[
https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049336#comment-14049336
]
Alejandro Abdelnur commented on HADOOP-10719:
---------------------------------------------
* UserProvider.java change is not necessary, testcase could get provider via
{{KeyProviderFactory}}
* {{KeyProviderExtension}}, should override&delegate all methods signatures of
{{KeyProvider}}
* {{KeyProviderExtension}}, no need to use {{this.keyProvider}} in all methods,
just {{keyProvider}} will do
* {{KeyProviderExtension}}, I'm not fan of exposing protected instances as a
subclass could modify it, I prefer using a protected getter.
* {{KeyProviderExtension}}, why passing the extension instance here? is not
used at all, it seems this belongs to the KPE subclass itself
* {{KeyProviderCryptoExtension.EncryptedKeyVersion}} constructor should be
visible to enable creation by extension implementations outside of the default
one. Maybe protected and force extension impls to have its own a subclass? (we
are doing that today with KeyVersion)
* {{KeyProviderCryptoExtension.CryptoExtension}} javadoc, wrong param name,
{{keyVersion}} should be {{encryptionKeyVersion}}
* {{KeyProviderCryptoExtension}}, if extension instance var belongs to this
class, then no need to cast, i can be CryptoExtension. also, no need to use
{{this.}} (i guess you IDE is doing that)
* {{KeyProviderCryptoExtension}}, the constructor should detect if the passed
provider implements {{CryptoExtension}} itself, if so use that instead creating
a default one.
> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
> Key: HADOOP-10719
> URL: https://issues.apache.org/jira/browse/HADOOP-10719
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: HADOOP-10719.1.patch, HADOOP-10719.patch,
> HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch
>
>
> This is a follow up on
> [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion
> encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with
> 0xff the original IV).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
