Java Code Examples for org.apache.hadoop.crypto.CipherOption#getCipherSuite()

The following examples show how to use org.apache.hadoop.crypto.CipherOption#getCipherSuite() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DataTransferSaslUtil.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Encrypt the key and iv of the negotiated cipher option.
 * 
 * @param option negotiated cipher option
 * @param sasl SASL participant representing server
 * @return CipherOption negotiated cipher option which contains the 
 * encrypted key and iv
 * @throws IOException for any error
 */
public static CipherOption wrap(CipherOption option, SaslParticipant sasl) 
    throws IOException {
  if (option != null) {
    byte[] inKey = option.getInKey();
    if (inKey != null) {
      inKey = sasl.wrap(inKey, 0, inKey.length);
    }
    byte[] outKey = option.getOutKey();
    if (outKey != null) {
      outKey = sasl.wrap(outKey, 0, outKey.length);
    }
    return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(),
        outKey, option.getOutIv());
  }
  
  return null;
}
 
Example 2
Source File: DataTransferSaslUtil.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Decrypt the key and iv of the negotiated cipher option.
 * 
 * @param option negotiated cipher option
 * @param sasl SASL participant representing client
 * @return CipherOption negotiated cipher option which contains the 
 * decrypted key and iv
 * @throws IOException for any error
 */
public static CipherOption unwrap(CipherOption option, SaslParticipant sasl)
    throws IOException {
  if (option != null) {
    byte[] inKey = option.getInKey();
    if (inKey != null) {
      inKey = sasl.unwrap(inKey, 0, inKey.length);
    }
    byte[] outKey = option.getOutKey();
    if (outKey != null) {
      outKey = sasl.unwrap(outKey, 0, outKey.length);
    }
    return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(),
        outKey, option.getOutIv());
  }
  
  return null;
}
 
Example 3
Source File: PBHelper.java    From hadoop with Apache License 2.0 6 votes vote down vote up
public static CipherOptionProto convert(CipherOption option) {
  if (option != null) {
    CipherOptionProto.Builder builder = CipherOptionProto.
        newBuilder();
    if (option.getCipherSuite() != null) {
      builder.setSuite(convert(option.getCipherSuite()));
    }
    if (option.getInKey() != null) {
      builder.setInKey(ByteString.copyFrom(option.getInKey()));
    }
    if (option.getInIv() != null) {
      builder.setInIv(ByteString.copyFrom(option.getInIv()));
    }
    if (option.getOutKey() != null) {
      builder.setOutKey(ByteString.copyFrom(option.getOutKey()));
    }
    if (option.getOutIv() != null) {
      builder.setOutIv(ByteString.copyFrom(option.getOutIv()));
    }
    return builder.build();
  }
  return null;
}
 
Example 4
Source File: DataTransferSaslUtil.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Encrypt the key and iv of the negotiated cipher option.
 * 
 * @param option negotiated cipher option
 * @param sasl SASL participant representing server
 * @return CipherOption negotiated cipher option which contains the 
 * encrypted key and iv
 * @throws IOException for any error
 */
public static CipherOption wrap(CipherOption option, SaslParticipant sasl) 
    throws IOException {
  if (option != null) {
    byte[] inKey = option.getInKey();
    if (inKey != null) {
      inKey = sasl.wrap(inKey, 0, inKey.length);
    }
    byte[] outKey = option.getOutKey();
    if (outKey != null) {
      outKey = sasl.wrap(outKey, 0, outKey.length);
    }
    return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(),
        outKey, option.getOutIv());
  }
  
  return null;
}
 
Example 5
Source File: DataTransferSaslUtil.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Decrypt the key and iv of the negotiated cipher option.
 * 
 * @param option negotiated cipher option
 * @param sasl SASL participant representing client
 * @return CipherOption negotiated cipher option which contains the 
 * decrypted key and iv
 * @throws IOException for any error
 */
public static CipherOption unwrap(CipherOption option, SaslParticipant sasl)
    throws IOException {
  if (option != null) {
    byte[] inKey = option.getInKey();
    if (inKey != null) {
      inKey = sasl.unwrap(inKey, 0, inKey.length);
    }
    byte[] outKey = option.getOutKey();
    if (outKey != null) {
      outKey = sasl.unwrap(outKey, 0, outKey.length);
    }
    return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(),
        outKey, option.getOutIv());
  }
  
  return null;
}
 
Example 6
Source File: PBHelper.java    From big-c with Apache License 2.0 6 votes vote down vote up
public static CipherOptionProto convert(CipherOption option) {
  if (option != null) {
    CipherOptionProto.Builder builder = CipherOptionProto.
        newBuilder();
    if (option.getCipherSuite() != null) {
      builder.setSuite(convert(option.getCipherSuite()));
    }
    if (option.getInKey() != null) {
      builder.setInKey(ByteString.copyFrom(option.getInKey()));
    }
    if (option.getInIv() != null) {
      builder.setInIv(ByteString.copyFrom(option.getInIv()));
    }
    if (option.getOutKey() != null) {
      builder.setOutKey(ByteString.copyFrom(option.getOutKey()));
    }
    if (option.getOutIv() != null) {
      builder.setOutIv(ByteString.copyFrom(option.getOutIv()));
    }
    return builder.build();
  }
  return null;
}
 
Example 7
Source File: DataTransferSaslUtil.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 8
Source File: DataTransferSaslUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Negotiate a cipher option which server supports.
 * 
 * @param conf the configuration
 * @param options the cipher options which client supports
 * @return CipherOption negotiated cipher option
 */
public static CipherOption negotiateCipherOption(Configuration conf,
    List<CipherOption> options) throws IOException {
  // Negotiate cipher suites if configured.  Currently, the only supported
  // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple
  // values for future expansion.
  String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);
  if (cipherSuites == null || cipherSuites.isEmpty()) {
    return null;
  }
  if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {
    throw new IOException(String.format("Invalid cipher suite, %s=%s",
        DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));
  }
  if (options != null) {
    for (CipherOption option : options) {
      CipherSuite suite = option.getCipherSuite();
      if (suite == CipherSuite.AES_CTR_NOPADDING) {
        int keyLen = conf.getInt(
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_KEY,
            DFS_ENCRYPT_DATA_TRANSFER_CIPHER_KEY_BITLENGTH_DEFAULT) / 8;
        CryptoCodec codec = CryptoCodec.getInstance(conf, suite);
        byte[] inKey = new byte[keyLen];
        byte[] inIv = new byte[suite.getAlgorithmBlockSize()];
        byte[] outKey = new byte[keyLen];
        byte[] outIv = new byte[suite.getAlgorithmBlockSize()];
        codec.generateSecureRandom(inKey);
        codec.generateSecureRandom(inIv);
        codec.generateSecureRandom(outKey);
        codec.generateSecureRandom(outIv);
        return new CipherOption(suite, inKey, inIv, outKey, outIv);
      }
    }
  }
  return null;
}
 
Example 9
Source File: FanOutOneBlockAsyncDFSOutputSaslHelper.java    From hbase with Apache License 2.0 5 votes vote down vote up
private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {
  byte[] inKey = option.getInKey();
  if (inKey != null) {
    inKey = saslClient.unwrap(inKey, 0, inKey.length);
  }
  byte[] outKey = option.getOutKey();
  if (outKey != null) {
    outKey = saslClient.unwrap(outKey, 0, outKey.length);
  }
  return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,
      option.getOutIv());
}