sumangala-patki commented on a change in pull request #3440:
URL: https://github.com/apache/hadoop/pull/3440#discussion_r746214855
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsClient.java
##########
@@ -221,16 +223,50 @@ SharedKeyCredentials getSharedKeyCredentials() {
return requestHeaders;
}
- private void addCustomerProvidedKeyHeaders(
- final List<AbfsHttpHeader> requestHeaders) {
- if (clientProvidedEncryptionKey != null) {
- requestHeaders.add(
- new AbfsHttpHeader(X_MS_ENCRYPTION_KEY,
clientProvidedEncryptionKey));
- requestHeaders.add(new AbfsHttpHeader(X_MS_ENCRYPTION_KEY_SHA256,
- clientProvidedEncryptionKeySHA));
- requestHeaders.add(new AbfsHttpHeader(X_MS_ENCRYPTION_ALGORITHM,
- SERVER_SIDE_ENCRYPTION_ALGORITHM));
+ private void addEncryptionKeyRequestHeaders(String path,
+ List<AbfsHttpHeader> requestHeaders, boolean isCreateFileRequest,
+ EncryptionAdapter encryptionAdapter, TracingContext tracingContext)
+ throws IOException {
+ String encodedKey, encodedKeySHA256;
+ switch (encryptionType) {
+ case GLOBAL_KEY:
+ encodedKey = clientProvidedEncryptionKey;
+ encodedKeySHA256 = clientProvidedEncryptionKeySHA;
+ break;
+
+ case ENCRYPTION_CONTEXT:
+ if (isCreateFileRequest) {
+ // get new context for create file request
+ SecretKey encryptionContext =
+ encryptionAdapter.fetchEncryptionContextAndComputeKeys();
+ requestHeaders.add(new AbfsHttpHeader(X_MS_ENCRYPTION_CONTEXT,
+ new String(encryptionContext.getEncoded(),
+ StandardCharsets.UTF_8)));
+ try {
+ encryptionContext.destroy();
+ } catch (DestroyFailedException e) {
+ throw new IOException(
+ "Could not destroy encryptionContext: " + e.getMessage());
+ }
+ } else if (encryptionAdapter == null) {
+ // get encryption context from GetPathStatus response header
+ encryptionAdapter = new EncryptionAdapter(encryptionContextProvider,
+ new Path(path).toUri().getPath(),
+ getPathStatus(path, false, tracingContext).getResult()
+ .getResponseHeader(X_MS_ENCRYPTION_CONTEXT)
+ .getBytes(StandardCharsets.UTF_8));
+ }
+ // else use cached encryption keys from input/output streams
+ encodedKey = encryptionAdapter.getEncodedKey();
+ encodedKeySHA256 = encryptionAdapter.getEncodedKeySHA();
+ break;
+
+ default: return; // no client-provided encryption keys
}
+ requestHeaders.add(new AbfsHttpHeader(X_MS_ENCRYPTION_KEY, encodedKey));
Review comment:
there are null checks for the encryption key values (both Global and
EncryptionContext types) used to compute the headers, and the
sha256hash/base64encoding are standard functions so we can probably skip the
check there
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
