[GitHub] [ignite] xtern commented on a change in pull request #7941: IGNITE-12843

Thu, 01 Oct 2020 05:41:01 -0700 


xtern commented on a change in pull request #7941:
URL: https://github.com/apache/ignite/pull/7941#discussion_r498212160



##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
##########
@@ -627,22 +739,104 @@ public void groupKey(int grpId, byte[] encGrpKey) {
         return withMasterKeyChangeReadLock(() -> getSpi().getMasterKeyName());
     }
 
+    /** {@inheritDoc} */
+    @Override public IgniteFuture<Void> changeCacheGroupKey(Collection<String> 
cacheOrGrpNames) {
+        A.notEmpty(cacheOrGrpNames, "cacheOrGrpNames");
+
+        synchronized (opsMux) {
+            if (stopped) {
+                return new IgniteFinishedFutureImpl<>(new 
IgniteException("Cache group key change was rejected. " +
+                    "Node is stopping."));
+            }
+
+            return grpKeyChangeProc.start(cacheOrGrpNames);
+        }
+    }
+
+    /**
+     * @param grpIds Cache group IDs.
+     * @param keyIds Encryption key IDs.
+     * @param keys Encryption keys.
+     * @throws IgniteCheckedException If failed.
+     */
+    protected void changeCacheGroupKeyLocal(int[] grpIds, byte[] keyIds, 
byte[][] keys) throws IgniteCheckedException {
+        Map<Integer, Byte> encryptionStatus = U.newHashMap(grpIds.length);
+
+        for (int i = 0; i < grpIds.length; i++)
+            encryptionStatus.put(grpIds[i], keyIds[i]);
+
+        WALPointer ptr = ctx.cache().context().wal().log(new 
ReencryptionStartRecord(encryptionStatus));
+
+        if (ptr != null)
+            ctx.cache().context().wal().flush(ptr, false);
+
+        for (int i = 0; i < grpIds.length; i++) {
+            int grpId = grpIds[i];
+            int newKeyId = keyIds[i] & 0xff;
+
+            synchronized (metaStorageMux) {
+                // Set new key as key for writing. Note that we cannot pass 
the encrypted key here because the master
+                // key may have changed in which case we will not be able to 
decrypt the cache encryption key.
+                GroupKey prevGrpKey = grpKeys.changeActiveKey(grpId, newKeyId);
+
+                List<GroupKeyEncrypted> keysEncrypted = 
withMasterKeyChangeReadLock(() -> grpKeys.getAll(grpId));

Review comment:
       Thanks, fixed it.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to