[
https://issues.apache.org/jira/browse/HDFS-6392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017281#comment-14017281
]
Charles Lamb commented on HDFS-6392:
------------------------------------
bq, My suggest is we can define some class like CryptoDFSInputStream to extend
DFSInputStream and wrap CryptoInputStream, like we do for
CryptoFSDataInputStream .
Andrew and I have been thinking hard about this. The problem with this proposal
is that DFSOutputStream and DFSInputStream do not have ctors that accept a
stream to wrap. They're both created with factory methods. We think that the
answer may be to create a CryptoDFSInputStream (and CryptoDFSOutputStream) that
wraps a DFSInputStream in a CryptoInputStream and delegate everything through
that wrapper. We'll have to make all methods explicit and they'll do the
delegation.
This is somewhat dangerous in that if someone adds new methods to the DFS side
and they don't add them to the Crypto side, then there's potential for API
mismatch.
Do you see any better way?
I'll take care of the rest of your comments.
> Wire crypto streams for encrypted files in DFSClient
> -----------------------------------------------------
>
> Key: HDFS-6392
> URL: https://issues.apache.org/jira/browse/HDFS-6392
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Reporter: Alejandro Abdelnur
> Assignee: Charles Lamb
> Attachments: HDFS-6392.1.patch, HDFS-6392.2.patch, HDFS-6392.3.patch
>
>
> When the DFS client gets a key material and IV for a file being
> opened/created, it should wrap the stream with a crypto stream initialized
> with the key material and IV.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
