Example 1 with KeyProvider
use of org.apache.nifi.security.kms.KeyProvider in project nifi by apache.
the class EncryptedWriteAheadProvenanceRepository method initialize.
/**
* This method initializes the repository. It first builds the key provider and event encryptor
* from the config values, then creates the encrypted record writer and reader, then delegates
* back to the superclass for the common implementation.
*
* @param eventReporter the event reporter
* @param authorizer the authorizer
* @param resourceFactory the authorizable factory
* @param idLookup the lookup provider
* @throws IOException if there is an error initializing this repository
*/
@Override
public synchronized void initialize(final EventReporter eventReporter, final Authorizer authorizer, final ProvenanceAuthorizableFactory resourceFactory, final IdentifierLookup idLookup) throws IOException {
// Initialize the encryption-specific fields
ProvenanceEventEncryptor provenanceEventEncryptor;
if (getConfig().supportsEncryption()) {
try {
KeyProvider keyProvider;
if (KeyProviderFactory.requiresMasterKey(getConfig().getKeyProviderImplementation())) {
SecretKey masterKey = getMasterKey();
keyProvider = buildKeyProvider(masterKey);
} else {
keyProvider = buildKeyProvider();
}
provenanceEventEncryptor = new AESProvenanceEventEncryptor();
provenanceEventEncryptor.initialize(keyProvider);
} catch (KeyManagementException e) {
String msg = "Encountered an error building the key provider";
logger.error(msg, e);
throw new IOException(msg, e);
}
} else {
throw new IOException("The provided configuration does not support a encrypted repository");
}
// Build a factory using lambda which injects the encryptor
final RecordWriterFactory recordWriterFactory = (file, idGenerator, compressed, createToc) -> {
try {
final TocWriter tocWriter = createToc ? new StandardTocWriter(TocUtil.getTocFile(file), false, false) : null;
return new EncryptedSchemaRecordWriter(file, idGenerator, tocWriter, compressed, BLOCK_SIZE, idLookup, provenanceEventEncryptor, getConfig().getDebugFrequency());
} catch (EncryptionException e) {
logger.error("Encountered an error building the schema record writer factory: ", e);
throw new IOException(e);
}
};
// Build a factory using lambda which injects the encryptor
final EventFileManager fileManager = new EventFileManager();
final RecordReaderFactory recordReaderFactory = (file, logs, maxChars) -> {
fileManager.obtainReadLock(file);
try {
EncryptedSchemaRecordReader tempReader = (EncryptedSchemaRecordReader) RecordReaders.newRecordReader(file, logs, maxChars);
tempReader.setProvenanceEventEncryptor(provenanceEventEncryptor);
return tempReader;
} finally {
fileManager.releaseReadLock(file);
}
};
// Delegate the init to the parent impl
super.init(recordWriterFactory, recordReaderFactory, eventReporter, authorizer, resourceFactory);
}
Also used :
KeyProvider(org.apache.nifi.security.kms.KeyProvider)
StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter)
Logger(org.slf4j.Logger)
DecoderException(org.apache.commons.codec.DecoderException)
NiFiPropertiesLoader(org.apache.nifi.properties.NiFiPropertiesLoader)
LoggerFactory(org.slf4j.LoggerFactory)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
Hex(org.apache.commons.codec.binary.Hex)
RecordReaders(org.apache.nifi.provenance.serialization.RecordReaders)
EventFileManager(org.apache.nifi.provenance.store.EventFileManager)
TocWriter(org.apache.nifi.provenance.toc.TocWriter)
Authorizer(org.apache.nifi.authorization.Authorizer)
EventReporter(org.apache.nifi.events.EventReporter)
NiFiProperties(org.apache.nifi.util.NiFiProperties)
RecordReaderFactory(org.apache.nifi.provenance.store.RecordReaderFactory)
SecretKey(javax.crypto.SecretKey)
RecordWriterFactory(org.apache.nifi.provenance.store.RecordWriterFactory)
TocUtil(org.apache.nifi.provenance.toc.TocUtil)
KeyProvider(org.apache.nifi.security.kms.KeyProvider)
KeyProviderFactory(org.apache.nifi.security.kms.KeyProviderFactory)
EventFileManager(org.apache.nifi.provenance.store.EventFileManager)
IOException(java.io.IOException)
RecordWriterFactory(org.apache.nifi.provenance.store.RecordWriterFactory)
KeyManagementException(java.security.KeyManagementException)
RecordReaderFactory(org.apache.nifi.provenance.store.RecordReaderFactory)
StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter)
SecretKey(javax.crypto.SecretKey)
StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter)
TocWriter(org.apache.nifi.provenance.toc.TocWriter)
Aggregations
IOException (java.io.IOException)1
KeyManagementException (java.security.KeyManagementException)1
SecretKey (javax.crypto.SecretKey)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
DecoderException (org.apache.commons.codec.DecoderException)1
Hex (org.apache.commons.codec.binary.Hex)1
Authorizer (org.apache.nifi.authorization.Authorizer)1
EventReporter (org.apache.nifi.events.EventReporter)1
NiFiPropertiesLoader (org.apache.nifi.properties.NiFiPropertiesLoader)1
RecordReaders (org.apache.nifi.provenance.serialization.RecordReaders)1
EventFileManager (org.apache.nifi.provenance.store.EventFileManager)1
RecordReaderFactory (org.apache.nifi.provenance.store.RecordReaderFactory)1
RecordWriterFactory (org.apache.nifi.provenance.store.RecordWriterFactory)1
StandardTocWriter (org.apache.nifi.provenance.toc.StandardTocWriter)1
TocUtil (org.apache.nifi.provenance.toc.TocUtil)1
TocWriter (org.apache.nifi.provenance.toc.TocWriter)1
KeyProvider (org.apache.nifi.security.kms.KeyProvider)1
KeyProviderFactory (org.apache.nifi.security.kms.KeyProviderFactory)1
NiFiProperties (org.apache.nifi.util.NiFiProperties)1
Logger (org.slf4j.Logger)1
