Search in sources :

Example 1 with OzoneCryptoInputStream

use of org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream in project ozone by apache.

the class RpcClient method createInputStream.

private OzoneInputStream createInputStream(OmKeyInfo keyInfo, Function<OmKeyInfo, OmKeyInfo> retryFunction) throws IOException {
    // When Key is not MPU or when Key is MPU and encryption is not enabled
    // Need to revisit for GDP.
    FileEncryptionInfo feInfo = keyInfo.getFileEncryptionInfo();
    if (feInfo == null) {
        LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        try {
            Map<String, String> keyInfoMetadata = keyInfo.getMetadata();
            if (Boolean.valueOf(keyInfoMetadata.get(OzoneConsts.GDPR_FLAG))) {
                GDPRSymmetricKey gk = new GDPRSymmetricKey(keyInfoMetadata.get(OzoneConsts.GDPR_SECRET), keyInfoMetadata.get(OzoneConsts.GDPR_ALGORITHM));
                gk.getCipher().init(Cipher.DECRYPT_MODE, gk.getSecretKey());
                return new OzoneInputStream(new CipherInputStream(lengthInputStream, gk.getCipher()));
            }
        } catch (Exception ex) {
            throw new IOException(ex);
        }
        return new OzoneInputStream(lengthInputStream.getWrappedStream());
    } else if (!keyInfo.getLatestVersionLocations().isMultipartKey()) {
        // Regular Key with FileEncryptionInfo
        LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
        final CryptoInputStream cryptoIn = new CryptoInputStream(lengthInputStream.getWrappedStream(), OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
        return new OzoneInputStream(cryptoIn);
    } else {
        // Multipart Key with FileEncryptionInfo
        List<LengthInputStream> lengthInputStreams = KeyInputStream.getStreamsFromKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
        final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
        List<OzoneCryptoInputStream> cryptoInputStreams = new ArrayList<>();
        for (LengthInputStream lengthInputStream : lengthInputStreams) {
            final OzoneCryptoInputStream ozoneCryptoInputStream = new OzoneCryptoInputStream(lengthInputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
            cryptoInputStreams.add(ozoneCryptoInputStream);
        }
        return new MultipartCryptoKeyInputStream(keyInfo.getKeyName(), cryptoInputStreams);
    }
}
Also used : OzoneInputStream(org.apache.hadoop.ozone.client.io.OzoneInputStream) GDPRSymmetricKey(org.apache.hadoop.ozone.security.GDPRSymmetricKey) CipherInputStream(javax.crypto.CipherInputStream) IOException(java.io.IOException) FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo) InvalidKeyException(java.security.InvalidKeyException) IOException(java.io.IOException) OMException(org.apache.hadoop.ozone.om.exceptions.OMException) OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream) CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream) LengthInputStream(org.apache.hadoop.ozone.client.io.LengthInputStream) MultipartCryptoKeyInputStream(org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream) ArrayList(java.util.ArrayList) OmMultipartUploadCompleteList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList) OzoneMultipartUploadList(org.apache.hadoop.ozone.client.OzoneMultipartUploadList) List(java.util.List) OmMultipartUploadList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList) OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)

Aggregations

IOException (java.io.IOException)1 InvalidKeyException (java.security.InvalidKeyException)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 CipherInputStream (javax.crypto.CipherInputStream)1 CryptoInputStream (org.apache.hadoop.crypto.CryptoInputStream)1 FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)1 OzoneMultipartUploadList (org.apache.hadoop.ozone.client.OzoneMultipartUploadList)1 LengthInputStream (org.apache.hadoop.ozone.client.io.LengthInputStream)1 MultipartCryptoKeyInputStream (org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream)1 OzoneCryptoInputStream (org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)1 OzoneInputStream (org.apache.hadoop.ozone.client.io.OzoneInputStream)1 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)1 OmMultipartUploadCompleteList (org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList)1 OmMultipartUploadList (org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList)1 GDPRSymmetricKey (org.apache.hadoop.ozone.security.GDPRSymmetricKey)1