Example 1 with GDPRSymmetricKey
use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createKey.
@Override
public OzoneOutputStream createKey(String volumeName, String bucketName, String keyName, long size, ReplicationConfig replicationConfig, Map<String, String> metadata) throws IOException {
verifyVolumeName(volumeName);
verifyBucketName(bucketName);
if (checkKeyNameEnabled) {
HddsClientUtils.verifyKeyName(keyName);
}
HddsClientUtils.checkNotNull(keyName, replicationConfig);
String requestId = UUID.randomUUID().toString();
OmKeyArgs.Builder builder = new OmKeyArgs.Builder().setVolumeName(volumeName).setBucketName(bucketName).setKeyName(keyName).setDataSize(size).setReplicationConfig(replicationConfig).addAllMetadata(metadata).setAcls(getAclList()).setLatestVersionLocation(getLatestVersionLocation);
if (Boolean.parseBoolean(metadata.get(OzoneConsts.GDPR_FLAG))) {
try {
GDPRSymmetricKey gKey = new GDPRSymmetricKey(new SecureRandom());
builder.addAllMetadata(gKey.getKeyDetails());
} catch (Exception e) {
if (e instanceof InvalidKeyException && e.getMessage().contains("Illegal key size or default parameters")) {
LOG.error("Missing Unlimited Strength Policy jars. Please install " + "Java Cryptography Extension (JCE) Unlimited Strength " + "Jurisdiction Policy Files");
}
throw new IOException(e);
}
}
OpenKeySession openKey = ozoneManagerClient.openKey(builder.build());
return createOutputStream(openKey, requestId, replicationConfig);
}
Also used :
GDPRSymmetricKey(org.apache.hadoop.ozone.security.GDPRSymmetricKey)
CacheBuilder(com.google.common.cache.CacheBuilder)
SecureRandom(java.security.SecureRandom)
IOException(java.io.IOException)
OpenKeySession(org.apache.hadoop.ozone.om.helpers.OpenKeySession)
InvalidKeyException(java.security.InvalidKeyException)
OmKeyArgs(org.apache.hadoop.ozone.om.helpers.OmKeyArgs)
InvalidKeyException(java.security.InvalidKeyException)
IOException(java.io.IOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
Example 2 with GDPRSymmetricKey
use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createInputStream.
private OzoneInputStream createInputStream(OmKeyInfo keyInfo, Function<OmKeyInfo, OmKeyInfo> retryFunction) throws IOException {
// When Key is not MPU or when Key is MPU and encryption is not enabled
// Need to revisit for GDP.
FileEncryptionInfo feInfo = keyInfo.getFileEncryptionInfo();
if (feInfo == null) {
LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
try {
Map<String, String> keyInfoMetadata = keyInfo.getMetadata();
if (Boolean.valueOf(keyInfoMetadata.get(OzoneConsts.GDPR_FLAG))) {
GDPRSymmetricKey gk = new GDPRSymmetricKey(keyInfoMetadata.get(OzoneConsts.GDPR_SECRET), keyInfoMetadata.get(OzoneConsts.GDPR_ALGORITHM));
gk.getCipher().init(Cipher.DECRYPT_MODE, gk.getSecretKey());
return new OzoneInputStream(new CipherInputStream(lengthInputStream, gk.getCipher()));
}
} catch (Exception ex) {
throw new IOException(ex);
}
return new OzoneInputStream(lengthInputStream.getWrappedStream());
} else if (!keyInfo.getLatestVersionLocations().isMultipartKey()) {
// Regular Key with FileEncryptionInfo
LengthInputStream lengthInputStream = KeyInputStream.getFromOmKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
final CryptoInputStream cryptoIn = new CryptoInputStream(lengthInputStream.getWrappedStream(), OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
return new OzoneInputStream(cryptoIn);
} else {
// Multipart Key with FileEncryptionInfo
List<LengthInputStream> lengthInputStreams = KeyInputStream.getStreamsFromKeyInfo(keyInfo, xceiverClientManager, clientConfig.isChecksumVerify(), retryFunction);
final KeyProvider.KeyVersion decrypted = getDEK(feInfo);
List<OzoneCryptoInputStream> cryptoInputStreams = new ArrayList<>();
for (LengthInputStream lengthInputStream : lengthInputStreams) {
final OzoneCryptoInputStream ozoneCryptoInputStream = new OzoneCryptoInputStream(lengthInputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
cryptoInputStreams.add(ozoneCryptoInputStream);
}
return new MultipartCryptoKeyInputStream(keyInfo.getKeyName(), cryptoInputStreams);
}
}
Also used :
OzoneInputStream(org.apache.hadoop.ozone.client.io.OzoneInputStream)
GDPRSymmetricKey(org.apache.hadoop.ozone.security.GDPRSymmetricKey)
CipherInputStream(javax.crypto.CipherInputStream)
IOException(java.io.IOException)
FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo)
InvalidKeyException(java.security.InvalidKeyException)
IOException(java.io.IOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)
CryptoInputStream(org.apache.hadoop.crypto.CryptoInputStream)
LengthInputStream(org.apache.hadoop.ozone.client.io.LengthInputStream)
MultipartCryptoKeyInputStream(org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream)
ArrayList(java.util.ArrayList)
OmMultipartUploadCompleteList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList)
OzoneMultipartUploadList(org.apache.hadoop.ozone.client.OzoneMultipartUploadList)
List(java.util.List)
OmMultipartUploadList(org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList)
OzoneCryptoInputStream(org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)
Example 3 with GDPRSymmetricKey
use of org.apache.hadoop.ozone.security.GDPRSymmetricKey in project ozone by apache.
the class RpcClient method createOutputStream.
private OzoneOutputStream createOutputStream(OpenKeySession openKey, String requestId, ReplicationConfig replicationConfig) throws IOException {
KeyOutputStream keyOutputStream = new KeyOutputStream.Builder().setHandler(openKey).setXceiverClientManager(xceiverClientManager).setOmClient(ozoneManagerClient).setRequestID(requestId).setReplicationConfig(replicationConfig).enableUnsafeByteBufferConversion(unsafeByteBufferConversion).setConfig(clientConfig).build();
keyOutputStream.addPreallocateBlocks(openKey.getKeyInfo().getLatestVersionLocations(), openKey.getOpenVersion());
final FileEncryptionInfo feInfo = openKey.getKeyInfo().getFileEncryptionInfo();
if (feInfo != null) {
KeyProvider.KeyVersion decrypted = getDEK(feInfo);
final CryptoOutputStream cryptoOut = new CryptoOutputStream(keyOutputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV());
return new OzoneOutputStream(cryptoOut);
} else {
try {
GDPRSymmetricKey gk;
Map<String, String> openKeyMetadata = openKey.getKeyInfo().getMetadata();
if (Boolean.valueOf(openKeyMetadata.get(OzoneConsts.GDPR_FLAG))) {
gk = new GDPRSymmetricKey(openKeyMetadata.get(OzoneConsts.GDPR_SECRET), openKeyMetadata.get(OzoneConsts.GDPR_ALGORITHM));
gk.getCipher().init(Cipher.ENCRYPT_MODE, gk.getSecretKey());
return new OzoneOutputStream(new CipherOutputStream(keyOutputStream, gk.getCipher()));
}
} catch (Exception ex) {
throw new IOException(ex);
}
return new OzoneOutputStream(keyOutputStream);
}
}
Also used :
KeyProvider(org.apache.hadoop.crypto.key.KeyProvider)
GDPRSymmetricKey(org.apache.hadoop.ozone.security.GDPRSymmetricKey)
CipherOutputStream(javax.crypto.CipherOutputStream)
CacheBuilder(com.google.common.cache.CacheBuilder)
OzoneOutputStream(org.apache.hadoop.ozone.client.io.OzoneOutputStream)
IOException(java.io.IOException)
FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo)
InvalidKeyException(java.security.InvalidKeyException)
IOException(java.io.IOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
CryptoOutputStream(org.apache.hadoop.crypto.CryptoOutputStream)
KeyOutputStream(org.apache.hadoop.ozone.client.io.KeyOutputStream)
Aggregations
IOException (java.io.IOException)3
InvalidKeyException (java.security.InvalidKeyException)3
OMException (org.apache.hadoop.ozone.om.exceptions.OMException)3
GDPRSymmetricKey (org.apache.hadoop.ozone.security.GDPRSymmetricKey)3
CacheBuilder (com.google.common.cache.CacheBuilder)2
FileEncryptionInfo (org.apache.hadoop.fs.FileEncryptionInfo)2
SecureRandom (java.security.SecureRandom)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
CipherInputStream (javax.crypto.CipherInputStream)1
CipherOutputStream (javax.crypto.CipherOutputStream)1
CryptoInputStream (org.apache.hadoop.crypto.CryptoInputStream)1
CryptoOutputStream (org.apache.hadoop.crypto.CryptoOutputStream)1
KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)1
OzoneMultipartUploadList (org.apache.hadoop.ozone.client.OzoneMultipartUploadList)1
KeyOutputStream (org.apache.hadoop.ozone.client.io.KeyOutputStream)1
LengthInputStream (org.apache.hadoop.ozone.client.io.LengthInputStream)1
MultipartCryptoKeyInputStream (org.apache.hadoop.ozone.client.io.MultipartCryptoKeyInputStream)1
OzoneCryptoInputStream (org.apache.hadoop.ozone.client.io.OzoneCryptoInputStream)1
OzoneInputStream (org.apache.hadoop.ozone.client.io.OzoneInputStream)1
