Examples with GroupKey org.apache.ignite.internal.managers.encryption.GroupKey used on opensource projects

Example 16 with GroupKey

use of org.apache.ignite.internal.managers.encryption.GroupKey in project ignite by apache.

the class EncryptedCacheBigEntryTest method testCreateEncryptedCacheWithBigEntry.

/**
 * @throws Exception If failed.
 */
@Test
public void testCreateEncryptedCacheWithBigEntry() throws Exception {
    T2<IgniteEx, IgniteEx> grids = startTestGrids(true);
    createEncryptedCache(grids.get1(), grids.get2(), cacheName(), null);
    checkEncryptedCaches(grids.get1(), grids.get2());
    int grpId = CU.cacheGroupId(cacheName(), null);
    KeystoreEncryptionKey keyBeforeRestart = (KeystoreEncryptionKey) grids.get1().context().encryption().getActiveKey(grpId).key();
    stopAllGrids();
    grids = startTestGrids(false);
    checkEncryptedCaches(grids.get1(), grids.get2());
    GroupKey grpKeyAfterRestart = grids.get1().context().encryption().getActiveKey(grpId);
    assertNotNull(grpKeyAfterRestart);
    KeystoreEncryptionKey keyAfterRestart = (KeystoreEncryptionKey) grpKeyAfterRestart.key();
    assertNotNull(keyAfterRestart);
    assertNotNull(keyAfterRestart.key());
    assertEquals(keyBeforeRestart.key(), keyAfterRestart.key());
}

Example 17 with GroupKey

use of org.apache.ignite.internal.managers.encryption.GroupKey in project ignite by apache.

the class EncryptedCacheGroupCreateTest method testCreateEncryptedCacheGroup.

/**
 * @throws Exception If failed.
 */
@Test
public void testCreateEncryptedCacheGroup() throws Exception {
    KeystoreEncryptionKey key = createEncryptedCache(ENCRYPTED_CACHE, ENCRYPTED_GROUP);
    CacheConfiguration<Long, String> ccfg = new CacheConfiguration<>(ENCRYPTED_CACHE + "2");
    ccfg.setEncryptionEnabled(true);
    ccfg.setGroupName(ENCRYPTED_GROUP);
    IgniteEx grid = grid(0);
    grid.createCache(ccfg);
    IgniteInternalCache<Object, Object> encrypted2 = grid.cachex(ENCRYPTED_CACHE + "2");
    GridEncryptionManager encMgr = encrypted2.context().kernalContext().encryption();
    GroupKey grpKey2 = encMgr.getActiveKey(CU.cacheGroupId(ENCRYPTED_CACHE, ENCRYPTED_GROUP));
    assertNotNull(grpKey2);
    KeystoreEncryptionKey key2 = (KeystoreEncryptionKey) grpKey2.key();
    assertNotNull(key2);
    assertNotNull(key2.key());
    assertEquals(key.key(), key2.key());
}

Example 18 with GroupKey

use of org.apache.ignite.internal.managers.encryption.GroupKey in project ignite by apache.

the class ClusterCachesInfo method registerNewCache.

/**
 * Register new cache received from joining node.
 *
 * @param joinData Data from joining node.
 * @param nodeId Joining node id.
 * @param cacheInfo Cache info of new node.
 */
private void registerNewCache(CacheJoinNodeDiscoveryData joinData, UUID nodeId, CacheJoinNodeDiscoveryData.CacheInfo cacheInfo) {
    CacheConfiguration<?, ?> cfg = cacheInfo.cacheData().config();
    int cacheId = CU.cacheId(cfg.getName());
    CacheGroupDescriptor grpDesc = registerCacheGroup(null, null, cfg, cacheId, nodeId, joinData.cacheDeploymentId(), null, null, cacheInfo.cacheData().cacheConfigurationEnrichment());
    ctx.discovery().setCacheFilter(cacheId, grpDesc.groupId(), cfg.getName(), cfg.getNearConfiguration() != null);
    DynamicCacheDescriptor desc = new DynamicCacheDescriptor(ctx, cfg, cacheInfo.cacheType(), grpDesc, false, nodeId, cacheInfo.isStaticallyConfigured(), cacheInfo.sql(), joinData.cacheDeploymentId(), new QuerySchema(cacheInfo.cacheData().queryEntities()), cacheInfo.cacheData().cacheConfigurationEnrichment());
    DynamicCacheDescriptor old = registeredCaches.put(cfg.getName(), desc);
    registeredCachesById.put(desc.cacheId(), desc);
    if (cacheInfo.cacheData().groupKeyEncrypted() != null) {
        int grpId = CU.cacheGroupId(cacheInfo.cacheData().config());
        assert cacheInfo.cacheData().config().isEncryptionEnabled();
        GroupKeyEncrypted restoredKey = cacheInfo.cacheData().groupKeyEncrypted();
        GroupKey activeKey = ctx.encryption().getActiveKey(grpId);
        if (activeKey == null)
            ctx.encryption().setInitialGroupKey(grpId, restoredKey.key(), restoredKey.id());
        else {
            assert activeKey.equals(new GroupKey(restoredKey.id(), ctx.config().getEncryptionSpi().decryptKey(restoredKey.key())));
        }
    }
    assert old == null : old;
}

Example 19 with GroupKey

use of org.apache.ignite.internal.managers.encryption.GroupKey in project ignite by apache.

the class SpringEncryptedCacheRestartTest method testEncryptionKeysEqualsOnThirdNodeJoin.

/**
 * @throws Exception If failed.
 */
@Test
public void testEncryptionKeysEqualsOnThirdNodeJoin() throws Exception {
    T2<IgniteEx, IgniteEx> g = startTestGrids(true);
    IgniteEx g2 = (IgniteEx) IgnitionEx.start(IgniteUtils.resolveIgnitePath("modules/spring/src/test/config/enc/enc-group-2.xml").getAbsolutePath(), "grid-2");
    Collection<String> cacheNames = Arrays.asList("encrypted", "encrypted-2");
    for (String cacheName : cacheNames) {
        IgniteInternalCache<Object, Object> enc = g.get1().cachex(cacheName);
        assertNotNull(enc);
        int grpId = CU.cacheGroupId(enc.configuration());
        GroupKey grpKey0 = g.get1().context().encryption().getActiveKey(grpId);
        GroupKey grpKey1 = g.get2().context().encryption().getActiveKey(grpId);
        GroupKey grpKey2 = g2.context().encryption().getActiveKey(grpId);
        assertNotNull(cacheName, grpKey0);
        assertNotNull(cacheName, grpKey1);
        assertNotNull(cacheName, grpKey2);
        KeystoreEncryptionKey key0 = (KeystoreEncryptionKey) grpKey0.key();
        KeystoreEncryptionKey key1 = (KeystoreEncryptionKey) grpKey1.key();
        KeystoreEncryptionKey key2 = (KeystoreEncryptionKey) grpKey2.key();
        assertNotNull(cacheName, key0.key());
        assertNotNull(cacheName, key1.key());
        assertNotNull(cacheName, key2.key());
        assertNotNull(cacheName, key0.key());
        assertNotNull(cacheName, key1.key());
        assertNotNull(cacheName, key2.key());
        assertEquals(cacheName, key0.key(), key1.key());
        assertEquals(cacheName, key1.key(), key2.key());
    }
}

Example 20 with GroupKey

use of org.apache.ignite.internal.managers.encryption.GroupKey in project gridgain by gridgain.

the class RecordDataV1Serializer method readEncryptedData.

/**
 * Reads and decrypt data from {@code in} stream.
 *
 * @param in Input stream.
 * @param readType If {@code true} plain record type will be read from {@code in}.
 * @param readKeyId If {@code true} encryption key identifier will be read from {@code in}.
 * @return Plain data stream, group id, plain record type,
 * @throws IOException If failed.
 * @throws IgniteCheckedException If failed.
 */
private T3<ByteBufferBackedDataInput, Integer, RecordType> readEncryptedData(ByteBufferBackedDataInput in, boolean readType, boolean readKeyId) throws IOException, IgniteCheckedException {
    int grpId = in.readInt();
    int encRecSz = in.readInt();
    RecordType plainRecType = null;
    if (readType)
        plainRecType = RecordV1Serializer.readRecordType(in);
    int keyId = readKeyId ? in.readUnsignedByte() : GridEncryptionManager.INITIAL_KEY_ID;
    byte[] encData = new byte[encRecSz];
    in.readFully(encData);
    GroupKey grpKey = encMgr.groupKey(grpId, keyId);
    if (grpKey == null)
        return new T3<>(null, grpId, plainRecType);
    byte[] clData = encSpi.decrypt(encData, grpKey.key());
    return new T3<>(new ByteBufferBackedDataInputImpl().buffer(ByteBuffer.wrap(clData)), grpId, plainRecType);
}