@Override public void flush() throws IOException { Path newPath = constructNewPath(path); Path oldPath = constructOldPath(path); Path resetPath = path; writeLock.lock(); renameOrFail(newPath, new Path(newPath.toString() + "_ORPHANED_" + System.currentTimeMillis())); } catch (FileNotFoundException ignored) { renameOrFail(oldPath, new Path(oldPath.toString() + "_ORPHANED_" + System.currentTimeMillis())); } catch (FileNotFoundException ignored) { boolean fileExisted = backupToOld(oldPath); if (fileExisted) { resetPath = oldPath; writeToNew(newPath); } catch (IOException ioe) { revertFromOld(oldPath, fileExisted); resetPath = path; throw ioe; cleanupNewAndOld(newPath, oldPath); changed = false; } catch (IOException ioe) { resetKeyStoreState(resetPath);
@Override public KeyProvider createProvider(URI providerName, Configuration conf) throws IOException { if (SCHEME_NAME.equals(providerName.getScheme())) { return new JavaKeyStoreProvider(providerName, conf); } return null; } }
@Override public KeyVersion rollNewVersion(String name, byte[] material) throws IOException { writeLock.lock(); try { Metadata meta = getMetadata(name); if (meta == null) { throw new IOException("Key " + name + " not found"); } if (meta.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + meta.getBitLength() + ", but got " + (8 * material.length)); } int nextVersion = meta.addVersion(); String versionName = buildVersionName(name, nextVersion); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
@Override public List<KeyVersion> getKeyVersions(String name) throws IOException { readLock.lock(); try { List<KeyVersion> list = new ArrayList<KeyVersion>(); Metadata km = getMetadata(name); if (km != null) { int latestVersion = km.getVersions(); KeyVersion v = null; String versionName = null; for (int i = 0; i < latestVersion; i++) { versionName = buildVersionName(name, i); v = getKeyVersion(versionName); if (v != null) { list.add(v); } } } return list; } finally { readLock.unlock(); } }
try { password = ProviderUtils.locatePassword(KEYSTORE_PASSWORD_ENV_VAR, getConf().get(KEYSTORE_PASSWORD_FILE_KEY)); if (password == null) { password = KEYSTORE_PASSWORD_DEFAULT; Path oldPath = constructOldPath(path); Path newPath = constructNewPath(path); keyStore = KeyStore.getInstance(SCHEME_NAME); FsPermission perm = null; + "('%s' and '%s' should not exist together)!!", path, newPath)); perm = tryLoadFromPath(path, oldPath); } else { perm = tryLoadIncompleteFlush(oldPath, newPath);
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
writeLock.lock(); try { Metadata meta = getMetadata(name); if (meta == null) { throw new IOException("Key " + name + " does not exist in " + this); String versionName = buildVersionName(name, v); try { if (keyStore.containsAlias(versionName)) {
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(versionName)) { return null; } key = (SecretKeySpec) keyStore.getKey(versionName, password); } catch (KeyStoreException e) { throw new IOException("Can't get key " + versionName + " from " + path, e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for key " + key + " from " + path, e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key " + key + " from " + path, e); } return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); } finally { readLock.unlock(); } }
@Override public void writeToNew(Path newPath) throws IOException { if (writeFail) { throw new IOException("Injecting failure on write"); } super.writeToNew(newPath); }
@Override public boolean backupToOld(Path oldPath) throws IOException { if (backupFail) { throw new IOException("Inejection Failure on backup"); } return super.backupToOld(oldPath); }
try { password = ProviderUtils.locatePassword(KEYSTORE_PASSWORD_ENV_VAR, getConf().get(KEYSTORE_PASSWORD_FILE_KEY)); if (password == null) { password = KEYSTORE_PASSWORD_DEFAULT; Path oldPath = constructOldPath(path); Path newPath = constructNewPath(path); keyStore = KeyStore.getInstance(SCHEME_NAME); FsPermission perm = null; + "('%s' and '%s' should not exist together)!!", path, newPath)); perm = tryLoadFromPath(path, oldPath); } else { perm = tryLoadIncompleteFlush(oldPath, newPath);
@Override public List<KeyVersion> getKeyVersions(String name) throws IOException { readLock.lock(); try { List<KeyVersion> list = new ArrayList<KeyVersion>(); Metadata km = getMetadata(name); if (km != null) { int latestVersion = km.getVersions(); KeyVersion v = null; String versionName = null; for (int i = 0; i < latestVersion; i++) { versionName = buildVersionName(name, i); v = getKeyVersion(versionName); if (v != null) { list.add(v); } } } return list; } finally { readLock.unlock(); } }
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
writeLock.lock(); try { Metadata meta = getMetadata(name); if (meta == null) { throw new IOException("Key " + name + " does not exist in " + this); String versionName = buildVersionName(name, v); try { if (keyStore.containsAlias(versionName)) {
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(versionName)) { return null; } key = (SecretKeySpec) keyStore.getKey(versionName, password); } catch (KeyStoreException e) { throw new IOException("Can't get key " + versionName + " from " + path, e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for key " + key + " from " + path, e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key " + key + " from " + path, e); } return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); } finally { readLock.unlock(); } }
@Override public void writeToNew(Path newPath) throws IOException { if (writeFail) { throw new IOException("Injecting failure on write"); } super.writeToNew(newPath); }
@Override public boolean backupToOld(Path oldPath) throws IOException { if (backupFail) { throw new IOException("Inejection Failure on backup"); } return super.backupToOld(oldPath); }
@Override public void flush() throws IOException { Path newPath = constructNewPath(path); Path oldPath = constructOldPath(path); Path resetPath = path; writeLock.lock(); renameOrFail(newPath, new Path(newPath.toString() + "_ORPHANED_" + System.currentTimeMillis())); renameOrFail(oldPath, new Path(oldPath.toString() + "_ORPHANED_" + System.currentTimeMillis())); boolean fileExisted = backupToOld(oldPath); if (fileExisted) { resetPath = oldPath; writeToNew(newPath); } catch (IOException ioe) { revertFromOld(oldPath, fileExisted); resetPath = path; throw ioe; cleanupNewAndOld(newPath, oldPath); changed = false; } catch (IOException ioe) { resetKeyStoreState(resetPath); throw ioe; } finally {
Path oldPath = constructOldPath(path); Path newPath = constructNewPath(path); keyStore = KeyStore.getInstance(SCHEME_NAME); FsPermission perm = null; + "('%s' and '%s' should not exist together)!!", path, newPath)); perm = tryLoadFromPath(path, oldPath); } else { perm = tryLoadIncompleteFlush(oldPath, newPath);
@Override public KeyVersion rollNewVersion(String name, byte[] material) throws IOException { writeLock.lock(); try { Metadata meta = getMetadata(name); if (meta == null) { throw new IOException("Key " + name + " not found"); } if (meta.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + meta.getBitLength() + ", but got " + (8 * material.length)); } int nextVersion = meta.addVersion(); String versionName = buildVersionName(name, nextVersion); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }