = encrypter.getDecryptionParameters();
CryptoUtils.writeParams(cryptoParams, logFile);
/**
* Always wrap the WAL in a NoFlushOutputStream to prevent extra flushing to HDFS. The
* {@link #write(LogFileKey, LogFileValue)} method will flush crypto data or do nothing when
* crypto is not enabled.
*/
OutputStream encryptedStream = encrypter.encryptStream(new NoFlushOutputStream(logFile));
if (encryptedStream instanceof NoFlushOutputStream) {
encryptingLogFile = (NoFlushOutputStream) encryptedStream;
} else {
encryptingLogFile = new DataOutputStream(encryptedStream);
}
LogFileKey key = new LogFileKey();
key.event = OPEN;
key.tserverSession = filename;
key.filename = filename;
op = logKeyData(key, Durability.SYNC);
} catch (Exception ex) {
if (logFile != null)
logFile.close();
logFile = null;
encryptingLogFile = null;
throw new IOException(ex);
}
syncThread = Threads.createThread("Accumulo WALog thread " + this, new LogSyncingTask());
syncThread.start();
op.await();
log.debug("Got new write-ahead log: {}", this);
}
Also used :
Path(org.apache.hadoop.fs.Path)
VolumeManager(org.apache.accumulo.server.fs.VolumeManager)
CryptoEnvironment(org.apache.accumulo.core.spi.crypto.CryptoEnvironment)
DataOutputStream(java.io.DataOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
DataOutputStream(java.io.DataOutputStream)
NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
DFSOutputStream(org.apache.hadoop.hdfs.DFSOutputStream)
OutputStream(java.io.OutputStream)
LogFileKey(org.apache.accumulo.tserver.logger.LogFileKey)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
ClosedChannelException(java.nio.channels.ClosedChannelException)
IOException(java.io.IOException)
FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter)
CryptoEnvironmentImpl(org.apache.accumulo.core.crypto.CryptoEnvironmentImpl)
VolumeChooserEnvironmentImpl(org.apache.accumulo.server.fs.VolumeChooserEnvironmentImpl)
NoCryptoService(org.apache.accumulo.core.spi.crypto.NoCryptoService)
CryptoService(org.apache.accumulo.core.spi.crypto.CryptoService)
NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)
Example 3 with FileEncrypter
use of org.apache.accumulo.core.spi.crypto.FileEncrypter in project accumulo by apache.
the class CryptoTest method encrypt.
private <C extends CryptoService> byte[] encrypt(C cs, Scope scope, ConfigMode configMode) throws Exception {
AccumuloConfiguration conf = getAccumuloConfig(configMode);
cs.init(conf.getAllPropertiesWithPrefix(Property.INSTANCE_CRYPTO_PREFIX));
CryptoEnvironmentImpl env = new CryptoEnvironmentImpl(scope, null);
FileEncrypter encrypter = cs.getFileEncrypter(env);
byte[] params = encrypter.getDecryptionParameters();
assertNotNull(encrypter, "CryptoService returned null FileEncrypter");
ByteArrayOutputStream out = new ByteArrayOutputStream();
DataOutputStream dataOut = new DataOutputStream(out);
CryptoUtils.writeParams(params, dataOut);
DataOutputStream encrypted = new DataOutputStream(encrypter.encryptStream(new NoFlushOutputStream(dataOut)));
assertNotNull(encrypted);
encrypted.writeUTF(MARKER_STRING);
encrypted.writeInt(MARKER_INT);
encrypted.close();
dataOut.close();
out.close();
return out.toByteArray();
}
Also used :
FileEncrypter(org.apache.accumulo.core.spi.crypto.FileEncrypter)
NoFlushOutputStream(org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)
DataOutputStream(java.io.DataOutputStream)
FSDataOutputStream(org.apache.hadoop.fs.FSDataOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
AccumuloConfiguration(org.apache.accumulo.core.conf.AccumuloConfiguration)
Aggregations
DataOutputStream (java.io.DataOutputStream)3
NoFlushOutputStream (org.apache.accumulo.core.crypto.streams.NoFlushOutputStream)3
FileEncrypter (org.apache.accumulo.core.spi.crypto.FileEncrypter)3
FSDataOutputStream (org.apache.hadoop.fs.FSDataOutputStream)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
OutputStream (java.io.OutputStream)2
AccumuloConfiguration (org.apache.accumulo.core.conf.AccumuloConfiguration)2
CryptoEnvironment (org.apache.accumulo.core.spi.crypto.CryptoEnvironment)2
CryptoService (org.apache.accumulo.core.spi.crypto.CryptoService)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
DataInputStream (java.io.DataInputStream)1
EOFException (java.io.EOFException)1
IOException (java.io.IOException)1
ClosedChannelException (java.nio.channels.ClosedChannelException)1
CryptoEnvironmentImpl (org.apache.accumulo.core.crypto.CryptoEnvironmentImpl)1
CryptoUtils.getFileDecrypter (org.apache.accumulo.core.crypto.CryptoUtils.getFileDecrypter)1
AESCryptoService (org.apache.accumulo.core.spi.crypto.AESCryptoService)1
FileDecrypter (org.apache.accumulo.core.spi.crypto.FileDecrypter)1
NoCryptoService (org.apache.accumulo.core.spi.crypto.NoCryptoService)1
VolumeChooserEnvironmentImpl (org.apache.accumulo.server.fs.VolumeChooserEnvironmentImpl)1
