@Override public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters context) { try { secretKeyCache.ensureSecretKeyCacheInitialized(context); doKeyEncryptionOperation(Cipher.WRAP_MODE, context); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return context; }
new SecretKeySpec(secretKeyCache.getKeyEncryptionKey(), params.getAlgorithmName())); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); byte[] encryptedSecretKey = cipher.wrap(plaintextKey); params.setEncryptedKey(encryptedSecretKey); params.setOpaqueKeyEncryptionKeyID(secretKeyCache.getPathToKeyName()); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e);
public synchronized void ensureSecretKeyCacheInitialized(CryptoModuleParameters context) throws IOException { if (initialized) { return; } // First identify if the KEK already exists pathToKeyName = getFullPathToKey(context); if (pathToKeyName == null || pathToKeyName.equals("")) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } // TODO ACCUMULO-2530 Ensure volumes a properly supported Path pathToKey = new Path(pathToKeyName); FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); DataInputStream in = null; try { if (!fs.exists(pathToKey)) { initializeKeyEncryptionKey(fs, pathToKey, context); } in = fs.open(pathToKey); int keyEncryptionKeyLength = in.readInt(); keyEncryptionKey = new byte[keyEncryptionKeyLength]; in.readFully(keyEncryptionKey); initialized = true; } catch (IOException e) { log.error("Could not initialize key encryption cache", e); } finally { IOUtils.closeQuietly(in); } }
@Override public CryptoModuleParameters decryptSecretKey(CryptoModuleParameters context) { try { secretKeyCache.ensureSecretKeyCacheInitialized(context); doKeyEncryptionOperation(Cipher.UNWRAP_MODE, context); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return context; }