svn commit: r1611736 - in /hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common: ./ src/main/java/ src/main/java/org/apache/hadoop/crypto/key/ src/test/java/org/apache/hadoop/crypto/key/

Fri, 18 Jul 2014 11:08:31 -0700 

Author: szetszwo
Date: Fri Jul 18 17:57:51 2014
New Revision: 1611736

URL: http://svn.apache.org/r1611736
Log:
Merge r1609845 through r1611734 from tunk.

Modified:
    
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt
   (contents, props changed)
    
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/
   (props changed)
    
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
    
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java

Modified: 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1611736&r1=1611735&r2=1611736&view=diff
==============================================================================
--- 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt
 (original)
+++ 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt
 Fri Jul 18 17:57:51 2014
@@ -177,6 +177,12 @@ Trunk (Unreleased)
 
     HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via 
umamahesh)
 
+    HADOOP-10841. EncryptedKeyVersion should have a key name property. 
+    (asuresh via tucu)
+
+    HADOOP-10842. CryptoExtension generateEncryptedKey method should 
+    receive the key name. (asuresh via tucu)
+
   BUG FIXES
 
     HADOOP-9451. Fault single-layer config if node group topology is enabled.

Propchange: 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/CHANGES.txt
------------------------------------------------------------------------------
  Merged 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1611529-1611734

Propchange: 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/
------------------------------------------------------------------------------
  Merged 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java:r1611529-1611734

Modified: 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java?rev=1611736&r1=1611735&r2=1611736&view=diff
==============================================================================
--- 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
 (original)
+++ 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
 Fri Jul 18 17:57:51 2014
@@ -44,17 +44,23 @@ public class KeyProviderCryptoExtension 
    * used to generate the encrypted Key and the encrypted KeyVersion
    */
   public static class EncryptedKeyVersion {
+    private String keyName;
     private String keyVersionName;
     private byte[] iv;
     private KeyVersion encryptedKey;
 
-    protected EncryptedKeyVersion(String keyVersionName, byte[] iv,
-        KeyVersion encryptedKey) {
+    protected EncryptedKeyVersion(String keyName, String keyVersionName,
+        byte[] iv, KeyVersion encryptedKey) {
+      this.keyName = keyName;
       this.keyVersionName = keyVersionName;
       this.iv = iv;
       this.encryptedKey = encryptedKey;
     }
 
+    public String getKeyName() {
+      return keyName;
+    }
+
     public String getKeyVersionName() {
       return keyVersionName;
     }
@@ -78,14 +84,13 @@ public class KeyProviderCryptoExtension 
     /**
      * Generates a key material and encrypts it using the given key version 
name
      * and initialization vector. The generated key material is of the same
-     * length as the <code>KeyVersion</code> material and is encrypted using 
the
-     * same cipher.
+     * length as the <code>KeyVersion</code> material of the latest key version
+     * of the key and is encrypted using the same cipher.
      * <p/>
      * NOTE: The generated key is not stored by the <code>KeyProvider</code>
      * 
-     * @param encryptionKeyVersion
-     *          a KeyVersion object containing the keyVersion name and material
-     *          to encrypt.
+     * @param encryptionKeyName
+     *          The latest KeyVersion of this key's material will be encrypted.
      * @return EncryptedKeyVersion with the generated key material, the version
      *         name is 'EEK' (for Encrypted Encryption Key)
      * @throws IOException
@@ -95,7 +100,7 @@ public class KeyProviderCryptoExtension 
      *           cryptographic issue.
      */
     public EncryptedKeyVersion generateEncryptedKey(
-        KeyVersion encryptionKeyVersion) throws IOException,
+        String encryptionKeyName) throws IOException,
         GeneralSecurityException;
 
     /**
@@ -140,12 +145,11 @@ public class KeyProviderCryptoExtension 
     }
 
     @Override
-    public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
+    public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
         throws IOException, GeneralSecurityException {
-      KeyVersion keyVer =
-          keyProvider.getKeyVersion(keyVersion.getVersionName());
-      Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist",
-          keyVersion.getVersionName());
+      KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName);
+      Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ",
+          encryptionKeyName);
       byte[] newKey = new byte[keyVer.getMaterial().length];
       SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey);
       Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
@@ -153,7 +157,8 @@ public class KeyProviderCryptoExtension 
       cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(),
           "AES"), new IvParameterSpec(flipIV(iv)));
       byte[] ek = cipher.doFinal(newKey);
-      return new EncryptedKeyVersion(keyVersion.getVersionName(), iv,
+      return new EncryptedKeyVersion(encryptionKeyName,
+          keyVer.getVersionName(), iv,
           new KeyVersion(keyVer.getName(), EEK, ek));
     }
 
@@ -190,18 +195,18 @@ public class KeyProviderCryptoExtension 
    * <p/>
    * NOTE: The generated key is not stored by the <code>KeyProvider</code>
    *
-   * @param encryptionKey a KeyVersion object containing the keyVersion name 
and 
-   * material to encrypt.
+   * @param encryptionKeyName The latest KeyVersion of this key's material will
+   * be encrypted.
    * @return EncryptedKeyVersion with the generated key material, the version
    * name is 'EEK' (for Encrypted Encryption Key)
    * @throws IOException thrown if the key material could not be generated
    * @throws GeneralSecurityException thrown if the key material could not be 
    * encrypted because of a cryptographic issue.
    */
-  public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey) 
+  public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
       throws IOException,
                                            GeneralSecurityException {
-    return getExtension().generateEncryptedKey(encryptionKey);
+    return getExtension().generateEncryptedKey(encryptionKeyName);
   }
 
   /**

Modified: 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java?rev=1611736&r1=1611735&r2=1611736&view=diff
==============================================================================
--- 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
 (original)
+++ 
hadoop/common/branches/HDFS-6584/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
 Fri Jul 18 17:57:51 2014
@@ -42,9 +42,10 @@ public class TestKeyProviderCryptoExtens
         KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);
     
     KeyProviderCryptoExtension.EncryptedKeyVersion ek1 = 
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
     Assert.assertEquals(KeyProviderCryptoExtension.EEK, 
         ek1.getEncryptedKey().getVersionName());
+    Assert.assertEquals("foo", ek1.getKeyName());
     Assert.assertNotNull(ek1.getEncryptedKey().getMaterial());
     Assert.assertEquals(kv.getMaterial().length, 
         ek1.getEncryptedKey().getMaterial().length);
@@ -55,7 +56,7 @@ public class TestKeyProviderCryptoExtens
     Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length);
 
     KeyProviderCryptoExtension.EncryptedKeyVersion ek2 = 
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
     KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2);
     boolean eq = true;
     for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) 
{

Reply via email to