Author: szetszwo Date: Fri Jul 18 17:57:51 2014 New Revision: 1611736 URL: http://svn.apache.org/r1611736 Log: Merge r1609845 through r1611734 from tunk.
Modified: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt (contents, props changed) hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/ (props changed) hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java Modified: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1611736&r1=1611735&r2=1611736&view=diff ============================================================================== --- hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt Fri Jul 18 17:57:51 2014 @@ -177,6 +177,12 @@ Trunk (Unreleased) HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh) + HADOOP-10841. EncryptedKeyVersion should have a key name property. + (asuresh via tucu) + + HADOOP-10842. CryptoExtension generateEncryptedKey method should + receive the key name. (asuresh via tucu) + BUG FIXES HADOOP-9451. Fault single-layer config if node group topology is enabled. Propchange: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt ------------------------------------------------------------------------------ Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1611529-1611734 Propchange: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/ ------------------------------------------------------------------------------ Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java:r1611529-1611734 Modified: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java?rev=1611736&r1=1611735&r2=1611736&view=diff ============================================================================== --- hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java (original) +++ hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java Fri Jul 18 17:57:51 2014 @@ -44,17 +44,23 @@ public class KeyProviderCryptoExtension * used to generate the encrypted Key and the encrypted KeyVersion */ public static class EncryptedKeyVersion { + private String keyName; private String keyVersionName; private byte[] iv; private KeyVersion encryptedKey; - protected EncryptedKeyVersion(String keyVersionName, byte[] iv, - KeyVersion encryptedKey) { + protected EncryptedKeyVersion(String keyName, String keyVersionName, + byte[] iv, KeyVersion encryptedKey) { + this.keyName = keyName; this.keyVersionName = keyVersionName; this.iv = iv; this.encryptedKey = encryptedKey; } + public String getKeyName() { + return keyName; + } + public String getKeyVersionName() { return keyVersionName; } @@ -78,14 +84,13 @@ public class KeyProviderCryptoExtension /** * Generates a key material and encrypts it using the given key version name * and initialization vector. The generated key material is of the same - * length as the <code>KeyVersion</code> material and is encrypted using the - * same cipher. + * length as the <code>KeyVersion</code> material of the latest key version + * of the key and is encrypted using the same cipher. * <p/> * NOTE: The generated key is not stored by the <code>KeyProvider</code> * - * @param encryptionKeyVersion - * a KeyVersion object containing the keyVersion name and material - * to encrypt. + * @param encryptionKeyName + * The latest KeyVersion of this key's material will be encrypted. * @return EncryptedKeyVersion with the generated key material, the version * name is 'EEK' (for Encrypted Encryption Key) * @throws IOException @@ -95,7 +100,7 @@ public class KeyProviderCryptoExtension * cryptographic issue. */ public EncryptedKeyVersion generateEncryptedKey( - KeyVersion encryptionKeyVersion) throws IOException, + String encryptionKeyName) throws IOException, GeneralSecurityException; /** @@ -140,12 +145,11 @@ public class KeyProviderCryptoExtension } @Override - public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion) + public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException { - KeyVersion keyVer = - keyProvider.getKeyVersion(keyVersion.getVersionName()); - Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist", - keyVersion.getVersionName()); + KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName); + Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ", + encryptionKeyName); byte[] newKey = new byte[keyVer.getMaterial().length]; SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); @@ -153,7 +157,8 @@ public class KeyProviderCryptoExtension cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(), "AES"), new IvParameterSpec(flipIV(iv))); byte[] ek = cipher.doFinal(newKey); - return new EncryptedKeyVersion(keyVersion.getVersionName(), iv, + return new EncryptedKeyVersion(encryptionKeyName, + keyVer.getVersionName(), iv, new KeyVersion(keyVer.getName(), EEK, ek)); } @@ -190,18 +195,18 @@ public class KeyProviderCryptoExtension * <p/> * NOTE: The generated key is not stored by the <code>KeyProvider</code> * - * @param encryptionKey a KeyVersion object containing the keyVersion name and - * material to encrypt. + * @param encryptionKeyName The latest KeyVersion of this key's material will + * be encrypted. * @return EncryptedKeyVersion with the generated key material, the version * name is 'EEK' (for Encrypted Encryption Key) * @throws IOException thrown if the key material could not be generated * @throws GeneralSecurityException thrown if the key material could not be * encrypted because of a cryptographic issue. */ - public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey) + public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException { - return getExtension().generateEncryptedKey(encryptionKey); + return getExtension().generateEncryptedKey(encryptionKeyName); } /** Modified: hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java?rev=1611736&r1=1611735&r2=1611736&view=diff ============================================================================== --- hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java (original) +++ hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java Fri Jul 18 17:57:51 2014 @@ -42,9 +42,10 @@ public class TestKeyProviderCryptoExtens KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); KeyProviderCryptoExtension.EncryptedKeyVersion ek1 = - kpExt.generateEncryptedKey(kv); + kpExt.generateEncryptedKey(kv.getName()); Assert.assertEquals(KeyProviderCryptoExtension.EEK, ek1.getEncryptedKey().getVersionName()); + Assert.assertEquals("foo", ek1.getKeyName()); Assert.assertNotNull(ek1.getEncryptedKey().getMaterial()); Assert.assertEquals(kv.getMaterial().length, ek1.getEncryptedKey().getMaterial().length); @@ -55,7 +56,7 @@ public class TestKeyProviderCryptoExtens Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length); KeyProviderCryptoExtension.EncryptedKeyVersion ek2 = - kpExt.generateEncryptedKey(kv); + kpExt.generateEncryptedKey(kv.getName()); KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2); boolean eq = true; for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) {