K0K0V0K commented on code in PR #7827:
URL: https://github.com/apache/hadoop/pull/7827#discussion_r2228235542
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManagerConfig.java:
##########
@@ -0,0 +1,123 @@
+
+package org.apache.hadoop.security.token;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * Provides configuration and utility methods for managing cryptographic key
generation
+ * and message authentication code (MAC) generation using specified algorithms
and key lengths.
+ * <p>
+ * This class supports static access to the selected cryptographic algorithm
and key length,
+ * and provides methods to create configured {@link javax.crypto.KeyGenerator}
and {@link javax.crypto.Mac} instances.
+ * The configuration is initialized statically from a provided {@link
Configuration} object.
+ * <p>
+ * The {@link SecretManager} has some static method, so static configuration
is required
+ */
+public class SecretManagerConfig {
+ private static final Logger LOG =
LoggerFactory.getLogger(SecretManagerConfig.class);
+ private static String SELECTED_ALGORITHM;
+ private static int SELECTED_LENGTH;
+
+ static {
+ update(new Configuration());
+ }
+
+ /**
+ * Updates the selected cryptographic algorithm and key length using the
provided
+ * Hadoop {@link Configuration}. This method reads the values for
+ * {@code HADOOP_SECURITY_SECRET_MANAGER_KEY_GENERATOR_ALGORITHM_KEY} and
+ * {@code HADOOP_SECURITY_SECRET_MANAGER_KEY_LENGTH_KEY}, or uses default
values if not set.
+ *
+ * @param conf the configuration object containing cryptographic settings
+ */
+ public static void update(Configuration conf) {
+ SELECTED_ALGORITHM = conf.get(
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_SECRET_MANAGER_KEY_GENERATOR_ALGORITHM_KEY,
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_SECRET_MANAGER_KEY_GENERATOR_ALGORITHM_DEFAULT);
+ LOG.debug("Selected hash algorithm: {}", SELECTED_ALGORITHM);
+ SELECTED_LENGTH = conf.getInt(
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_SECRET_MANAGER_KEY_LENGTH_KEY,
+
CommonConfigurationKeysPublic.HADOOP_SECURITY_SECRET_MANAGER_KEY_LENGTH_DEFAULT);
+ LOG.debug("Selected hash key length: {}", SELECTED_LENGTH);
+ }
+
+ /**
+ * Returns the currently selected cryptographic algorithm.
+ *
+ * @return the name of the selected algorithm
+ */
+ public static String getSelectedAlgorithm() {
+ return SELECTED_ALGORITHM;
+ }
+
+ /**
+ * Returns the currently selected key length in bits.
+ *
+ * @return the selected key length
+ */
+ public static int getSelectedLength() {
+ return SELECTED_LENGTH;
+ }
+
+ /**
+ * Sets the cryptographic algorithm to use.
+ *
+ * @param algorithm the algorithm name (e.g., "HmacSHA256", "AES")
+ */
+ public static void setSelectedAlgorithm(String algorithm) {
Review Comment:
Hi @abstractdog !
Thanks for the review. I was thinking we can provide 2 method and components
can decide what they prefer, but maybe you right and that will over complicate
the things. I will delete these setters.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
