use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createKey.
@Override
public OzoneOutputStream createKey(String volumeName, String bucketName, String keyName, long size, ReplicationConfig replicationConfig, Map<String, String> metadata) throws IOException {
verifyVolumeName(volumeName);
verifyBucketName(bucketName);
if (checkKeyNameEnabled) {
HddsClientUtils.verifyKeyName(keyName);
}
HddsClientUtils.checkNotNull(keyName, replicationConfig);
String requestId = UUID.randomUUID().toString();
OmKeyArgs.Builder builder = new OmKeyArgs.Builder().setVolumeName(volumeName).setBucketName(bucketName).setKeyName(keyName).setDataSize(size).setReplicationConfig(replicationConfig).addAllMetadata(metadata).setAcls(getAclList()).setLatestVersionLocation(getLatestVersionLocation);
if (Boolean.parseBoolean(metadata.get(OzoneConsts.GDPR_FLAG))) {
try {
GDPRSymmetricKey gKey = new GDPRSymmetricKey(new SecureRandom());
builder.addAllMetadata(gKey.getKeyDetails());
} catch (Exception e) {
if (e instanceof InvalidKeyException && e.getMessage().contains("Illegal key size or default parameters")) {
LOG.error("Missing Unlimited Strength Policy jars. Please install " + "Java Cryptography Extension (JCE) Unlimited Strength " + "Jurisdiction Policy Files");
}
throw new IOException(e);
}
}
OpenKeySession openKey = ozoneManagerClient.openKey(builder.build());
return createOutputStream(openKey, requestId, replicationConfig);
}
use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createInputStream.
private OzoneInputStream createInputStream(OmKeyInfo keyInfo, Function<OmKeyInfo, OmKeyInfo> retryFunction) throws IOException {
// When Key is not MPU or when Key is MPU and encryption is not enabled
// Need to revisit for GDP.
FileEncryptionInfo feInfo = keyInfo.getFileEncryptionInfo();
if (feInfo == null) {
LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
try {
Map<String, String> keyInfoMetadata = keyInfo.getMetadata();
if (Boolean.valueOf(keyInfoMetadata.get(OzoneConsts.GDPR_FLAG))) {
GDPRSymmetricKey gk = new GDPRSymmetricKey(keyInfoMetadata.get(OzoneConsts.GDPR_SECRET), keyInfoMetadata.get(OzoneConsts.GDPR_ALGORITHM));
gk.getCipher().init(Cipher.DECRYPT_MODE, gk.getSecretKey());
return new OzoneInputStream(new CipherInputStream(lengthInputStream, gk.getCipher()));
}
} catch (Exception ex) {
throw new IOException(ex);
}
return new OzoneInputStream(lengthInputStream.getWrappedStream());
} else if (!keyInfo.getLatestVersionLocations().isMultipartKey()) {
// Regular Key with FileEncryptionInfo
LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
final CryptoInputStream cryptoIn = new CryptoInputStream(lengthInputStream.getWrappedStream(), OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
return new OzoneInputStream(cryptoIn);
} else {
// Multipart Key with FileEncryptionInfo
List<LengthInputStream> lengthInputStreams = KeyInputStream.getStreamsFromKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
List<OzoneCryptoInputStream> cryptoInputStreams = new ArrayList<>();
for (LengthInputStream lengthInputStream : lengthInputStreams) {
final OzoneCryptoInputStream ozoneCryptoInputStream = new OzoneCryptoInputStream(lengthInputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
cryptoInputStreams.add(ozoneCryptoInputStream);
}
return new MultipartCryptoKeyInputStream(keyInfo.getKeyName(), cryptoInputStreams);
}
}
use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createOutputStream.
private OzoneOutputStream createOutputStream(OpenKeySession openKey, String requestId, ReplicationConfig replicationConfig) throws IOException {
KeyOutputStream keyOutputStream = new KeyOutputStream.Builder().setHandler(openKey).setXceiverClientManager(xceiverClientManager).setOmClient(ozoneManagerClient).setRequestID(requestId).setReplicationConfig(replicationConfig).enableUnsafeByteBufferConversion(unsafeByteBufferConversion).setConfig(clientConfig).build();
keyOutputStream.addPreallocateBlocks(openKey.getKeyInfo().getLatestVersionLocations(), openKey.getOpenVersion());
final FileEncryptionInfo feInfo = openKey.getKeyInfo().getFileEncryptionInfo();
if (feInfo != null) {
KeyProvider.KeyVersion decrypted = getDEK(feInfo);
final CryptoOutputStream cryptoOut = new CryptoOutputStream(keyOutputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
return new OzoneOutputStream(cryptoOut);
} else {
try {
GDPRSymmetricKey gk;
Map<String, String> openKeyMetadata = openKey.getKeyInfo().getMetadata();
if (Boolean.valueOf(openKeyMetadata.get(OzoneConsts.GDPR_FLAG))) {
gk = new GDPRSymmetricKey(openKeyMetadata.get(OzoneConsts.GDPR_SECRET), openKeyMetadata.get(OzoneConsts.GDPR_ALGORITHM));
gk.getCipher().init(Cipher.ENCRYPT_MODE, gk.getSecretKey());
return new OzoneOutputStream(new CipherOutputStream(keyOutputStream, gk.getCipher()));
}
} catch (Exception ex) {
throw new IOException(ex);
}
return new OzoneOutputStream(keyOutputStream);
}
}
Aggregations