Examples with Metadata org.apache.hadoop.crypto.key.KeyProvider.Metadata used on opensource projects
Example 1 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project hadoop by apache.
the class FSNamesystem method createEncryptionZone.
/**
* Create an encryption zone on directory src using the specified key.
*
* @param src the path of a directory which will be the root of the
* encryption zone. The directory must be empty.
* @param keyName name of a key which must be present in the configured
* KeyProvider.
* @throws AccessControlException if the caller is not the superuser.
* @throws UnresolvedLinkException if the path can't be resolved.
* @throws SafeModeException if the Namenode is in safe mode.
*/
void createEncryptionZone(final String src, final String keyName, boolean logRetryCache) throws IOException, UnresolvedLinkException, SafeModeException, AccessControlException {
final String operationName = "createEncryptionZone";
try {
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir, keyName, src);
checkSuperuserPrivilege();
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
final HdfsFileStatus resultingStat;
writeLock();
try {
checkSuperuserPrivilege();
checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src, pc, metadata.getCipher(), keyName, logRetryCache);
} finally {
writeUnlock(operationName);
}
getEditLog().logSync();
logAuditEvent(true, operationName, src, null, resultingStat);
} catch (AccessControlException e) {
logAuditEvent(false, operationName, src);
throw e;
}
}
Also used :
HdfsFileStatus(org.apache.hadoop.hdfs.protocol.HdfsFileStatus)
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
AccessControlException(org.apache.hadoop.security.AccessControlException)
SnapshotAccessControlException(org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException)
Example 2 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project ranger by apache.
the class RangerKeyStore method engineGetDecryptedZoneKey.
public Key engineGetDecryptedZoneKey(String alias) throws Exception {
byte[] decryptKeyByte = engineGetDecryptedZoneKeyByte(alias);
Metadata metadata = engineGetKeyMetadata(alias);
Key k = new KeyByteMetadata(metadata, decryptKeyByte);
return k;
}
Also used :
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Example 3 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project ranger by apache.
the class RangerKeyStore method convertKeysBetweenRangerKMSAndHSM.
private XXRangerKeyStore convertKeysBetweenRangerKMSAndHSM(String alias, Key key, RangerKMSMKI rangerMKeyProvider) {
try {
XXRangerKeyStore xxRangerKeyStore;
SecretKeyEntry secretKey = (SecretKeyEntry) getKeyEntry(alias);
if (key instanceof KeyMetadata) {
Metadata meta = ((KeyMetadata) key).metadata;
KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(meta.getCipher()));
keyGenerator.init(meta.getBitLength());
byte[] keyByte = keyGenerator.generateKey().getEncoded();
Key ezkey = new SecretKeySpec(keyByte, getAlgorithm(meta.getCipher()));
byte[] encryptedKey = rangerMKeyProvider.encryptZoneKey(ezkey);
Long creationDate = new Date().getTime();
String attributes = secretKey.attributes;
xxRangerKeyStore = mapObjectToEntity(alias, creationDate, encryptedKey, meta.getCipher(), meta.getBitLength(), meta.getDescription(), meta.getVersions(), attributes);
} else {
byte[] encryptedKey = rangerMKeyProvider.encryptZoneKey(key);
Long creationDate = secretKey.date.getTime();
int version = secretKey.version;
if ((alias.split("@").length == 2) && (((Integer.parseInt(alias.split("@")[1])) + 1) != secretKey.version)) {
version++;
}
xxRangerKeyStore = mapObjectToEntity(alias, creationDate, encryptedKey, secretKey.cipher_field, secretKey.bit_length, secretKey.description, version, secretKey.attributes);
}
return xxRangerKeyStore;
} catch (Throwable t) {
throw new RuntimeException("Migration failed between key secure and Ranger DB : ", t);
}
}
Also used :
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
Date(java.util.Date)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyGenerator(javax.crypto.KeyGenerator)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Example 4 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project ranger by apache.
the class RangerKeyStore method engineGetKeyMetadata.
public Metadata engineGetKeyMetadata(String alias) {
Object entry = keyEntries.get(convertAlias(alias));
if (!(entry instanceof SecretKeyByteEntry)) {
return null;
}
SecretKeyByteEntry key = (SecretKeyByteEntry) entry;
ObjectMapper mapper = new ObjectMapper();
Map<String, String> attributesMap = null;
try {
attributesMap = mapper.readValue(key.attributes, new TypeReference<Map<String, String>>() {
});
} catch (JsonParseException e) {
logger.error("Invalid attribute string data: " + e.getMessage());
} catch (JsonMappingException e) {
logger.error("Invalid attribute string data: " + e.getMessage());
} catch (IOException e) {
logger.error("Invalid attribute string data: " + e.getMessage());
}
Metadata meta = new Metadata(key.cipher_field, key.bit_length, key.description, attributesMap, key.date, key.version);
return meta;
}
Also used :
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
SealedObject(javax.crypto.SealedObject)
TypeReference(org.codehaus.jackson.type.TypeReference)
IOException(java.io.IOException)
JsonParseException(org.codehaus.jackson.JsonParseException)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Example 5 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project ranger by apache.
the class RangerKeyStore method engineLoadToKeyStoreFile.
public void engineLoadToKeyStoreFile(OutputStream stream, char[] storePass, char[] keyPass, char[] masterKey, String fileFormat) throws IOException, NoSuchAlgorithmException, CertificateException {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStoreProvider.engineLoadToKeyStoreFile()");
}
synchronized (keyEntries) {
KeyStore ks;
try {
ks = KeyStore.getInstance(fileFormat);
if (ks != null) {
ks.load(null, storePass);
String alias = null;
engineLoad(null, masterKey);
Enumeration<String> e = engineAliases();
Key key;
while (e.hasMoreElements()) {
alias = e.nextElement();
if (keyVaultEnabled) {
key = engineGetDecryptedZoneKey(alias);
} else {
key = engineGetKey(alias, masterKey);
if (key instanceof KeyMetadata) {
Metadata meta = ((KeyMetadata) key).metadata;
if (meta != null) {
key = new KeyMetadata(meta);
}
}
}
ks.setKeyEntry(alias, key, keyPass, null);
}
ks.store(stream, storePass);
}
} catch (Throwable t) {
logger.error("Unable to load keystore file ", t);
throw new IOException(t);
}
}
}
Also used :
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Aggregations
Metadata (org.apache.hadoop.crypto.key.KeyProvider.Metadata)6
KeyMetadata (org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)5
Key (java.security.Key)4
SecretKey (javax.crypto.SecretKey)4
IOException (java.io.IOException)3
XXRangerKeyStore (org.apache.ranger.entity.XXRangerKeyStore)3
KeyStore (java.security.KeyStore)2
KeyGenerator (javax.crypto.KeyGenerator)2
SealedObject (javax.crypto.SealedObject)2
SecretKeySpec (javax.crypto.spec.SecretKeySpec)2
Field (java.lang.reflect.Field)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
Date (java.util.Date)1
HdfsFileStatus (org.apache.hadoop.hdfs.protocol.HdfsFileStatus)1
SnapshotAccessControlException (org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
JsonParseException (org.codehaus.jackson.JsonParseException)1
JsonMappingException (org.codehaus.jackson.map.JsonMappingException)1
ObjectMapper (org.codehaus.jackson.map.ObjectMapper)1
