Author: tucu
Date: Thu Aug 21 19:00:03 2014
New Revision: 1619551
URL: http://svn.apache.org/r1619551
Log:
HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey performance.
(hitliuyi via tucu)
Conflicts:
hadoop-common-project/hadoop-common/CHANGES.txt
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1619551&r1=1619550&r2=1619551&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
Thu Aug 21 19:00:03 2014
@@ -300,6 +300,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
(asuresh via tucu)
+ HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey
+ performance. (hitliuyi via tucu)
+
Release 2.5.0 - 2014-08-11
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java?rev=1619551&r1=1619550&r2=1619551&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
Thu Aug 21 19:00:03 2014
@@ -219,6 +219,13 @@ public class KeyProviderCryptoExtension
private static class DefaultCryptoExtension implements CryptoExtension {
private final KeyProvider keyProvider;
+ private static final ThreadLocal<SecureRandom> RANDOM =
+ new ThreadLocal<SecureRandom>() {
+ @Override
+ protected SecureRandom initialValue() {
+ return new SecureRandom();
+ }
+ };
private DefaultCryptoExtension(KeyProvider keyProvider) {
this.keyProvider = keyProvider;
@@ -233,10 +240,10 @@ public class KeyProviderCryptoExtension
"No KeyVersion exists for key '%s' ", encryptionKeyName);
// Generate random bytes for new key and IV
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
final byte[] newKey = new byte[encryptionKey.getMaterial().length];
- random.nextBytes(newKey);
- final byte[] iv = random.generateSeed(cipher.getBlockSize());
+ RANDOM.get().nextBytes(newKey);
+ final byte[] iv = new byte[cipher.getBlockSize()];
+ RANDOM.get().nextBytes(iv);
// Encryption key IV is derived from new key's IV
final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
// Encrypt the new key
