Author: wang
Date: Tue Aug 5 02:32:44 2014
New Revision: 1615850
URL: http://svn.apache.org/r1615850
Log:
HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java
hadoop/common/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1615850&r1=1615849&r2=1615850&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Tue Aug
5 02:32:44 2014
@@ -197,6 +197,8 @@ Trunk (Unreleased)
HADOOP-10793. KeyShell args should use single-dash style. (wang)
+ HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
+
BUG FIXES
HADOOP-9451. Fault single-layer config if node group topology is enabled.
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java?rev=1615850&r1=1615849&r2=1615850&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
Tue Aug 5 02:32:44 2014
@@ -54,7 +54,7 @@ public abstract class KeyProvider {
public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding";
public static final String DEFAULT_BITLENGTH_NAME =
"hadoop.security.key.default.bitlength";
- public static final int DEFAULT_BITLENGTH = 256;
+ public static final int DEFAULT_BITLENGTH = 128;
/**
* The combination of both the key version name and the key material.
@@ -341,6 +341,16 @@ public abstract class KeyProvider {
public Map<String, String> getAttributes() {
return (attributes == null) ? Collections.EMPTY_MAP : attributes;
}
+
+ @Override
+ public String toString() {
+ return "Options{" +
+ "cipher='" + cipher + '\'' +
+ ", bitLength=" + bitLength +
+ ", description='" + description + '\'' +
+ ", attributes=" + attributes +
+ '}';
+ }
}
/**
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java?rev=1615850&r1=1615849&r2=1615850&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
Tue Aug 5 02:32:44 2014
@@ -445,7 +445,7 @@ public class KeyShell extends Configured
"by the <keyname> argument within the provider specified by the\n" +
"-provider argument. You may specify a cipher with the -cipher\n" +
"argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" +
- "The default keysize is 256. You may specify the requested key\n" +
+ "The default keysize is 128. You may specify the requested key\n" +
"length using the -size argument. Arbitrary attribute=value\n" +
"style attributes may be specified using the -attr argument.\n" +
"-attr may be specified multiple times, once per attribute.\n";
@@ -479,7 +479,8 @@ public class KeyShell extends Configured
warnIfTransientProvider();
try {
provider.createKey(keyName, options);
- out.println(keyName + " has been successfully created.");
+ out.println(keyName + " has been successfully created with options "
+ + options.toString() + ".");
provider.flush();
printProviderWritten();
} catch (InvalidParameterException e) {
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java?rev=1615850&r1=1615849&r2=1615850&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java
Tue Aug 5 02:32:44 2014
@@ -110,7 +110,7 @@ public class TestKeyShell {
rc = ks.run(args1);
assertEquals(0, rc);
assertTrue(outContent.toString().contains(keyName + " has been " +
- "successfully created."));
+ "successfully created"));
String listOut = listKeys(ks, false);
assertTrue(listOut.contains(keyName));
@@ -145,7 +145,7 @@ public class TestKeyShell {
rc = ks.run(args1);
assertEquals(0, rc);
assertTrue(outContent.toString().contains("key1 has been successfully " +
- "created."));
+ "created"));
String listOut = listKeys(ks, true);
assertTrue(listOut.contains("description"));
@@ -233,7 +233,7 @@ public class TestKeyShell {
rc = ks.run(args1);
assertEquals(0, rc);
assertTrue(outContent.toString().contains(keyName + " has been " +
- "successfully " + "created."));
+ "successfully created"));
deleteKey(ks, keyName);
}
@@ -250,7 +250,7 @@ public class TestKeyShell {
rc = ks.run(args1);
assertEquals(0, rc);
assertTrue(outContent.toString().contains("keyattr1 has been " +
- "successfully " + "created."));
+ "successfully created"));
/* ...and list to see that we have the attr */
String listOut = listKeys(ks, true);
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java?rev=1615850&r1=1615849&r2=1615850&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
Tue Aug 5 02:32:44 2014
@@ -181,12 +181,19 @@ public class KMSWebApp implements Servle
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis,
currKeyTimeOutMillis);
}
+ LOG.info("Initialized KeyProvider " + keyProvider);
+
keyProviderCryptoExtension = KeyProviderCryptoExtension.
createKeyProviderCryptoExtension(keyProvider);
keyProviderCryptoExtension =
new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf,
keyProviderCryptoExtension);
-
+ LOG.info("Initialized KeyProviderCryptoExtension "
+ + keyProviderCryptoExtension);
+ final int defaultBitlength = kmsConf
+ .getInt(KeyProvider.DEFAULT_BITLENGTH_NAME,
+ KeyProvider.DEFAULT_BITLENGTH);
+ LOG.info("Default key bitlength is {}", defaultBitlength);
LOG.info("KMS Started");
} catch (Throwable ex) {
System.out.println();
