Examples with Metadata org.apache.hadoop.crypto.key.KeyProvider.Metadata used on opensource projects
Example 6 with Metadata
use of org.apache.hadoop.crypto.key.KeyProvider.Metadata in project ranger by apache.
the class RangerKeyStore method engineLoadKeyStoreFile.
public void engineLoadKeyStoreFile(InputStream stream, char[] storePass, char[] keyPass, char[] masterKey, String fileFormat) throws IOException, NoSuchAlgorithmException, CertificateException {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStoreProvider.engineLoadKeyStoreFile()");
}
synchronized (deltaEntries) {
KeyStore ks;
if (keyVaultEnabled) {
try {
ks = KeyStore.getInstance(fileFormat);
ks.load(stream, storePass);
deltaEntries.clear();
for (Enumeration<String> name = ks.aliases(); name.hasMoreElements(); ) {
SecretKeyByteEntry entry = new SecretKeyByteEntry();
String alias = (String) name.nextElement();
Key k = ks.getKey(alias, keyPass);
SecretKey secretKey = null;
if (k instanceof JavaKeyStoreProvider.KeyMetadata) {
JavaKeyStoreProvider.KeyMetadata keyMetadata = (JavaKeyStoreProvider.KeyMetadata) k;
Field f = JavaKeyStoreProvider.KeyMetadata.class.getDeclaredField(METADATA_FIELDNAME);
f.setAccessible(true);
Metadata metadata = (Metadata) f.get(keyMetadata);
entry.bit_length = metadata.getBitLength();
entry.cipher_field = metadata.getAlgorithm();
entry.version = metadata.getVersions();
Constructor<RangerKeyStoreProvider.KeyMetadata> constructor = RangerKeyStoreProvider.KeyMetadata.class.getDeclaredConstructor(Metadata.class);
constructor.setAccessible(true);
RangerKeyStoreProvider.KeyMetadata nk = constructor.newInstance(metadata);
k = nk;
secretKey = new SecretKeySpec(k.getEncoded(), getAlgorithm(metadata.getAlgorithm()));
} else if (k instanceof KeyByteMetadata) {
Metadata metadata = ((KeyByteMetadata) k).metadata;
entry.cipher_field = metadata.getCipher();
entry.version = metadata.getVersions();
entry.bit_length = metadata.getBitLength();
if (k.getEncoded() != null && k.getEncoded().length > 0) {
secretKey = new SecretKeySpec(k.getEncoded(), getAlgorithm(metadata.getAlgorithm()));
} else {
KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(metadata.getCipher()));
keyGenerator.init(metadata.getBitLength());
byte[] keyByte = keyGenerator.generateKey().getEncoded();
secretKey = new SecretKeySpec(keyByte, getAlgorithm(metadata.getCipher()));
}
} else if (k instanceof KeyMetadata) {
Metadata metadata = ((KeyMetadata) k).metadata;
entry.bit_length = metadata.getBitLength();
entry.cipher_field = metadata.getCipher();
entry.version = metadata.getVersions();
if (k.getEncoded() != null && k.getEncoded().length > 0) {
secretKey = new SecretKeySpec(k.getEncoded(), getAlgorithm(metadata.getAlgorithm()));
} else {
KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(metadata.getCipher()));
keyGenerator.init(metadata.getBitLength());
byte[] keyByte = keyGenerator.generateKey().getEncoded();
secretKey = new SecretKeySpec(keyByte, getAlgorithm(metadata.getCipher()));
}
} else {
entry.bit_length = (k.getEncoded().length * NUMBER_OF_BITS_PER_BYTE);
entry.cipher_field = k.getAlgorithm();
if (alias.split("@").length == 2) {
entry.version = Integer.parseInt(alias.split("@")[1]) + 1;
} else {
entry.version = 1;
}
if (k.getEncoded() != null && k.getEncoded().length > 0) {
secretKey = new SecretKeySpec(k.getEncoded(), getAlgorithm(k.getAlgorithm()));
}
}
String keyName = alias.split("@")[0];
validateKeyName(keyName);
entry.attributes = "{\"key.acl.name\":\"" + keyName + "\"}";
entry.key = masterKeyProvider.encryptZoneKey(secretKey);
entry.date = ks.getCreationDate(alias);
entry.description = k.getFormat() + " - " + ks.getType();
deltaEntries.put(alias, entry);
}
} catch (Throwable t) {
logger.error("Unable to load keystore file ", t);
throw new IOException(t);
}
} else {
try {
ks = KeyStore.getInstance(fileFormat);
ks.load(stream, storePass);
deltaEntries.clear();
for (Enumeration<String> name = ks.aliases(); name.hasMoreElements(); ) {
SecretKeyEntry entry = new SecretKeyEntry();
String alias = (String) name.nextElement();
Key k = ks.getKey(alias, keyPass);
if (k instanceof JavaKeyStoreProvider.KeyMetadata) {
JavaKeyStoreProvider.KeyMetadata keyMetadata = (JavaKeyStoreProvider.KeyMetadata) k;
Field f = JavaKeyStoreProvider.KeyMetadata.class.getDeclaredField(METADATA_FIELDNAME);
f.setAccessible(true);
Metadata metadata = (Metadata) f.get(keyMetadata);
entry.bit_length = metadata.getBitLength();
entry.cipher_field = metadata.getAlgorithm();
entry.version = metadata.getVersions();
Constructor<RangerKeyStoreProvider.KeyMetadata> constructor = RangerKeyStoreProvider.KeyMetadata.class.getDeclaredConstructor(Metadata.class);
constructor.setAccessible(true);
RangerKeyStoreProvider.KeyMetadata nk = constructor.newInstance(metadata);
k = nk;
} else if (k instanceof KeyMetadata) {
Metadata metadata = ((KeyMetadata) k).metadata;
entry.bit_length = metadata.getBitLength();
entry.cipher_field = metadata.getCipher();
entry.version = metadata.getVersions();
} else {
entry.bit_length = (k.getEncoded().length * NUMBER_OF_BITS_PER_BYTE);
entry.cipher_field = k.getAlgorithm();
entry.version = (alias.split("@").length == 2) ? (Integer.parseInt(alias.split("@")[1]) + 1) : 1;
}
String keyName = alias.split("@")[0];
validateKeyName(keyName);
entry.attributes = "{\"key.acl.name\":\"" + keyName + "\"}";
Class<?> c = null;
Object o = null;
try {
c = Class.forName("com.sun.crypto.provider.KeyProtector");
Constructor<?> constructor = c.getDeclaredConstructor(char[].class);
constructor.setAccessible(true);
o = constructor.newInstance(masterKey);
// seal and store the key
Method m = c.getDeclaredMethod("seal", Key.class);
m.setAccessible(true);
entry.sealedKey = (SealedObject) m.invoke(o, k);
} catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
logger.error(e.getMessage());
throw new IOException(e.getMessage());
}
entry.date = ks.getCreationDate(alias);
entry.description = k.getFormat() + " - " + ks.getType();
deltaEntries.put(alias, entry);
}
} catch (Throwable t) {
logger.error("Unable to load keystore file ", t);
throw new IOException(t);
}
}
}
}
Also used :
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
Field(java.lang.reflect.Field)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyGenerator(javax.crypto.KeyGenerator)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
IOException(java.io.IOException)
Method(java.lang.reflect.Method)
KeyStore(java.security.KeyStore)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SecretKey(javax.crypto.SecretKey)
SealedObject(javax.crypto.SealedObject)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Aggregations
Metadata (org.apache.hadoop.crypto.key.KeyProvider.Metadata)6
KeyMetadata (org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)5
Key (java.security.Key)4
SecretKey (javax.crypto.SecretKey)4
IOException (java.io.IOException)3
XXRangerKeyStore (org.apache.ranger.entity.XXRangerKeyStore)3
KeyStore (java.security.KeyStore)2
KeyGenerator (javax.crypto.KeyGenerator)2
SealedObject (javax.crypto.SealedObject)2
SecretKeySpec (javax.crypto.spec.SecretKeySpec)2
Field (java.lang.reflect.Field)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
Date (java.util.Date)1
HdfsFileStatus (org.apache.hadoop.hdfs.protocol.HdfsFileStatus)1
SnapshotAccessControlException (org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
JsonParseException (org.codehaus.jackson.JsonParseException)1
JsonMappingException (org.codehaus.jackson.map.JsonMappingException)1
ObjectMapper (org.codehaus.jackson.map.ObjectMapper)1
