use of org.apache.ignite.internal.managers.encryption.GridEncryptionManager.EmptyResult in project ignite by apache.
the class GroupKeyChangeProcess method prepare.
/**
* Validates existing keys.
*
* @param req Request.
* @return Result future.
*/
private IgniteInternalFuture<EmptyResult> prepare(ChangeCacheEncryptionRequest req) {
if (ctx.clientNode())
return new GridFinishedFuture<>();
if (inProgress()) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "The previous change was not completed."));
}
if (ctx.cache().context().snapshotMgr().isSnapshotCreating() || ctx.cache().context().snapshotMgr().isRestoring()) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Snapshot operation is in progress."));
}
this.req = req;
try {
for (int i = 0; i < req.groupIds().length; i++) {
int grpId = req.groupIds()[i];
int keyId = req.keyIds()[i] & 0xff;
if (ctx.encryption().reencryptionInProgress(grpId)) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Cache group reencryption is in progress [grpId=" + grpId + "]"));
}
List<Integer> keyIds = ctx.encryption().groupKeyIds(grpId);
if (keyIds == null) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected." + "Encrypted cache group not found [grpId=" + grpId + "]"));
}
GroupKey currKey = ctx.encryption().getActiveKey(grpId);
for (int locKeyId : keyIds) {
if (locKeyId != keyId)
continue;
Long walSegment = keys.reservedSegment(grpId, keyId);
// Can overwrite inactive key if it was added during prepare phase.
if (walSegment == null && currKey.id() != (byte) keyId)
continue;
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. Cannot add new key identifier, " + "it's already present. There existing WAL segments that encrypted with this key [" + "grpId=" + grpId + ", newId=" + keyId + ", currId=" + currKey.unsignedId() + ", walSegment=" + walSegment + "]."));
}
}
return ctx.encryption().withMasterKeyChangeReadLock(() -> {
if (!Arrays.equals(ctx.config().getEncryptionSpi().masterKeyDigest(), req.masterKeyDigest())) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected. " + "Master key has been changed."));
}
for (int i = 0; i < req.groupIds().length; i++) {
// Save the new key as inactive, because the master key may change later
// and there will be no way to decrypt the received keys.
GroupKeyEncrypted grpKey = new GroupKeyEncrypted(req.keyIds()[i] & 0xff, req.keys()[i]);
ctx.encryption().addGroupKey(req.groupIds()[i], grpKey);
}
return new GridFinishedFuture<>(new EmptyResult());
});
} catch (Exception e) {
return new GridFinishedFuture<>(new IgniteException("Cache group key change was rejected [nodeId=" + ctx.localNodeId() + ']', e));
}
}
Aggregations