[jira] [Updated] (HDFS-6392) Wire crypto streams for encrypted files in DFSClient

Wed, 04 Jun 2014 00:59:22 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-6392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yi Liu updated HDFS-6392:
-------------------------

    Attachment: HdfsDataInputStream-HdfsDataOutputStream_crypto.1.diff

After further thought, we don’t modify {{CryptoInputStream}} and 
{{CryptoOutputStream}}, it’s a bit inconvenient to use after modification. 
We just need to modify {{HdfsDataInputStream}} and {{HdfsDataOutputStream}}, 
please see the new attachment 
_HdfsDataInputStream-HdfsDataOutputStream_crypto.1.diff_. 

It’s a bit similar to your _HDFS-6392.2.patch_, and the key differences are:
*1.* We should not modify {{getWrappedStream}} in FSDataOutputStream. Otherwise 
it may cause potential issues.

*2.* Not modify existing constructors of {{HdfsDataInputStream}} and 
{{HdfsDataOutputStream}}, add new constructors to accept {{CryptoInputStream}} 
and {{CryptoOutputStream}}, then user/developer know what exact type of stream 
is acceptable and we do preconditions.

*3.* Not override {{getWrappedStream}} in {{HdfsDataInputStream}} and 
{{HdfsDataOutputStream}} like what we do in _HDFS-6392.3.patch_, otherwise it 
may cause potential issues.

*4.* {{public void hsync(EnumSet<SyncFlag> syncFlags) throws IOException}} 
doesn’t belong to {{Syncable}} interface, and we need special handling for it.

Thoughts?

>  Wire crypto streams for encrypted files in DFSClient
> -----------------------------------------------------
>
>                 Key: HDFS-6392
>                 URL: https://issues.apache.org/jira/browse/HDFS-6392
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>            Reporter: Alejandro Abdelnur
>            Assignee: Charles Lamb
>         Attachments: HDFS-6392.1.patch, HDFS-6392.2.patch, HDFS-6392.3.patch, 
> HdfsDataInputStream-HdfsDataOutputStream_crypto.1.diff, 
> HdfsDataInputStream-HdfsDataOutputStream_crypto.diff
>
>
> When the DFS client gets a key material and IV for a file being 
> opened/created, it should wrap the stream with a crypto stream initialized 
> with the key material and IV.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to