options.setAttributes(attributes);
private void authorizeCreateKey(String keyName, Options options, UserGroupInformation ugi) throws IOException{ Preconditions.checkNotNull(ugi, "UserGroupInformation cannot be null"); Map<String, String> attributes = options.getAttributes(); String aclName = attributes.get(KEY_ACL_NAME); boolean success = false; if (Strings.isNullOrEmpty(aclName)) { if (acls.isACLPresent(keyName, KeyOpType.MANAGEMENT)) { options.setAttributes(ImmutableMap.<String, String> builder() .putAll(attributes).put(KEY_ACL_NAME, keyName).build()); success = acls.hasAccessToKey(keyName, ugi, KeyOpType.MANAGEMENT) || acls.hasAccessToKey(keyName, ugi, KeyOpType.ALL); } else { success = false; } } else { success = acls.isACLPresent(aclName, KeyOpType.MANAGEMENT) && (acls.hasAccessToKey(aclName, ugi, KeyOpType.MANAGEMENT) || acls.hasAccessToKey(aclName, ugi, KeyOpType.ALL)); } if (!success) throw new AuthorizationException(String.format("User [%s] is not" + " authorized to create key !!", ugi.getShortUserName())); }
options.setAttributes(attributes);
options.setBitLength(128); attributes.put("key.acl.name", "k4"); options.setAttributes(attributes); kp.createKey("k4", options); meta = kp.getMetadata("k4"); options.setDescription("d"); attributes.put("key.acl.name", "k5"); options.setAttributes(attributes); kp.createKey("k5", options); meta = kp.getMetadata("k5");
options.setBitLength(128); attributes.put("key.acl.name", "k4"); options.setAttributes(attributes); kp.createKey("k4", options); meta = kp.getMetadata("k4"); options.setDescription("d"); attributes.put("key.acl.name", "k5"); options.setAttributes(attributes); kp.createKey("k5", options); meta = kp.getMetadata("k5");
options.setAttributes(attributes);
options.setAttributes(attributes);
options.setAttributes(attributes);
options.setAttributes(attributes);
options.setAttributes(properties); byte[] buff = data.getBytes(Charsets.UTF_8); options.setBitLength(buff.length * Byte.SIZE);
@Override public KeyVersion run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); try { KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); kpExt.deleteKey(kv.getName()); } catch (IOException ioe) { Assert.fail("User should be Authorized !!"); } KeyVersion retkv = null; try { retkv = kpExt.createKey("bar", SecureRandom.getSeed(16), opt); kpExt.generateEncryptedKey(retkv.getName()); Assert.fail("User should NOT be Authorized to generate EEK !!"); } catch (IOException ioe) { } Assert.assertNotNull(retkv); return retkv; } }
@Override public KeyVersion run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); try { KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); kpExt.deleteKey(kv.getName()); } catch (IOException ioe) { Assert.fail("User should be Authorized !!"); } KeyVersion retkv = null; try { retkv = kpExt.createKey("bar", SecureRandom.getSeed(16), opt); kpExt.generateEncryptedKey(retkv.getName()); Assert.fail("User should NOT be Authorized to generate EEK !!"); } catch (IOException ioe) { } Assert.assertNotNull(retkv); return retkv; } }
@Test public void testOptions() throws Exception { Configuration conf = new Configuration(); conf.set(KeyProvider.DEFAULT_CIPHER_NAME, "myCipher"); conf.setInt(KeyProvider.DEFAULT_BITLENGTH_NAME, 512); Map<String, String> attributes = new HashMap<String, String>(); attributes.put("a", "A"); KeyProvider.Options options = KeyProvider.options(conf); assertEquals("myCipher", options.getCipher()); assertEquals(512, options.getBitLength()); options.setCipher("yourCipher"); options.setDescription("description"); options.setAttributes(attributes); options.setBitLength(128); assertEquals("yourCipher", options.getCipher()); assertEquals(128, options.getBitLength()); assertEquals("description", options.getDescription()); assertEquals(attributes, options.getAttributes()); options = KeyProvider.options(new Configuration()); assertEquals(KeyProvider.DEFAULT_CIPHER, options.getCipher()); assertEquals(KeyProvider.DEFAULT_BITLENGTH, options.getBitLength()); }
@Override public Void run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); ekv = EncryptedKeyVersion.createForDecryption( ekv.getEncryptionKeyName() + "x", ekv.getEncryptionKeyVersionName(), ekv.getEncryptedKeyIv(), ekv.getEncryptedKeyVersion().getMaterial()); kpExt.decryptEncryptedKey(ekv); return null; } }
@Override public Void run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); ekv = EncryptedKeyVersion.createForDecryption( ekv.getEncryptionKeyName() + "x", ekv.getEncryptionKeyVersionName(), ekv.getEncryptedKeyIv(), ekv.getEncryptedKeyVersion().getMaterial()); kpExt.decryptEncryptedKey(ekv); return null; } }
@Override public Void run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); try { KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); kpExt.decryptEncryptedKey(ekv); kpExt.deleteKey(kv.getName()); } catch (IOException ioe) { Assert.fail("User should be Allowed to do everything !!"); } return null; } }
@Test public void testOptions() throws Exception { Configuration conf = new Configuration(); conf.set(KeyProvider.DEFAULT_CIPHER_NAME, "myCipher"); conf.setInt(KeyProvider.DEFAULT_BITLENGTH_NAME, 512); Map<String, String> attributes = new HashMap<String, String>(); attributes.put("a", "A"); KeyProvider.Options options = KeyProvider.options(conf); assertEquals("myCipher", options.getCipher()); assertEquals(512, options.getBitLength()); options.setCipher("yourCipher"); options.setDescription("description"); options.setAttributes(attributes); options.setBitLength(128); assertEquals("yourCipher", options.getCipher()); assertEquals(128, options.getBitLength()); assertEquals("description", options.getDescription()); assertEquals(attributes, options.getAttributes()); options = KeyProvider.options(new Configuration()); assertEquals(KeyProvider.DEFAULT_CIPHER, options.getCipher()); assertEquals(KeyProvider.DEFAULT_BITLENGTH, options.getBitLength()); }
@Override public Void run() throws Exception { Options opt = newOptions(conf); Map<String, String> m = new HashMap<String, String>(); m.put("key.acl.name", "testKey"); opt.setAttributes(m); try { KeyVersion kv = kpExt.createKey("foo", SecureRandom.getSeed(16), opt); kpExt.rollNewVersion(kv.getName()); kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); kpExt.decryptEncryptedKey(ekv); kpExt.deleteKey(kv.getName()); } catch (IOException ioe) { Assert.fail("User should be Allowed to do everything !!"); } return null; } }