Search in sources :

Example 1 with EmptyResult

use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager.EmptyResult in project ignite by apache.

the class GroupKeyChangeProcess method prepare.

/**
 * Validates existing keys.
 *
 * @param req Request.
 * @return Result future.
 */
private IgniteInternalFuture<EmptyResult> prepare(ChangeCacheEncryptionRequest req) {
    if (ctx.clientNode())
        return new GridFinishedFuture<>();
    if (inProgress()) {
        return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "The previous change was not completed."));
    }
    if (ctx.cache().context().snapshotMgr().isSnapshotCreating() || ctx.cache().context().snapshotMgr().isRestoring()) {
        return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Snapshot operation is in progress."));
    }
    this.req = req;
    try {
        for (int i = 0; i < req.groupIds().length; i++) {
            int grpId = req.groupIds()[i];
            int keyId = req.keyIds()[i] & 0xff;
            if (ctx.encryption().reencryptionInProgress(grpId)) {
                return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Cache group reencryption is in progress [grpId=" + grpId + "]"));
            }
            List<Integer> keyIds = ctx.encryption().groupKeyIds(grpId);
            if (keyIds == null) {
                return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected." + "Encrypted cache group not found [grpId=" + grpId + "]"));
            }
            GroupKey currKey = ctx.encryption().getActiveKey(grpId);
            for (int locKeyId : keyIds) {
                if (locKeyId != keyId)
                    continue;
                Long walSegment = keys.reservedSegment(grpId, keyId);
                // Can overwrite inactive key if it was added during prepare phase.
                if (walSegment == null && currKey.id() != (byte) keyId)
                    continue;
                return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. Cannot add new key identifier, " + "it's already present. There existing WAL segments that encrypted with this key [" + "grpId=" + grpId + ", newId=" + keyId + ", currId=" + currKey.unsignedId() + ", walSegment=" + walSegment + "]."));
            }
        }
        return ctx.encryption().withMasterKeyChangeReadLock(() -> {
            if (!Arrays.equals(ctx.config().getEncryptionSpi().masterKeyDigest(), req.masterKeyDigest())) {
                return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Master key has been changed."));
            }
            for (int i = 0; i < req.groupIds().length; i++) {
                // Save the new key as inactive, because the master key may change later
                // and there will be no way to decrypt the received keys.
                GroupKeyEncrypted grpKey = new GroupKeyEncrypted(req.keyIds()[i] & 0xff, req.keys()[i]);
                ctx.encryption().addGroupKey(req.groupIds()[i], grpKey);
            }
            return new GridFinishedFuture<>(new EmptyResult());
        });
    } catch (Exception e) {
        return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected [nodeId=" + ctx.localNodeId() + ']', e));
    }
}
Also used : IgniteException(org.apache.ignite.IgniteException) EmptyResult(org.apache.ignite.internal.managers.encryption.GridEncryptionManager.EmptyResult) IgniteException(org.apache.ignite.IgniteException) IgniteFutureCancelledException(org.apache.ignite.lang.IgniteFutureCancelledException) GridFinishedFuture(org.apache.ignite.internal.util.future.GridFinishedFuture)

Aggregations

IgniteException (org.apache.ignite.IgniteException)1 EmptyResult (org.apache.ignite.internal.managers.encryption.GridEncryptionManager.EmptyResult)1 GridFinishedFuture (org.apache.ignite.internal.util.future.GridFinishedFuture)1 IgniteFutureCancelledException (org.apache.ignite.lang.IgniteFutureCancelledException)1