/** * Get crypto codec for algorithm/mode/padding in config value * hadoop.security.crypto.cipher.suite * * @param conf * the configuration * @return CryptoCodec the codec object Null value will be returned if no * crypto codec classes with cipher suite configured. */ public static CryptoCodec getInstance(Configuration conf) { String name = conf.get(HADOOP_SECURITY_CRYPTO_CIPHER_SUITE_KEY, HADOOP_SECURITY_CRYPTO_CIPHER_SUITE_DEFAULT); return getInstance(conf, CipherSuite.convert(name)); }
@Override public Encryptor createEncryptor(Configuration conf, FileEncryptionInfo feInfo, DFSClient client) throws IOException { try { KeyVersion decryptedKey = (KeyVersion) decryptEncryptedDataEncryptionKeyMethod.invoke(client, feInfo); CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf, feInfo.getCipherSuite()); Encryptor encryptor = cryptoCodec.createEncryptor(); encryptor.init(decryptedKey.getMaterial(), feInfo.getIV()); return encryptor; } catch (InvocationTargetException e) { Throwables.propagateIfPossible(e.getTargetException(), IOException.class); throw new RuntimeException(e.getTargetException()); } catch (GeneralSecurityException e) { throw new IOException(e); } catch (IllegalAccessException e) { throw new RuntimeException(e); } } };
@Override public Encryptor createEncryptor(Configuration conf, FileEncryptionInfo feInfo, DFSClient client) throws IOException { try { KeyVersion decryptedKey = (KeyVersion) decryptEncryptedDataEncryptionKeyMethod .invoke(null, feInfo, client.getKeyProvider()); CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf, feInfo.getCipherSuite()); Encryptor encryptor = cryptoCodec.createEncryptor(); encryptor.init(decryptedKey.getMaterial(), feInfo.getIV()); return encryptor; } catch (InvocationTargetException e) { Throwables.propagateIfPossible(e.getTargetException(), IOException.class); throw new RuntimeException(e.getTargetException()); } catch (GeneralSecurityException e) { throw new IOException(e); } catch (IllegalAccessException e) { throw new RuntimeException(e); } } };
@Override public KeyVersion decryptEncryptedKey( EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException { // Fetch the encryption key material final String encryptionKeyVersionName = encryptedKeyVersion.getEncryptionKeyVersionName(); final KeyVersion encryptionKey = keyProvider.getKeyVersion(encryptionKeyVersionName); Preconditions .checkNotNull(encryptionKey, "KeyVersion name '%s' does not exist", encryptionKeyVersionName); Preconditions.checkArgument( encryptedKeyVersion.getEncryptedKeyVersion().getVersionName() .equals(KeyProviderCryptoExtension.EEK), "encryptedKey version name must be '%s', but found '%s'", KeyProviderCryptoExtension.EEK, encryptedKeyVersion.getEncryptedKeyVersion().getVersionName()); try (CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf())) { final Decryptor decryptor = cc.createDecryptor(); return decryptEncryptedKey(decryptor, encryptionKey, encryptedKeyVersion); } }
Decryptor decryptor = null; Encryptor encryptor = null; try (CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf())) { decryptor = cc.createDecryptor(); encryptor = cc.createEncryptor();
@Override public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException { // Fetch the encryption key KeyVersion encryptionKey = keyProvider.getCurrentKey(encryptionKeyName); Preconditions.checkNotNull(encryptionKey, "No KeyVersion exists for key '%s' ", encryptionKeyName); // Generate random bytes for new key and IV CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf()); try { final byte[] newKey = new byte[encryptionKey.getMaterial().length]; cc.generateSecureRandom(newKey); final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()]; cc.generateSecureRandom(iv); Encryptor encryptor = cc.createEncryptor(); return generateEncryptedKey(encryptor, encryptionKey, newKey, iv); } finally { cc.close(); } }
@Override public EncryptedKeyVersion reencryptEncryptedKey(EncryptedKeyVersion ekv) throws IOException, GeneralSecurityException { final String ekName = ekv.getEncryptionKeyName(); final KeyVersion ekNow = keyProvider.getCurrentKey(ekName); Preconditions .checkNotNull(ekNow, "KeyVersion name '%s' does not exist", ekName); Preconditions.checkArgument(ekv.getEncryptedKeyVersion().getVersionName() .equals(KeyProviderCryptoExtension.EEK), "encryptedKey version name must be '%s', but found '%s'", KeyProviderCryptoExtension.EEK, ekv.getEncryptedKeyVersion().getVersionName()); if (ekv.getEncryptedKeyVersion().equals(ekNow)) { // no-op if same key version return ekv; } final KeyVersion dek = decryptEncryptedKey(ekv); final CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf()); try { final Encryptor encryptor = cc.createEncryptor(); return generateEncryptedKey(encryptor, ekNow, dek.getMaterial(), ekv.getEncryptedKeyIv()); } finally { cc.close(); } }
CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite()); p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()), new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); }
public static int cryptoPadding(Configuration conf) { // Sizeof(IV) + long(start-offset) return isEncryptedSpillEnabled(conf) ? CryptoCodec.getInstance(conf) .getCipherSuite().getAlgorithmBlockSize() + 8 : 0; }
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); }
public static int cryptoPadding(Configuration conf) { // Sizeof(IV) + long(start-offset) return isEncryptedSpillEnabled(conf) ? CryptoCodec.getInstance(conf) .getCipherSuite().getAlgorithmBlockSize() + 8 : 0; }
public static int cryptoPadding(Configuration conf) { // Sizeof(IV) + long(start-offset) return isEncryptedSpillEnabled(conf) ? CryptoCodec.getInstance(conf) .getCipherSuite().getAlgorithmBlockSize() + 8 : 0; }
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); }
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); }
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); conf = new Configuration(false); conf.set("fs.file.impl", LocalFileSystem.class.getName()); fileSys = FileSystem.getLocal(conf); conf.set( CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + CipherSuite.AES_CTR_NOPADDING.getConfigSuffix(), OpensslAesCtrCryptoCodec.class.getName() + "," + JceAesCtrCryptoCodec.class.getName()); codec = CryptoCodec.getInstance(conf); }
@BeforeClass public static void init() throws Exception { Configuration conf = new Configuration(); conf = new Configuration(false); conf.set("fs.file.impl", LocalFileSystem.class.getName()); fileSys = FileSystem.getLocal(conf); conf.set( CommonConfigurationKeysPublic.HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX + CipherSuite.AES_CTR_NOPADDING.getConfigSuffix(), OpensslAesCtrCryptoCodec.class.getName() + "," + JceAesCtrCryptoCodec.class.getName()); codec = CryptoCodec.getInstance(conf); }
@BeforeClass public static void init() throws Exception { GenericTestUtils.assumeInNativeProfile(); Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); } }
@BeforeClass public static void init() throws Exception { GenericTestUtils.assumeInNativeProfile(); Configuration conf = new Configuration(); codec = CryptoCodec.getInstance(conf); } }
@BeforeClass public static void init() throws Exception { Configuration conf = new HdfsConfiguration(); dfsCluster = new MiniDFSCluster.Builder(conf).build(); dfsCluster.waitClusterUp(); fs = dfsCluster.getFileSystem(); codec = CryptoCodec.getInstance(conf); }