Examples with CryptoProtocolVersion org.apache.hadoop.crypto.CryptoProtocolVersion used on opensource projects

Example 1 with CryptoProtocolVersion

use of org.apache.hadoop.crypto.CryptoProtocolVersion in project hadoop by apache.

the class FSNamesystem method chooseProtocolVersion.

/**
   * If the file is within an encryption zone, select the appropriate 
   * CryptoProtocolVersion from the list provided by the client. Since the
   * client may be newer, we need to handle unknown versions.
   *
   * @param zone EncryptionZone of the file
   * @param supportedVersions List of supported protocol versions
   * @return chosen protocol version
   * @throws IOException
   */
CryptoProtocolVersion chooseProtocolVersion(EncryptionZone zone, CryptoProtocolVersion[] supportedVersions) throws UnknownCryptoProtocolVersionException, UnresolvedLinkException, SnapshotAccessControlException {
    Preconditions.checkNotNull(zone);
    Preconditions.checkNotNull(supportedVersions);
    // Right now, we only support a single protocol version,
    // so simply look for it in the list of provided options
    final CryptoProtocolVersion required = zone.getVersion();
    for (CryptoProtocolVersion c : supportedVersions) {
        if (c.equals(CryptoProtocolVersion.UNKNOWN)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Ignoring unknown CryptoProtocolVersion provided by " + "client: " + c.getUnknownValue());
            }
            continue;
        }
        if (c.equals(required)) {
            return c;
        }
    }
    throw new UnknownCryptoProtocolVersionException("No crypto protocol versions provided by the client are supported." + " Client provided: " + Arrays.toString(supportedVersions) + " NameNode supports: " + Arrays.toString(CryptoProtocolVersion.values()));
}

Example 2 with CryptoProtocolVersion

use of org.apache.hadoop.crypto.CryptoProtocolVersion in project hadoop by apache.

the class PBHelperClient method convert.

public static FileEncryptionInfo convert(HdfsProtos.FileEncryptionInfoProto proto) {
    if (proto == null) {
        return null;
    }
    CipherSuite suite = convert(proto.getSuite());
    CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion());
    byte[] key = proto.getKey().toByteArray();
    byte[] iv = proto.getIv().toByteArray();
    String ezKeyVersionName = proto.getEzKeyVersionName();
    String keyName = proto.getKeyName();
    return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName);
}

Example 3 with CryptoProtocolVersion

use of org.apache.hadoop.crypto.CryptoProtocolVersion in project hadoop by apache.

the class FSDirEncryptionZoneOp method createEncryptionZone.

/**
   * Create an encryption zone on directory path using the specified key.
   *
   * @param fsd fsdirectory
   * @param srcArg the path of a directory which will be the root of the
   *               encryption zone. The directory must be empty
   * @param pc permission checker to check fs permission
   * @param cipher cipher
   * @param keyName name of a key which must be present in the configured
   *                KeyProvider
   * @param logRetryCache whether to record RPC ids in editlog for retry cache
   *                      rebuilding
   * @return HdfsFileStatus
   * @throws IOException
   */
static HdfsFileStatus createEncryptionZone(final FSDirectory fsd, final String srcArg, final FSPermissionChecker pc, final String cipher, final String keyName, final boolean logRetryCache) throws IOException {
    final CipherSuite suite = CipherSuite.convert(cipher);
    List<XAttr> xAttrs = Lists.newArrayListWithCapacity(1);
    // For now this is hard coded, as we only support one method.
    final CryptoProtocolVersion version = CryptoProtocolVersion.ENCRYPTION_ZONES;
    final INodesInPath iip;
    fsd.writeLock();
    try {
        iip = fsd.resolvePath(pc, srcArg, DirOp.WRITE);
        final XAttr ezXAttr = fsd.ezManager.createEncryptionZone(iip, suite, version, keyName);
        xAttrs.add(ezXAttr);
    } finally {
        fsd.writeUnlock();
    }
    fsd.getEditLog().logSetXAttrs(iip.getPath(), xAttrs, logRetryCache);
    return fsd.getAuditFileInfo(iip);
}

Example 4 with CryptoProtocolVersion

use of org.apache.hadoop.crypto.CryptoProtocolVersion in project hadoop by apache.

the class FSDirEncryptionZoneOp method getFileEncryptionInfo.

/**
   * This function combines the per-file encryption info (obtained
   * from the inode's XAttrs), and the encryption info from its zone, and
   * returns a consolidated FileEncryptionInfo instance. Null is returned
   * for non-encrypted or raw files.
   *
   * @param fsd fsdirectory
   * @param iip inodes in the path containing the file, passed in to
   *            avoid obtaining the list of inodes again
   * @return consolidated file encryption info; null for non-encrypted files
   */
static FileEncryptionInfo getFileEncryptionInfo(final FSDirectory fsd, final INodesInPath iip) throws IOException {
    if (iip.isRaw() || !fsd.ezManager.hasCreatedEncryptionZone() || !iip.getLastINode().isFile()) {
        return null;
    }
    fsd.readLock();
    try {
        EncryptionZone encryptionZone = getEZForPath(fsd, iip);
        if (encryptionZone == null) {
            // not an encrypted file
            return null;
        } else if (encryptionZone.getPath() == null || encryptionZone.getPath().isEmpty()) {
            if (NameNode.LOG.isDebugEnabled()) {
                NameNode.LOG.debug("Encryption zone " + encryptionZone.getPath() + " does not have a valid path.");
            }
        }
        final CryptoProtocolVersion version = encryptionZone.getVersion();
        final CipherSuite suite = encryptionZone.getSuite();
        final String keyName = encryptionZone.getKeyName();
        XAttr fileXAttr = FSDirXAttrOp.unprotectedGetXAttrByPrefixedName(iip, CRYPTO_XATTR_FILE_ENCRYPTION_INFO);
        if (fileXAttr == null) {
            NameNode.LOG.warn("Could not find encryption XAttr for file " + iip.getPath() + " in encryption zone " + encryptionZone.getPath());
            return null;
        }
        try {
            HdfsProtos.PerFileEncryptionInfoProto fileProto = HdfsProtos.PerFileEncryptionInfoProto.parseFrom(fileXAttr.getValue());
            return PBHelperClient.convert(fileProto, suite, version, keyName);
        } catch (InvalidProtocolBufferException e) {
            throw new IOException("Could not parse file encryption info for " + "inode " + iip.getPath(), e);
        }
    } finally {
        fsd.readUnlock();
    }
}

Example 5 with CryptoProtocolVersion

use of org.apache.hadoop.crypto.CryptoProtocolVersion in project hadoop by apache.

the class PBHelperClient method convert.

public static CryptoProtocolVersion convert(CryptoProtocolVersionProto proto) {
    switch(proto) {
        case ENCRYPTION_ZONES:
            return CryptoProtocolVersion.ENCRYPTION_ZONES;
        default:
            // Set to UNKNOWN and stash the unknown enum value
            CryptoProtocolVersion version = CryptoProtocolVersion.UNKNOWN;
            version.setUnknownValue(proto.getNumber());
            return version;
    }
}