Search in sources :

Example 1 with MultipartCryptoKeyInputStream

use of org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream in project ozone by apache.

the class RpcClient method createInputStream.

private OzoneInputStream createInputStream(OmKeyInfo keyInfo, Function<OmKeyInfo, OmKeyInfo> retryFunction) throws IOException {
    // When Key is not MPU or when Key is MPU and encryption is not enabled
    // Need to revisit for GDP.
    FileEncryptionInfo feInfo = keyInfo.getFileEncryptionInfo();
    if (feInfo == null) {
        LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        try {
            Map<String, String> keyInfoMetadata = keyInfo.getMetadata();
            if (Boolean.valueOf(keyInfoMetadata.get(OzoneConsts.GDPR_FLAG))) {
                GDPRSymmetricKey gk = new GDPRSymmetricKey(keyInfoMetadata.get(OzoneConsts.GDPR_SECRET), keyInfoMetadata.get(OzoneConsts.GDPR_ALGORITHM));
                gk.getCipher().init(Cipher.DECRYPT_MODE, gk.getSecretKey());
                return new OzoneInputStream(new CipherInputStream(lengthInputStream, gk.getCipher()));
            }
        } catch (Exception ex) {
            throw new IOException(ex);
        }
        return new OzoneInputStream(lengthInputStream.getWrappedStream());
    } else if (!keyInfo.getLatestVersionLocations().isMultipartKey()) {
        // Regular Key with FileEncryptionInfo
        LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
        final CryptoInputStream cryptoIn = new CryptoInputStream(lengthInputStream.getWrappedStream(), OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
        return new OzoneInputStream(cryptoIn);
    } else {
        // Multipart Key with FileEncryptionInfo
        List<LengthInputStream> lengthInputStreams = KeyInputStream.getStreamsFromKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
        List<OzoneCryptoInputStream> cryptoInputStreams = new ArrayList<>();
        for (LengthInputStream lengthInputStream : lengthInputStreams) {
            final OzoneCryptoInputStream ozoneCryptoInputStream = new OzoneCryptoInputStream(lengthInputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
            cryptoInputStreams.add(ozoneCryptoInputStream);
        }
        return new MultipartCryptoKeyInputStream(keyInfo.getKeyName(), cryptoInputStreams);
    }
}
Also used : OzoneInputStream(org.apache.hadoop.ozone.client.io.OzoneInputStream) GDPRSymmetricKey(org.apache.hadoop.ozone.security.GDPRSymmetricKey) CipherInputStream(javax.crypto.CipherInputStream) IOException(java.io.IOException) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo) InvalidKeyException(java.security.InvalidKeyException) IOException(java.io.IOException) OMException(org.apache.hadoop.ozone.om.exceptions.OMException) OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream) CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream) LengthInputStream(org.apache.hadoop.ozone.client.io.LengthInputStream) MultipartCryptoKeyInputStream(org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream) ArrayList(java.util.ArrayList) OmMultipartUploadCompleteList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList) OzoneMultipartUploadList(org.apache.hadoop.ozone.client.OzoneMultipartUploadList) List(java.util.List) OmMultipartUploadList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList) OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)

Example 2 with MultipartCryptoKeyInputStream

use of org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream in project ozone by apache.

the class TestOzoneAtRestEncryption method testMultipartUploadWithEncryption.

public void testMultipartUploadWithEncryption(OzoneBucket bucket, int numParts) throws Exception {
    String keyName = "mpu_test_key_" + numParts;
    // Initiate multipart upload
    String uploadID = initiateMultipartUpload(bucket, keyName, RATIS, ONE);
    // Upload Parts
    Map<Integer, String> partsMap = new TreeMap<>();
    List<byte[]> partsData = new ArrayList<>();
    int keySize = 0;
    for (int i = 1; i <= numParts; i++) {
        // Generate random data with different sizes for each part.
        // Adding a random int with a cap at 8K (the default crypto buffer
        // size) to get parts whose last byte does not coincide with crypto
        // buffer boundary.
        int partSize = (MPU_PART_MIN_SIZE * i) + RANDOM.nextInt(DEFAULT_CRYPTO_BUFFER_SIZE - 1) + 1;
        byte[] data = generateRandomData(partSize);
        String partName = uploadPart(bucket, keyName, uploadID, i, data);
        partsMap.put(i, partName);
        partsData.add(data);
        keySize += data.length;
    }
    // Combine the parts data into 1 byte array for verification
    byte[] inputData = new byte[keySize];
    int dataCopied = 0;
    for (int i = 1; i <= numParts; i++) {
        byte[] partBytes = partsData.get(i - 1);
        System.arraycopy(partBytes, 0, inputData, dataCopied, partBytes.length);
        dataCopied += partBytes.length;
    }
    // Complete MPU
    completeMultipartUpload(bucket, keyName, uploadID, partsMap);
    // Create an input stream to read the data
    OzoneInputStream inputStream = bucket.readKey(keyName);
    Assert.assertTrue(inputStream instanceof MultipartCryptoKeyInputStream);
    // Test complete read
    byte[] completeRead = new byte[keySize];
    int bytesRead = inputStream.read(completeRead, 0, keySize);
    Assert.assertEquals(bytesRead, keySize);
    Assert.assertArrayEquals(inputData, completeRead);
    // Read different data lengths and starting from different offsets and
    // verify the data matches.
    Random random = new Random();
    int randomSize = random.nextInt(keySize / 2);
    int randomOffset = random.nextInt(keySize - randomSize);
    int[] readDataSizes = { keySize, keySize / 3 + 1, BLOCK_SIZE, BLOCK_SIZE * 2 + 1, CHUNK_SIZE, CHUNK_SIZE / 4 - 1, DEFAULT_CRYPTO_BUFFER_SIZE, DEFAULT_CRYPTO_BUFFER_SIZE / 2, 1, randomSize };
    int[] readFromPositions = { 0, DEFAULT_CRYPTO_BUFFER_SIZE + 10, CHUNK_SIZE, BLOCK_SIZE - DEFAULT_CRYPTO_BUFFER_SIZE + 1, BLOCK_SIZE, keySize / 3, keySize - 1, randomOffset };
    for (int readDataLen : readDataSizes) {
        for (int readFromPosition : readFromPositions) {
            // Check that offset + buffer size does not exceed the key size
            if (readFromPosition + readDataLen > keySize) {
                continue;
            }
            byte[] readData = new byte[readDataLen];
            inputStream.seek(readFromPosition);
            int actualReadLen = inputStream.read(readData, 0, readDataLen);
            assertReadContent(inputData, readData, readFromPosition);
            Assert.assertEquals(readFromPosition + readDataLen, inputStream.getPos());
            Assert.assertEquals(readDataLen, actualReadLen);
        }
    }
}
Also used : OzoneInputStream(org.apache.hadoop.ozone.client.io.OzoneInputStream) Random(java.util.Random) MultipartCryptoKeyInputStream(org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream) ArrayList(java.util.ArrayList) TreeMap(java.util.TreeMap)

Aggregations

ArrayList (java.util.ArrayList)2 MultipartCryptoKeyInputStream (org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream)2 OzoneInputStream (org.apache.hadoop.ozone.client.io.OzoneInputStream)2 IOException (java.io.IOException)1 InvalidKeyException (java.security.InvalidKeyException)1 List (java.util.List)1 Random (java.util.Random)1 TreeMap (java.util.TreeMap)1 CipherInputStream (javax.crypto.CipherInputStream)1 CryptoInputStream (org.apache.hadoop.crypto.CryptoInputStream)1 FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)1 OzoneMultipartUploadList (org.apache.hadoop.ozone.client.OzoneMultipartUploadList)1 LengthInputStream (org.apache.hadoop.ozone.client.io.LengthInputStream)1 OzoneCryptoInputStream (org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)1 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)1 OmMultipartUploadCompleteList (org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList)1 OmMultipartUploadList (org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList)1 GDPRSymmetricKey (org.apache.hadoop.ozone.security.GDPRSymmetricKey)1