@Override public KeyVersion rollNewVersion(String name, byte[] material) throws IOException { writeLock.lock(); try { Metadata meta = getMetadata(name); if (meta == null) { throw new IOException("Key " + name + " not found"); } if (meta.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + meta.getBitLength() + ", but got " + (8 * material.length)); } int nextVersion = meta.addVersion(); String versionName = buildVersionName(name, nextVersion); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
throw new IOException("Key " + name + " does not exist in " + this); for(int v=0; v < meta.getVersions(); ++v) { String versionName = buildVersionName(name, v); try {
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
Assert.assertEquals("AES/CTR/NoPadding", m1.getCipher()); Assert.assertEquals("AES", m1.getAlgorithm()); Assert.assertEquals(128, m1.getBitLength()); Assert.assertEquals(1, m1.getVersions()); Assert.assertNotNull(m1.getCreated()); Assert.assertTrue(started.before(m1.getCreated())); Assert.assertEquals("AES/CTR/NoPadding", m2.getCipher()); Assert.assertEquals("AES", m2.getAlgorithm()); Assert.assertEquals(128, m2.getBitLength()); Assert.assertEquals(2, m2.getVersions()); Assert.assertNotNull(m2.getCreated()); Assert.assertTrue(started.before(m2.getCreated())); Assert.assertEquals("AES/CTR/NoPadding", kms1[0].getCipher()); Assert.assertEquals("AES", kms1[0].getAlgorithm()); Assert.assertEquals(128, kms1[0].getBitLength()); Assert.assertEquals(2, kms1[0].getVersions()); Assert.assertNotNull(kms1[0].getCreated()); Assert.assertTrue(started.before(kms1[0].getCreated())); KeyVersion kVer2 = kp.createKey("k2", options); KeyProvider.Metadata meta = kp.getMetadata("k2"); Assert.assertNull(meta.getDescription()); Assert.assertEquals("k2", meta.getAttributes().get("key.acl.name")); kp.createKey("k3", options); meta = kp.getMetadata("k3"); Assert.assertEquals("d", meta.getDescription());
Assert.assertEquals("AES/CTR/NoPadding", m1.getCipher()); Assert.assertEquals("AES", m1.getAlgorithm()); Assert.assertEquals(128, m1.getBitLength()); Assert.assertEquals(1, m1.getVersions()); Assert.assertNotNull(m1.getCreated()); Assert.assertTrue(started.before(m1.getCreated())); Assert.assertEquals("AES/CTR/NoPadding", m2.getCipher()); Assert.assertEquals("AES", m2.getAlgorithm()); Assert.assertEquals(128, m2.getBitLength()); Assert.assertEquals(2, m2.getVersions()); Assert.assertNotNull(m2.getCreated()); Assert.assertTrue(started.before(m2.getCreated())); Assert.assertEquals("AES/CTR/NoPadding", kms1[0].getCipher()); Assert.assertEquals("AES", kms1[0].getAlgorithm()); Assert.assertEquals(128, kms1[0].getBitLength()); Assert.assertEquals(2, kms1[0].getVersions()); Assert.assertNotNull(kms1[0].getCreated()); Assert.assertTrue(started.before(kms1[0].getCreated())); KeyVersion kVer2 = kp.createKey("k2", options); KeyProvider.Metadata meta = kp.getMetadata("k2"); Assert.assertNull(meta.getDescription()); Assert.assertEquals("k2", meta.getAttributes().get("key.acl.name")); kp.createKey("k3", options); meta = kp.getMetadata("k3"); Assert.assertEquals("d", meta.getDescription());
assertEquals(KeyProvider.DEFAULT_CIPHER, meta.getCipher()); assertEquals(KeyProvider.DEFAULT_BITLENGTH, meta.getBitLength()); assertEquals(1, meta.getVersions()); provider.rollNewVersion("key4", new byte[]{2}); meta = provider.getMetadata("key4"); assertEquals(2, meta.getVersions()); assertArrayEquals(new byte[]{2}, provider.getCurrentKey("key4").getMaterial());
assertEquals(KeyProvider.DEFAULT_CIPHER, meta.getCipher()); assertEquals(KeyProvider.DEFAULT_BITLENGTH, meta.getBitLength()); assertEquals(1, meta.getVersions()); provider.rollNewVersion("key4", new byte[]{2}); meta = provider.getMetadata("key4"); assertEquals(2, meta.getVersions()); assertArrayEquals(new byte[]{2}, provider.getCurrentKey("key4").getMaterial());
createEncryptionZoneInt(src, metadata.getCipher(), keyName, logRetryCache); } catch (AccessControlException e) {
createEncryptionZoneInt(src, metadata.getCipher(), keyName, logRetryCache); } catch (AccessControlException e) {
KeyProvider.Metadata metadata = metadatas[i]; secureStoreMetadatas.add(new SecureStoreMetadata(keysInNamespace.get(i).substring(prefix.length()), metadata.getDescription(), metadata.getCreated().getTime(), metadata.getAttributes()));
KeyProvider.Metadata meta = new KeyProvider.Metadata("myCipher", 100, null, null, date, 123); assertEquals("myCipher", meta.getCipher()); assertEquals(100, meta.getBitLength()); assertNull(meta.getDescription()); assertEquals(date, meta.getCreated()); assertEquals(123, meta.getVersions()); KeyProvider.Metadata second = new KeyProvider.Metadata(meta.serialize()); assertEquals(meta.getCipher(), second.getCipher()); assertEquals(meta.getBitLength(), second.getBitLength()); assertNull(second.getDescription()); assertTrue(second.getAttributes().isEmpty()); assertEquals(meta.getCreated(), second.getCreated()); assertEquals(meta.getVersions(), second.getVersions()); int newVersion = second.addVersion(); assertEquals(123, newVersion); assertEquals(124, second.getVersions()); assertEquals(123, meta.getVersions()); Map<String, String> attributes = new HashMap<String, String>(); attributes.put("a", "A"); meta = new KeyProvider.Metadata("myCipher", 100, "description", attributes, date, 123); assertEquals("myCipher", meta.getCipher()); assertEquals(100, meta.getBitLength()); assertEquals("description", meta.getDescription()); assertEquals(attributes, meta.getAttributes()); assertEquals(date, meta.getCreated()); assertEquals(123, meta.getVersions());
KeyProvider.Metadata meta = new KeyProvider.Metadata("myCipher", 100, null, null, date, 123); assertEquals("myCipher", meta.getCipher()); assertEquals(100, meta.getBitLength()); assertNull(meta.getDescription()); assertEquals(date, meta.getCreated()); assertEquals(123, meta.getVersions()); KeyProvider.Metadata second = new KeyProvider.Metadata(meta.serialize()); assertEquals(meta.getCipher(), second.getCipher()); assertEquals(meta.getBitLength(), second.getBitLength()); assertNull(second.getDescription()); assertTrue(second.getAttributes().isEmpty()); assertEquals(meta.getCreated(), second.getCreated()); assertEquals(meta.getVersions(), second.getVersions()); int newVersion = second.addVersion(); assertEquals(123, newVersion); assertEquals(124, second.getVersions()); assertEquals(123, meta.getVersions()); Map<String, String> attributes = new HashMap<String, String>(); attributes.put("a", "A"); meta = new KeyProvider.Metadata("myCipher", 100, "description", attributes, date, 123); assertEquals("myCipher", meta.getCipher()); assertEquals(100, meta.getBitLength()); assertEquals("description", meta.getDescription()); assertEquals(attributes, meta.getAttributes()); assertEquals(date, meta.getCreated()); assertEquals(123, meta.getVersions());
throw new IOException("Key " + name + " does not exist in " + this); for(int v=0; v < meta.getVersions(); ++v) { String versionName = buildVersionName(name, v); try {
throw new IOException("Key " + name + " does not exist in " + this); for(int v=0; v < meta.getVersions(); ++v) { String versionName = buildVersionName(name, v); try {
throw new IOException("Key " + name + " does not exist in " + this); for(int v=0; v < meta.getVersions(); ++v) { String versionName = buildVersionName(name, v); try {
throw new IOException("Key " + name + " does not exist in " + this); for(int v=0; v < meta.getVersions(); ++v) { String versionName = buildVersionName(name, v); try {
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
/** * Compares two encryption key strengths. * * @param keyname1 Keyname to compare * @param keyname2 Keyname to compare * @return 1 if path1 is stronger; 0 if paths are equals; -1 if path1 is weaker. * @throws IOException If an error occurred attempting to get key metadata */ private int compareKeyStrength(String keyname1, String keyname2) throws IOException { KeyProvider.Metadata meta1, meta2; if (keyProvider == null) { throw new IOException("HDFS security key provider is not configured on your server."); } meta1 = keyProvider.getMetadata(keyname1); meta2 = keyProvider.getMetadata(keyname2); if (meta1.getBitLength() < meta2.getBitLength()) { return -1; } else if (meta1.getBitLength() == meta2.getBitLength()) { return 0; } else { return 1; } } }