Repository: incubator-ranger Updated Branches: refs/heads/master 7993a622e -> f0cae730a
RANGER-1141 : Null pointer exception while retrieving the key during copy file Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f0cae730 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f0cae730 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f0cae730 Branch: refs/heads/master Commit: f0cae730a8cfba87a5396bf8b6914ba132908c02 Parents: 7993a62 Author: Ankita Sinha <[email protected]> Authored: Tue Aug 9 10:45:28 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Aug 10 17:21:18 2016 +0530 ---------------------------------------------------------------------- .../kms/server/KeyAuthorizationKeyProvider.java | 131 ++++++++++++++----- 1 file changed, 98 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f0cae730/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java index 23bf95c..2753ac6 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java @@ -23,6 +23,9 @@ import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.util.List; import java.util.Map; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; import org.apache.hadoop.crypto.key.KeyProvider; import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension; @@ -94,6 +97,8 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { private final KeyProviderCryptoExtension provider; private final KeyACLs acls; + private Lock readLock; + private Lock writeLock; /** * The constructor takes a {@link KeyProviderCryptoExtension} and an @@ -107,6 +112,9 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { super(keyProvider, null); this.provider = keyProvider; this.acls = acls; + ReadWriteLock lock = new ReentrantReadWriteLock(true); + readLock = lock.readLock(); + writeLock = lock.writeLock(); } // This method first checks if "key.acl.name" attribute is present as an @@ -157,50 +165,85 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { @Override public KeyVersion createKey(String name, Options options) throws NoSuchAlgorithmException, IOException { - authorizeCreateKey(name, options, getUser()); - return provider.createKey(name, options); + writeLock.lock(); + try { + authorizeCreateKey(name, options, getUser()); + return provider.createKey(name, options); + } finally { + writeLock.unlock(); + } } @Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { - authorizeCreateKey(name, options, getUser()); - return provider.createKey(name, material, options); + writeLock.lock(); + try { + authorizeCreateKey(name, options, getUser()); + return provider.createKey(name, material, options); + } finally { + writeLock.unlock(); + } } @Override public KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException { - doAccessCheck(name, KeyOpType.MANAGEMENT); - return provider.rollNewVersion(name); + writeLock.lock(); + try { + doAccessCheck(name, KeyOpType.MANAGEMENT); + return provider.rollNewVersion(name); + } finally { + writeLock.unlock(); + } } @Override public void deleteKey(String name) throws IOException { - doAccessCheck(name, KeyOpType.MANAGEMENT); - provider.deleteKey(name); + writeLock.lock(); + try { + doAccessCheck(name, KeyOpType.MANAGEMENT); + provider.deleteKey(name); + } finally { + writeLock.unlock(); + } } @Override public KeyVersion rollNewVersion(String name, byte[] material) throws IOException { - doAccessCheck(name, KeyOpType.MANAGEMENT); - return provider.rollNewVersion(name, material); + writeLock.lock(); + try { + doAccessCheck(name, KeyOpType.MANAGEMENT); + return provider.rollNewVersion(name, material); + } finally { + writeLock.unlock(); + } } @Override public void warmUpEncryptedKeys(String... names) throws IOException { - for (String name : names) { - doAccessCheck(name, KeyOpType.GENERATE_EEK); - } - provider.warmUpEncryptedKeys(names); + readLock.lock(); + try { + for (String name : names) { + doAccessCheck(name, KeyOpType.GENERATE_EEK); + } + provider.warmUpEncryptedKeys(names); + } finally { + readLock.unlock(); + } } @Override public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException { - doAccessCheck(encryptionKeyName, KeyOpType.GENERATE_EEK); - return provider.generateEncryptedKey(encryptionKeyName); + readLock.lock(); + try { + doAccessCheck(encryptionKeyName, KeyOpType.GENERATE_EEK); + return provider.generateEncryptedKey(encryptionKeyName); + } finally { + readLock.unlock(); + } } private void verifyKeyVersionBelongsToKey(EncryptedKeyVersion ekv) @@ -208,6 +251,9 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { String kn = ekv.getEncryptionKeyName(); String kvn = ekv.getEncryptionKeyVersionName(); KeyVersion kv = provider.getKeyVersion(kvn); + if (kv == null) { + throw new IllegalArgumentException(String.format("'%s' not found", kvn)); + } if (!kv.getName().equals(kn)) { throw new IllegalArgumentException(String.format( "KeyVersion '%s' does not belong to the key '%s'", kvn, kn)); @@ -217,19 +263,23 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { @Override public KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException { - verifyKeyVersionBelongsToKey(encryptedKeyVersion); - doAccessCheck( - encryptedKeyVersion.getEncryptionKeyName(), KeyOpType.DECRYPT_EEK); - return provider.decryptEncryptedKey(encryptedKeyVersion); + readLock.lock(); + try { + verifyKeyVersionBelongsToKey(encryptedKeyVersion); + doAccessCheck(encryptedKeyVersion.getEncryptionKeyName(), KeyOpType.DECRYPT_EEK); + return provider.decryptEncryptedKey(encryptedKeyVersion); + } finally { + readLock.unlock(); + } } @Override public KeyVersion getKeyVersion(String versionName) throws IOException { - KeyVersion keyVersion = provider.getKeyVersion(versionName); - if (keyVersion != null) { - doAccessCheck(keyVersion.getName(), KeyOpType.READ); - } - return keyVersion; + KeyVersion keyVersion = provider.getKeyVersion(versionName); + if (keyVersion != null) { + doAccessCheck(keyVersion.getName(), KeyOpType.READ); + } + return keyVersion; } @Override @@ -239,8 +289,13 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { @Override public List<KeyVersion> getKeyVersions(String name) throws IOException { - doAccessCheck(name, KeyOpType.READ); - return provider.getKeyVersions(name); + readLock.lock(); + try { + doAccessCheck(name, KeyOpType.READ); + return provider.getKeyVersions(name); + }finally { + readLock.unlock(); + } } @Override @@ -251,16 +306,26 @@ public class KeyAuthorizationKeyProvider extends KeyProviderCryptoExtension { @Override public Metadata[] getKeysMetadata(String... names) throws IOException { - for (String name : names) { - doAccessCheck(name, KeyOpType.READ); - } - return provider.getKeysMetadata(names); + readLock.lock(); + try { + for (String name : names) { + doAccessCheck(name, KeyOpType.READ); + } + return provider.getKeysMetadata(names); + } finally { + readLock.unlock(); + } } @Override public KeyVersion getCurrentKey(String name) throws IOException { - doAccessCheck(name, KeyOpType.READ); - return provider.getCurrentKey(name); + readLock.lock(); + try { + doAccessCheck(name, KeyOpType.READ); + return provider.getCurrentKey(name); + } finally { + readLock.unlock(); + } } @Override
