Examples with EncryptedKeyVersion org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion used on opensource projects

Search in sources :

Example 11 with EncryptedKeyVersion

use of org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion in project hadoop by apache.

the class TestKeyProviderCryptoExtension method getEncryptedKeyVersion.

private EncryptedKeyVersion getEncryptedKeyVersion(Configuration config, KeyProvider localKp) throws IOException, GeneralSecurityException {
    KeyProvider.Options localOptions = new KeyProvider.Options(config);
    localOptions.setCipher(CIPHER);
    localOptions.setBitLength(128);
    KeyVersion localEncryptionKey = localKp.createKey(ENCRYPTION_KEY_NAME, SecureRandom.getSeed(16), localOptions);
    KeyProviderCryptoExtension localKpExt = KeyProviderCryptoExtension.createKeyProviderCryptoExtension(localKp);
    return localKpExt.generateEncryptedKey(localEncryptionKey.getName());
}
Also used : EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)

Example 12 with EncryptedKeyVersion

use of org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion in project hadoop by apache.

the class TestKeyProviderCryptoExtension method testNonDefaultCryptoExtensionSelectionWithCachingKeyProvider.

@Test
public void testNonDefaultCryptoExtensionSelectionWithCachingKeyProvider() throws Exception {
    Configuration config = new Configuration();
    KeyProvider localKp = new DummyCryptoExtensionKeyProvider(config);
    localKp = new CachingKeyProvider(localKp, 30000, 30000);
    EncryptedKeyVersion localEkv = getEncryptedKeyVersion(config, localKp);
    Assert.assertEquals("dummyFakeKey@1", localEkv.getEncryptionKeyVersionName());
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) Test(org.junit.Test)

Example 13 with EncryptedKeyVersion

use of org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion in project hadoop by apache.

the class TestKeyProviderCryptoExtension method testNonDefaultCryptoExtensionSelectionOnKeyProviderExtension.

@Test
public void testNonDefaultCryptoExtensionSelectionOnKeyProviderExtension() throws Exception {
    Configuration config = new Configuration();
    KeyProvider localKp = new UserProvider.Factory().createProvider(new URI("user:///"), config);
    localKp = new DummyCachingCryptoExtensionKeyProvider(localKp, 30000, 30000);
    EncryptedKeyVersion localEkv = getEncryptedKeyVersion(config, localKp);
    Assert.assertEquals("dummyCachingFakeKey@1", localEkv.getEncryptionKeyVersionName());
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) URI(java.net.URI) Test(org.junit.Test)

Example 14 with EncryptedKeyVersion

use of org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion in project hadoop by apache.

the class TestLoadBalancingKMSClientProvider method testClassCastException.

@Test
public void testClassCastException() throws Exception {
    Configuration conf = new Configuration();
    KMSClientProvider p1 = new MyKMSClientProvider(new URI("kms://http@host1/kms/foo"), conf);
    LoadBalancingKMSClientProvider kp = new LoadBalancingKMSClientProvider(new KMSClientProvider[] { p1 }, 0, conf);
    try {
        kp.generateEncryptedKey("foo");
    } catch (IOException ioe) {
        assertTrue(ioe.getCause().getClass().getName().contains("AuthenticationException"));
    }
    try {
        final KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion = mock(KeyProviderCryptoExtension.EncryptedKeyVersion.class);
        kp.decryptEncryptedKey(encryptedKeyVersion);
    } catch (IOException ioe) {
        assertTrue(ioe.getCause().getClass().getName().contains("AuthenticationException"));
    }
    try {
        final KeyProvider.Options options = KeyProvider.options(conf);
        kp.createKey("foo", options);
    } catch (IOException ioe) {
        assertTrue(ioe.getCause().getClass().getName().contains("AuthenticationException"));
    }
    try {
        kp.rollNewVersion("foo");
    } catch (IOException ioe) {
        assertTrue(ioe.getCause().getClass().getName().contains("AuthenticationException"));
    }
}
Also used : KeyProvider(org.apache.hadoop.crypto.key.KeyProvider) Configuration(org.apache.hadoop.conf.Configuration) Options(org.apache.hadoop.crypto.key.KeyProvider.Options) IOException(java.io.IOException) EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) KeyProviderCryptoExtension(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension) URI(java.net.URI) Test(org.junit.Test)

Example 15 with EncryptedKeyVersion

use of org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion in project hadoop by apache.

the class TestKMS method testKMSBlackList.

@Test
public void testKMSBlackList() throws Exception {
    Configuration conf = new Configuration();
    conf.set("hadoop.security.authentication", "kerberos");
    File testDir = getTestDir();
    conf = createBaseKMSConf(testDir, conf);
    conf.set("hadoop.kms.authentication.type", "kerberos");
    conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath());
    conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
    conf.set("hadoop.kms.authentication.kerberos.name.rules", "DEFAULT");
    for (KMSACLs.Type type : KMSACLs.Type.values()) {
        conf.set(type.getAclConfigKey(), " ");
    }
    conf.set(KMSACLs.Type.CREATE.getAclConfigKey(), "client,hdfs,otheradmin");
    conf.set(KMSACLs.Type.GENERATE_EEK.getAclConfigKey(), "client,hdfs,otheradmin");
    conf.set(KMSACLs.Type.DECRYPT_EEK.getAclConfigKey(), "client,hdfs,otheradmin");
    conf.set(KMSACLs.Type.DECRYPT_EEK.getBlacklistConfigKey(), "hdfs,otheradmin");
    conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "ck0.ALL", "*");
    conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "ck1.ALL", "*");
    writeConf(testDir, conf);
    runServer(null, null, testDir, new KMSCallable<Void>() {

        @Override
        public Void call() throws Exception {
            final Configuration conf = new Configuration();
            conf.setInt(KeyProvider.DEFAULT_BITLENGTH_NAME, 128);
            final URI uri = createKMSUri(getKMSUrl());
            doAs("client", new PrivilegedExceptionAction<Void>() {

                @Override
                public Void run() throws Exception {
                    try {
                        KeyProvider kp = createProvider(uri, conf);
                        KeyProvider.KeyVersion kv = kp.createKey("ck0", new KeyProvider.Options(conf));
                        EncryptedKeyVersion eek = ((CryptoExtension) kp).generateEncryptedKey("ck0");
                        ((CryptoExtension) kp).decryptEncryptedKey(eek);
                        Assert.assertNull(kv.getMaterial());
                    } catch (Exception ex) {
                        Assert.fail(ex.getMessage());
                    }
                    return null;
                }
            });
            doAs("hdfs", new PrivilegedExceptionAction<Void>() {

                @Override
                public Void run() throws Exception {
                    try {
                        KeyProvider kp = createProvider(uri, conf);
                        KeyProvider.KeyVersion kv = kp.createKey("ck1", new KeyProvider.Options(conf));
                        EncryptedKeyVersion eek = ((CryptoExtension) kp).generateEncryptedKey("ck1");
                        ((CryptoExtension) kp).decryptEncryptedKey(eek);
                        Assert.fail("admin user must not be allowed to decrypt !!");
                    } catch (Exception ex) {
                    }
                    return null;
                }
            });
            doAs("otheradmin", new PrivilegedExceptionAction<Void>() {

                @Override
                public Void run() throws Exception {
                    try {
                        KeyProvider kp = createProvider(uri, conf);
                        KeyProvider.KeyVersion kv = kp.createKey("ck2", new KeyProvider.Options(conf));
                        EncryptedKeyVersion eek = ((CryptoExtension) kp).generateEncryptedKey("ck2");
                        ((CryptoExtension) kp).decryptEncryptedKey(eek);
                        Assert.fail("admin user must not be allowed to decrypt !!");
                    } catch (Exception ex) {
                    }
                    return null;
                }
            });
            return null;
        }
    });
}
Also used : KeyProvider(org.apache.hadoop.crypto.key.KeyProvider) CryptoExtension(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension) KeyProviderCryptoExtension(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension) Configuration(org.apache.hadoop.conf.Configuration) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URI(java.net.URI) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion) EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion) Options(org.apache.hadoop.crypto.key.KeyProvider.Options) File(java.io.File) Test(org.junit.Test)

Aggregations

EncryptedKeyVersion (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)23 IOException (java.io.IOException)17 Test (org.junit.Test)14 Configuration (org.apache.hadoop.conf.Configuration)13 KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)13 KeyVersion (org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)13 URI (java.net.URI)12 Options (org.apache.hadoop.crypto.key.KeyProvider.Options)10 KeyProviderCryptoExtension (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension)10 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9 HashMap (java.util.HashMap)7 Map (java.util.Map)6 File (java.io.File)5 SocketTimeoutException (java.net.SocketTimeoutException)5 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)5 Path (javax.ws.rs.Path)5 Produces (javax.ws.rs.Produces)5 AccessControlException (org.apache.hadoop.security.AccessControlException)5 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)5 HttpUserGroupInformation (org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial