Example 1 with CryptoInputStream
use of org.apache.hadoop.crypto.CryptoInputStream in project hadoop by apache.
the class CryptoUtils method wrapIfNecessary.
/**
* Wraps a given InputStream with a CryptoInputStream. The size of the data
* buffer required for the stream is specified by the
* "mapreduce.job.encrypted-intermediate-data.buffer.kb" Job configuration
* variable.
*
* If the value of 'length' is > -1, The InputStream is additionally
* wrapped in a LimitInputStream. CryptoStreams are late buffering in nature.
* This means they will always try to read ahead if they can. The
* LimitInputStream will ensure that the CryptoStream does not read past the
* provided length from the given Input Stream.
*
* @param conf configuration
* @param in given input stream
* @param length maximum number of bytes to read from the input stream
* @return InputStream encrypted input stream if encryption is
* enabled; otherwise the given input stream itself
* @throws IOException exception in case of error
*/
public static InputStream wrapIfNecessary(Configuration conf, InputStream in, long length) throws IOException {
if (isEncryptedSpillEnabled(conf)) {
int bufferSize = getBufferSize(conf);
if (length > -1) {
in = new LimitInputStream(in, length);
}
byte[] offsetArray = new byte[8];
IOUtils.readFully(in, offsetArray, 0, 8);
long offset = ByteBuffer.wrap(offsetArray).getLong();
CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf);
byte[] iv = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
IOUtils.readFully(in, iv, 0, cryptoCodec.getCipherSuite().getAlgorithmBlockSize());
if (LOG.isDebugEnabled()) {
LOG.debug("IV read from [" + Base64.encodeBase64URLSafeString(iv) + "]");
}
return new CryptoInputStream(in, cryptoCodec, bufferSize, getEncryptionKey(), iv, offset + cryptoPadding(conf));
} else {
return in;
}
}
Also used :
CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream)
CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)
LimitInputStream(org.apache.hadoop.util.LimitInputStream)
Example 2 with CryptoInputStream
use of org.apache.hadoop.crypto.CryptoInputStream in project hadoop by apache.
the class DFSClient method createWrappedInputStream.
/**
* Wraps the stream in a CryptoInputStream if the underlying file is
* encrypted.
*/
public HdfsDataInputStream createWrappedInputStream(DFSInputStream dfsis) throws IOException {
final FileEncryptionInfo feInfo = dfsis.getFileEncryptionInfo();
if (feInfo != null) {
// File is encrypted, wrap the stream in a crypto stream.
// Currently only one version, so no special logic based on the version #
getCryptoProtocolVersion(feInfo);
final CryptoCodec codec = getCryptoCodec(conf, feInfo);
final KeyVersion decrypted = decryptEncryptedDataEncryptionKey(feInfo);
final CryptoInputStream cryptoIn = new CryptoInputStream(dfsis, codec, decrypted.getMaterial(), feInfo.getIV());
return new HdfsDataInputStream(cryptoIn);
} else {
// No FileEncryptionInfo so no encryption.
return new HdfsDataInputStream(dfsis);
}
}
Also used :
CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream)
KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)
EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)
CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)
FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo)
HdfsDataInputStream(org.apache.hadoop.hdfs.client.HdfsDataInputStream)
Example 3 with CryptoInputStream
use of org.apache.hadoop.crypto.CryptoInputStream in project hadoop by apache.
the class DataTransferSaslUtil method createStreamPair.
/**
* Create IOStreamPair of {@link org.apache.hadoop.crypto.CryptoInputStream}
* and {@link org.apache.hadoop.crypto.CryptoOutputStream}
*
* @param conf the configuration
* @param cipherOption negotiated cipher option
* @param out underlying output stream
* @param in underlying input stream
* @param isServer is server side
* @return IOStreamPair the stream pair
* @throws IOException for any error
*/
public static IOStreamPair createStreamPair(Configuration conf, CipherOption cipherOption, OutputStream out, InputStream in, boolean isServer) throws IOException {
LOG.debug("Creating IOStreamPair of CryptoInputStream and " + "CryptoOutputStream.");
CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());
byte[] inKey = cipherOption.getInKey();
byte[] inIv = cipherOption.getInIv();
byte[] outKey = cipherOption.getOutKey();
byte[] outIv = cipherOption.getOutIv();
InputStream cIn = new CryptoInputStream(in, codec, isServer ? inKey : outKey, isServer ? inIv : outIv);
OutputStream cOut = new CryptoOutputStream(out, codec, isServer ? outKey : inKey, isServer ? outIv : inIv);
return new IOStreamPair(cIn, cOut);
}
Also used :
CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream)
IOStreamPair(org.apache.hadoop.hdfs.protocol.datatransfer.IOStreamPair)
CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream)
InputStream(java.io.InputStream)
CryptoOutputStream(org.apache.hadoop.crypto.CryptoOutputStream)
OutputStream(java.io.OutputStream)
CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)
CryptoOutputStream(org.apache.hadoop.crypto.CryptoOutputStream)
Aggregations
CryptoCodec (org.apache.hadoop.crypto.CryptoCodec)3
CryptoInputStream (org.apache.hadoop.crypto.CryptoInputStream)3
InputStream (java.io.InputStream)1
OutputStream (java.io.OutputStream)1
CryptoOutputStream (org.apache.hadoop.crypto.CryptoOutputStream)1
KeyVersion (org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)1
EncryptedKeyVersion (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)1
FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)1
HdfsDataInputStream (org.apache.hadoop.hdfs.client.HdfsDataInputStream)1
IOStreamPair (org.apache.hadoop.hdfs.protocol.datatransfer.IOStreamPair)1
LimitInputStream (org.apache.hadoop.util.LimitInputStream)1
