Search in sources :

Example 6 with CryptoCodec

use of org.apache.hadoop.crypto.CryptoCodec in project hadoop by apache.

the class DFSClient method createWrappedInputStream.

/**
   * Wraps the stream in a CryptoInputStream if the underlying file is
   * encrypted.
   */
public HdfsDataInputStream createWrappedInputStream(DFSInputStream dfsis) throws IOException {
    final FileEncryptionInfo feInfo = dfsis.getFileEncryptionInfo();
    if (feInfo != null) {
        // File is encrypted, wrap the stream in a crypto stream.
        // Currently only one version, so no special logic based on the version #
        getCryptoProtocolVersion(feInfo);
        final CryptoCodec codec = getCryptoCodec(conf, feInfo);
        final KeyVersion decrypted = decryptEncryptedDataEncryptionKey(feInfo);
        final CryptoInputStream cryptoIn = new CryptoInputStream(dfsis, codec, decrypted.getMaterial(), feInfo.getIV());
        return new HdfsDataInputStream(cryptoIn);
    } else {
        // No FileEncryptionInfo so no encryption.
        return new HdfsDataInputStream(dfsis);
    }
}
Also used : CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream) KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion) EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) CryptoCodec(org.apache.hadoop.crypto.CryptoCodec) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo) HdfsDataInputStream(org.apache.hadoop.hdfs.client.HdfsDataInputStream)

Example 7 with CryptoCodec

use of org.apache.hadoop.crypto.CryptoCodec in project hadoop by apache.

the class CryptoUtils method wrapIfNecessary.

/**
   * Wraps a given FSDataInputStream with a CryptoInputStream. The size of the
   * data buffer required for the stream is specified by the
   * "mapreduce.job.encrypted-intermediate-data.buffer.kb" Job configuration
   * variable.
   * 
   * @param conf configuration
   * @param in given input stream
   * @return FSDataInputStream encrypted input stream if encryption is
   *         enabled; otherwise the given input stream itself
   * @throws IOException exception in case of error
   */
public static FSDataInputStream wrapIfNecessary(Configuration conf, FSDataInputStream in) throws IOException {
    if (isEncryptedSpillEnabled(conf)) {
        CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf);
        int bufferSize = getBufferSize(conf);
        // Not going to be used... but still has to be read...
        // Since the O/P stream always writes it..
        IOUtils.readFully(in, new byte[8], 0, 8);
        byte[] iv = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
        IOUtils.readFully(in, iv, 0, cryptoCodec.getCipherSuite().getAlgorithmBlockSize());
        if (LOG.isDebugEnabled()) {
            LOG.debug("IV read from Stream [" + Base64.encodeBase64URLSafeString(iv) + "]");
        }
        return new CryptoFSDataInputStream(in, cryptoCodec, bufferSize, getEncryptionKey(), iv);
    } else {
        return in;
    }
}
Also used : CryptoFSDataInputStream(org.apache.hadoop.fs.crypto.CryptoFSDataInputStream) CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)

Example 8 with CryptoCodec

use of org.apache.hadoop.crypto.CryptoCodec in project hadoop by apache.

the class CryptoUtils method createIV.

/**
   * This method creates and initializes an IV (Initialization Vector)
   * 
   * @param conf configuration
   * @return byte[] initialization vector
   * @throws IOException exception in case of error
   */
public static byte[] createIV(Configuration conf) throws IOException {
    CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf);
    if (isEncryptedSpillEnabled(conf)) {
        byte[] iv = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
        cryptoCodec.generateSecureRandom(iv);
        return iv;
    } else {
        return null;
    }
}
Also used : CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)

Example 9 with CryptoCodec

use of org.apache.hadoop.crypto.CryptoCodec in project hadoop by apache.

the class DataTransferSaslUtil method createStreamPair.

/**
   * Create IOStreamPair of {@link org.apache.hadoop.crypto.CryptoInputStream}
   * and {@link org.apache.hadoop.crypto.CryptoOutputStream}
   *
   * @param conf the configuration
   * @param cipherOption negotiated cipher option
   * @param out underlying output stream
   * @param in underlying input stream
   * @param isServer is server side
   * @return IOStreamPair the stream pair
   * @throws IOException for any error
   */
public static IOStreamPair createStreamPair(Configuration conf, CipherOption cipherOption, OutputStream out, InputStream in, boolean isServer) throws IOException {
    LOG.debug("Creating IOStreamPair of CryptoInputStream and " + "CryptoOutputStream.");
    CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());
    byte[] inKey = cipherOption.getInKey();
    byte[] inIv = cipherOption.getInIv();
    byte[] outKey = cipherOption.getOutKey();
    byte[] outIv = cipherOption.getOutIv();
    InputStream cIn = new CryptoInputStream(in, codec, isServer ? inKey : outKey, isServer ? inIv : outIv);
    OutputStream cOut = new CryptoOutputStream(out, codec, isServer ? outKey : inKey, isServer ? outIv : inIv);
    return new IOStreamPair(cIn, cOut);
}
Also used : CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream) IOStreamPair(org.apache.hadoop.hdfs.protocol.datatransfer.IOStreamPair) CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream) InputStream(java.io.InputStream) CryptoOutputStream(org.apache.hadoop.crypto.CryptoOutputStream) OutputStream(java.io.OutputStream) CryptoCodec(org.apache.hadoop.crypto.CryptoCodec) CryptoOutputStream(org.apache.hadoop.crypto.CryptoOutputStream)

Example 10 with CryptoCodec

use of org.apache.hadoop.crypto.CryptoCodec in project hbase by apache.

the class FanOutOneBlockAsyncDFSOutputSaslHelper method createTransparentCryptoHelperWithHDFS12396.

private static TransparentCryptoHelper createTransparentCryptoHelperWithHDFS12396() throws ClassNotFoundException, NoSuchMethodException {
    Class<?> hdfsKMSUtilCls = Class.forName("org.apache.hadoop.hdfs.HdfsKMSUtil");
    Method decryptEncryptedDataEncryptionKeyMethod = hdfsKMSUtilCls.getDeclaredMethod("decryptEncryptedDataEncryptionKey", FileEncryptionInfo.class, KeyProvider.class);
    decryptEncryptedDataEncryptionKeyMethod.setAccessible(true);
    return new TransparentCryptoHelper() {

        @Override
        public Encryptor createEncryptor(Configuration conf, FileEncryptionInfo feInfo, DFSClient client) throws IOException {
            try {
                KeyVersion decryptedKey = (KeyVersion) decryptEncryptedDataEncryptionKeyMethod.invoke(null, feInfo, client.getKeyProvider());
                CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf, feInfo.getCipherSuite());
                Encryptor encryptor = cryptoCodec.createEncryptor();
                encryptor.init(decryptedKey.getMaterial(), feInfo.getIV());
                return encryptor;
            } catch (InvocationTargetException e) {
                Throwables.propagateIfPossible(e.getTargetException(), IOException.class);
                throw new RuntimeException(e.getTargetException());
            } catch (GeneralSecurityException e) {
                throw new IOException(e);
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            }
        }
    };
}
Also used : DFSClient(org.apache.hadoop.hdfs.DFSClient) Configuration(org.apache.hadoop.conf.Configuration) KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion) GeneralSecurityException(java.security.GeneralSecurityException) Encryptor(org.apache.hadoop.crypto.Encryptor) Method(java.lang.reflect.Method) IOException(java.io.IOException) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo) InvocationTargetException(java.lang.reflect.InvocationTargetException) CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)

Aggregations

CryptoCodec (org.apache.hadoop.crypto.CryptoCodec)11 IOException (java.io.IOException)5 KeyVersion (org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)5 FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)5 InvocationTargetException (java.lang.reflect.InvocationTargetException)3 Method (java.lang.reflect.Method)3 GeneralSecurityException (java.security.GeneralSecurityException)3 Configuration (org.apache.hadoop.conf.Configuration)3 CryptoInputStream (org.apache.hadoop.crypto.CryptoInputStream)3 Encryptor (org.apache.hadoop.crypto.Encryptor)3 DFSClient (org.apache.hadoop.hdfs.DFSClient)3 CipherSuite (org.apache.hadoop.crypto.CipherSuite)2 CryptoOutputStream (org.apache.hadoop.crypto.CryptoOutputStream)2 EncryptedKeyVersion (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)2 ByteString (com.google.protobuf.ByteString)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 CipherOption (org.apache.hadoop.crypto.CipherOption)1 CryptoFSDataInputStream (org.apache.hadoop.fs.crypto.CryptoFSDataInputStream)1 HdfsDataInputStream (org.apache.hadoop.hdfs.client.HdfsDataInputStream)1