Author: omalley
Date: Mon Jan 6 23:43:08 2014
New Revision: 1556072
URL: http://svn.apache.org/r1556072
Log:
HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Mon Jan
6 23:43:08 2014
@@ -108,6 +108,8 @@ Trunk (Unreleased)
HADOOP-10141. Create KeyProvider API to separate encryption key storage
from the applications. (omalley)
+ HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley)
+
BUG FIXES
HADOOP-9451. Fault single-layer config if node group topology is enabled.
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
Mon Jan 6 23:43:08 2014
@@ -36,8 +36,11 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.Enumeration;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
/**
@@ -56,6 +59,7 @@ import java.util.Map;
*/
@InterfaceAudience.Private
public class JavaKeyStoreProvider extends KeyProvider {
+ private static final String KEY_METADATA = "KeyMetadata";
public static final String SCHEME_NAME = "jceks";
public static final String KEYSTORE_PASSWORD_NAME =
"HADOOP_KEYSTORE_PASSWORD";
@@ -118,6 +122,44 @@ public class JavaKeyStoreProvider extend
}
@Override
+ public List<String> getKeys() throws IOException {
+ ArrayList<String> list = new ArrayList<String>();
+ String alias = null;
+ try {
+ Enumeration<String> e = keyStore.aliases();
+ while (e.hasMoreElements()) {
+ alias = e.nextElement();
+ // only include the metadata key names in the list of names
+ if (!alias.contains("@")) {
+ list.add(alias);
+ }
+ }
+ } catch (KeyStoreException e) {
+ throw new IOException("Can't get key " + alias + " from " + path, e);
+ }
+ return list;
+ }
+
+ @Override
+ public List<KeyVersion> getKeyVersions(String name) throws IOException {
+ List<KeyVersion> list = new ArrayList<KeyVersion>();
+ Metadata km = getMetadata(name);
+ if (km != null) {
+ int latestVersion = km.getVersions();
+ KeyVersion v = null;
+ String versionName = null;
+ for (int i = 0; i < latestVersion; i++) {
+ versionName = buildVersionName(name, i);
+ v = getKeyVersion(versionName);
+ if (v != null) {
+ list.add(v);
+ }
+ }
+ }
+ return list;
+ }
+
+ @Override
public Metadata getMetadata(String name) throws IOException {
if (cache.containsKey(name)) {
return cache.get(name);
@@ -288,7 +330,7 @@ public class JavaKeyStoreProvider extend
@Override
public String getFormat() {
- return "KeyMetadata";
+ return KEY_METADATA;
}
@Override
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
Mon Jan 6 23:43:08 2014
@@ -255,6 +255,20 @@ public abstract class KeyProvider {
) throws IOException;
/**
+ * Get the key names for all keys.
+ * @return the list of key names
+ * @throws IOException
+ */
+ public abstract List<String> getKeys() throws IOException;
+
+ /**
+ * Get the key material for all versions of a specific key name.
+ * @return the list of key material
+ * @throws IOException
+ */
+ public abstract List<KeyVersion> getKeyVersions(String name) throws
IOException;
+
+ /**
* Get the current version of the key, which should be used for encrypting
new
* data.
* @param name the base name of the key
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
Mon Jan 6 23:43:08 2014
@@ -20,8 +20,10 @@ package org.apache.hadoop.crypto.key;
import java.io.IOException;
import java.net.URI;
+import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
@@ -142,4 +144,32 @@ public class UserProvider extends KeyPro
return null;
}
}
+
+ @Override
+ public List<String> getKeys() throws IOException {
+ List<String> list = new ArrayList<String>();
+ List<Text> keys = credentials.getAllSecretKeys();
+ for (Text key : keys) {
+ if (key.find("@") == -1) {
+ list.add(key.toString());
+ }
+ }
+ return list;
+ }
+
+ @Override
+ public List<KeyVersion> getKeyVersions(String name) throws IOException {
+ List<KeyVersion> list = new ArrayList<KeyVersion>();
+ Metadata km = getMetadata(name);
+ if (km != null) {
+ int latestVersion = km.getVersions();
+ for (int i = 0; i < latestVersion; i++) {
+ KeyVersion v = getKeyVersion(buildVersionName(name, i));
+ if (v != null) {
+ list.add(v);
+ }
+ }
+ }
+ return list;
+ }
}
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
Mon Jan 6 23:43:08 2014
@@ -29,7 +29,9 @@ import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -74,15 +76,6 @@ public class Credentials implements Writ
}
/**
- * Returns the key bytes for the alias
- * @param alias the alias for the key
- * @return key for this alias
- */
- public byte[] getSecretKey(Text alias) {
- return secretKeysMap.get(alias);
- }
-
- /**
* Returns the Token object for the alias
* @param alias the alias for the Token
* @return token for this alias
@@ -117,6 +110,15 @@ public class Credentials implements Writ
public int numberOfTokens() {
return tokenMap.size();
}
+
+ /**
+ * Returns the key bytes for the alias
+ * @param alias the alias for the key
+ * @return key for this alias
+ */
+ public byte[] getSecretKey(Text alias) {
+ return secretKeysMap.get(alias);
+ }
/**
* @return number of keys in the in-memory map
@@ -143,6 +145,16 @@ public class Credentials implements Writ
}
/**
+ * Return all the secret key entries in the in-memory map
+ */
+ public List<Text> getAllSecretKeys() {
+ List<Text> list = new java.util.ArrayList<Text>();
+ list.addAll(secretKeysMap.keySet());
+
+ return list;
+ }
+
+ /**
* Convenience method for reading a token storage file, and loading the
Tokens
* therein in the passed UGI
* @param filename
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java?rev=1556072&r1=1556071&r2=1556072&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
Mon Jan 6 23:43:08 2014
@@ -21,6 +21,7 @@ import java.io.File;
import java.io.IOException;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.crypto.key.KeyProvider.KeyVersion;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
@@ -160,6 +161,16 @@ public class TestKeyProviderFactory {
provider.getCurrentKey("key4").getMaterial());
assertArrayEquals(key3, provider.getCurrentKey("key3").getMaterial());
assertEquals("key3@0", provider.getCurrentKey("key3").getVersionName());
+
+ List<String> keys = provider.getKeys();
+ assertTrue("Keys should have been returned.", keys.size() == 2);
+ assertTrue("Returned Keys should have included key3.",
keys.contains("key3"));
+ assertTrue("Returned Keys should have included key4.",
keys.contains("key4"));
+
+ List<KeyVersion> kvl = provider.getKeyVersions("key3");
+ assertTrue("KeyVersions should have been returned for key3.", kvl.size()
== 1);
+ assertTrue("KeyVersions should have included key3@0.",
kvl.get(0).getVersionName().equals("key3@0"));
+ assertArrayEquals(key3, kvl.get(0).getMaterial());
}
@Test
