Examples with KeyProvider org.apache.hadoop.crypto.key.KeyProvider used on opensource projects

Example 36 with KeyProvider

use of org.apache.hadoop.crypto.key.KeyProvider in project hadoop by apache.

the class TestEncryptionZones method testDelegationToken.

/**
   * Tests obtaining delegation token from stored key
   */
@Test
public void testDelegationToken() throws Exception {
    UserGroupInformation.createRemoteUser("JobTracker");
    DistributedFileSystem dfs = cluster.getFileSystem();
    KeyProvider keyProvider = Mockito.mock(KeyProvider.class, withSettings().extraInterfaces(DelegationTokenExtension.class, CryptoExtension.class));
    Mockito.when(keyProvider.getConf()).thenReturn(conf);
    byte[] testIdentifier = "Test identifier for delegation token".getBytes();
    Token<?> testToken = new Token(testIdentifier, new byte[0], new Text(), new Text());
    Mockito.when(((DelegationTokenExtension) keyProvider).addDelegationTokens(anyString(), (Credentials) any())).thenReturn(new Token<?>[] { testToken });
    dfs.getClient().setKeyProvider(keyProvider);
    Credentials creds = new Credentials();
    final Token<?>[] tokens = dfs.addDelegationTokens("JobTracker", creds);
    DistributedFileSystem.LOG.debug("Delegation tokens: " + Arrays.asList(tokens));
    Assert.assertEquals(2, tokens.length);
    Assert.assertEquals(tokens[1], testToken);
    Assert.assertEquals(1, creds.numberOfTokens());
}

Example 37 with KeyProvider

use of org.apache.hadoop.crypto.key.KeyProvider in project cdap by caskdata.

the class KMSSecureStore method putSecureData.

/**
   * Stores an element in the secure store. The key is stored as namespace:name in the backing store,
   * assuming ":" is the name separator.
   * @param namespace The namespace this key belongs to.
   * @param name Name of the element to store.
   * @param data The data that needs to be securely stored.
   * @param description User provided description of the entry.
   * @param properties Metadata associated with the data
   * @throws NamespaceNotFoundException If the specified namespace does not exist.
   * @throws IOException If it failed to store the key in the store.
   */
// Unfortunately KeyProvider does not specify
// the underlying cause except in the message, so we can not throw a more specific exception.
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
    checkNamespaceExists(namespace);
    KeyProvider.Options options = new KeyProvider.Options(conf);
    options.setDescription(description);
    options.setAttributes(properties);
    byte[] buff = data.getBytes(Charsets.UTF_8);
    options.setBitLength(buff.length * Byte.SIZE);
    String keyName = getKeyName(namespace, name);
    try {
        provider.createKey(keyName, buff, options);
    } catch (IOException e) {
        throw new IOException("Failed to store the key " + name + " under namespace " + namespace, e);
    }
}

Example 38 with KeyProvider

use of org.apache.hadoop.crypto.key.KeyProvider in project cdap by caskdata.

the class KMSSecureStore method listSecureData.

/**
   * List of all the entries in the secure store. No filtering or authentication is done here.
   * This method makes two calls to the KMS provider, one to get the list of keys and then another call to
   * get the metadata for all the keys in the requested namespace.
   * @return A list of {@link SecureStoreMetadata} objects representing the data stored in the store.
   * @param namespace The namespace this key belongs to.
   * @throws NamespaceNotFoundException If the specified namespace does not exist.
   * @throws ConcurrentModificationException If a key was deleted between the time we got the list of keys and when
   * we got their metadata.
   * @throws IOException If there was a problem getting the list from the underlying key provider.
   */
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public Map<String, String> listSecureData(String namespace) throws Exception {
    checkNamespaceExists(namespace);
    String prefix = namespace + NAME_SEPARATOR;
    List<String> keysInNamespace = new ArrayList<>();
    KeyProvider.Metadata[] metadatas;
    try {
        for (String key : provider.getKeys()) {
            if (key.startsWith(prefix)) {
                keysInNamespace.add(key);
            }
        }
        metadatas = provider.getKeysMetadata(keysInNamespace.toArray(new String[keysInNamespace.size()]));
    } catch (IOException e) {
        throw new IOException("Failed to get the list of elements from the secure store.", e);
    }
    // If a key was deleted between the time we get the list of keys and their metadatas then throw an exception
    if (metadatas.length != keysInNamespace.size()) {
        throw new ConcurrentModificationException("A key was deleted while listing was in progress. Please try again.");
    }
    Map<String, String> secureStoreMetadatas = new HashMap<>(metadatas.length);
    for (int i = 0; i < metadatas.length; i++) {
        KeyProvider.Metadata metadata = metadatas[i];
        secureStoreMetadatas.put(keysInNamespace.get(i).substring(prefix.length()), metadata.getDescription());
    }
    return secureStoreMetadatas;
}