Search in sources :

Example 1 with KeyProvider

use of org.apache.nifi.security.kms.KeyProvider in project nifi by apache.

the class EncryptedWriteAheadProvenanceRepository method initialize.

/**
 * This method initializes the repository. It first builds the key provider and event encryptor
 * from the config values, then creates the encrypted record writer and reader, then delegates
 * back to the superclass for the common implementation.
 *
 * @param eventReporter   the event reporter
 * @param authorizer      the authorizer
 * @param resourceFactory the authorizable factory
 * @param idLookup        the lookup provider
 * @throws IOException if there is an error initializing this repository
 */
@Override
public synchronized void initialize(final EventReporter eventReporter, final Authorizer authorizer, final ProvenanceAuthorizableFactory resourceFactory, final IdentifierLookup idLookup) throws IOException {
    // Initialize the encryption-specific fields
    ProvenanceEventEncryptor provenanceEventEncryptor;
    if (getConfig().supportsEncryption()) {
        try {
            KeyProvider keyProvider;
            if (KeyProviderFactory.requiresMasterKey(getConfig().getKeyProviderImplementation())) {
                SecretKey masterKey = getMasterKey();
                keyProvider = buildKeyProvider(masterKey);
            } else {
                keyProvider = buildKeyProvider();
            }
            provenanceEventEncryptor = new AESProvenanceEventEncryptor();
            provenanceEventEncryptor.initialize(keyProvider);
        } catch (KeyManagementException e) {
            String msg = "Encountered an error building the key provider";
            logger.error(msg, e);
            throw new IOException(msg, e);
        }
    } else {
        throw new IOException("The provided configuration does not support a encrypted repository");
    }
    // Build a factory using lambda which injects the encryptor
    final RecordWriterFactory recordWriterFactory = (file, idGenerator, compressed, createToc) -> {
        try {
            final TocWriter tocWriter = createToc ? new StandardTocWriter(TocUtil.getTocFile(file), false, false) : null;
            return new EncryptedSchemaRecordWriter(file, idGenerator, tocWriter, compressed, BLOCK_SIZE, idLookup, provenanceEventEncryptor, getConfig().getDebugFrequency());
        } catch (EncryptionException e) {
            logger.error("Encountered an error building the schema record writer factory: ", e);
            throw new IOException(e);
        }
    };
    // Build a factory using lambda which injects the encryptor
    final EventFileManager fileManager = new EventFileManager();
    final RecordReaderFactory recordReaderFactory = (file, logs, maxChars) -> {
        fileManager.obtainReadLock(file);
        try {
            EncryptedSchemaRecordReader tempReader = (EncryptedSchemaRecordReader) RecordReaders.newRecordReader(file, logs, maxChars);
            tempReader.setProvenanceEventEncryptor(provenanceEventEncryptor);
            return tempReader;
        } finally {
            fileManager.releaseReadLock(file);
        }
    };
    // Delegate the init to the parent impl
    super.init(recordWriterFactory, recordReaderFactory, eventReporter, authorizer, resourceFactory);
}
Also used : KeyProvider(org.apache.nifi.security.kms.KeyProvider) StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter) Logger(org.slf4j.Logger) DecoderException(org.apache.commons.codec.DecoderException) NiFiPropertiesLoader(org.apache.nifi.properties.NiFiPropertiesLoader) LoggerFactory(org.slf4j.LoggerFactory) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) Hex(org.apache.commons.codec.binary.Hex) RecordReaders(org.apache.nifi.provenance.serialization.RecordReaders) EventFileManager(org.apache.nifi.provenance.store.EventFileManager) TocWriter(org.apache.nifi.provenance.toc.TocWriter) Authorizer(org.apache.nifi.authorization.Authorizer) EventReporter(org.apache.nifi.events.EventReporter) NiFiProperties(org.apache.nifi.util.NiFiProperties) RecordReaderFactory(org.apache.nifi.provenance.store.RecordReaderFactory) SecretKey(javax.crypto.SecretKey) RecordWriterFactory(org.apache.nifi.provenance.store.RecordWriterFactory) TocUtil(org.apache.nifi.provenance.toc.TocUtil) KeyProvider(org.apache.nifi.security.kms.KeyProvider) KeyProviderFactory(org.apache.nifi.security.kms.KeyProviderFactory) EventFileManager(org.apache.nifi.provenance.store.EventFileManager) IOException(java.io.IOException) RecordWriterFactory(org.apache.nifi.provenance.store.RecordWriterFactory) KeyManagementException(java.security.KeyManagementException) RecordReaderFactory(org.apache.nifi.provenance.store.RecordReaderFactory) StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter) SecretKey(javax.crypto.SecretKey) StandardTocWriter(org.apache.nifi.provenance.toc.StandardTocWriter) TocWriter(org.apache.nifi.provenance.toc.TocWriter)

Aggregations

IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 SecretKey (javax.crypto.SecretKey)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 DecoderException (org.apache.commons.codec.DecoderException)1 Hex (org.apache.commons.codec.binary.Hex)1 Authorizer (org.apache.nifi.authorization.Authorizer)1 EventReporter (org.apache.nifi.events.EventReporter)1 NiFiPropertiesLoader (org.apache.nifi.properties.NiFiPropertiesLoader)1 RecordReaders (org.apache.nifi.provenance.serialization.RecordReaders)1 EventFileManager (org.apache.nifi.provenance.store.EventFileManager)1 RecordReaderFactory (org.apache.nifi.provenance.store.RecordReaderFactory)1 RecordWriterFactory (org.apache.nifi.provenance.store.RecordWriterFactory)1 StandardTocWriter (org.apache.nifi.provenance.toc.StandardTocWriter)1 TocUtil (org.apache.nifi.provenance.toc.TocUtil)1 TocWriter (org.apache.nifi.provenance.toc.TocWriter)1 KeyProvider (org.apache.nifi.security.kms.KeyProvider)1 KeyProviderFactory (org.apache.nifi.security.kms.KeyProviderFactory)1 NiFiProperties (org.apache.nifi.util.NiFiProperties)1 Logger (org.slf4j.Logger)1