Java Code Examples for org.apache.hadoop.crypto.key.KeyProvider#Metadata
The following examples show how to use
org.apache.hadoop.crypto.key.KeyProvider#Metadata .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
|
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
List<String> keyNamesList) throws Exception {
KMSWebApp.getAdminCallsMeter().mark();
UserGroupInformation user = HttpUserGroupInformation.get();
final String[] keyNames = keyNamesList.toArray(
new String[keyNamesList.size()]);
assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);
KeyProvider.Metadata[] keysMeta = user.doAs(
new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
@Override
public KeyProvider.Metadata[] run() throws Exception {
return provider.getKeysMetadata(keyNames);
}
}
);
Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
Example 2
| Source File: KMS.java From hadoop with Apache License 2.0 | 6 votes |
|
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
throws Exception {
UserGroupInformation user = HttpUserGroupInformation.get();
KMSClientProvider.checkNotEmpty(name, "name");
KMSWebApp.getAdminCallsMeter().mark();
assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);
KeyProvider.Metadata metadata = user.doAs(
new PrivilegedExceptionAction<KeyProvider.Metadata>() {
@Override
public KeyProvider.Metadata run() throws Exception {
return provider.getMetadata(name);
}
}
);
Object json = KMSServerJSONUtils.toJSON(name, metadata);
kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
Example 3
| Source File: KMSServerJSONUtils.java From hadoop with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static Map toJSON(String keyName, KeyProvider.Metadata meta) {
Map json = new LinkedHashMap();
if (meta != null) {
json.put(KMSRESTConstants.NAME_FIELD, keyName);
json.put(KMSRESTConstants.CIPHER_FIELD, meta.getCipher());
json.put(KMSRESTConstants.LENGTH_FIELD, meta.getBitLength());
json.put(KMSRESTConstants.DESCRIPTION_FIELD, meta.getDescription());
json.put(KMSRESTConstants.ATTRIBUTES_FIELD, meta.getAttributes());
json.put(KMSRESTConstants.CREATED_FIELD,
meta.getCreated().getTime());
json.put(KMSRESTConstants.VERSIONS_FIELD,
(long) meta.getVersions());
}
return json;
}
Example 4
| Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
|
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
List<String> keyNamesList) throws Exception {
KMSWebApp.getAdminCallsMeter().mark();
UserGroupInformation user = HttpUserGroupInformation.get();
final String[] keyNames = keyNamesList.toArray(
new String[keyNamesList.size()]);
assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);
KeyProvider.Metadata[] keysMeta = user.doAs(
new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
@Override
public KeyProvider.Metadata[] run() throws Exception {
return provider.getKeysMetadata(keyNames);
}
}
);
Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
Example 5
| Source File: KMS.java From big-c with Apache License 2.0 | 6 votes |
|
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
throws Exception {
UserGroupInformation user = HttpUserGroupInformation.get();
KMSClientProvider.checkNotEmpty(name, "name");
KMSWebApp.getAdminCallsMeter().mark();
assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);
KeyProvider.Metadata metadata = user.doAs(
new PrivilegedExceptionAction<KeyProvider.Metadata>() {
@Override
public KeyProvider.Metadata run() throws Exception {
return provider.getMetadata(name);
}
}
);
Object json = KMSServerJSONUtils.toJSON(name, metadata);
kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
Example 6
| Source File: KMSServerJSONUtils.java From big-c with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static Map toJSON(String keyName, KeyProvider.Metadata meta) {
Map json = new LinkedHashMap();
if (meta != null) {
json.put(KMSRESTConstants.NAME_FIELD, keyName);
json.put(KMSRESTConstants.CIPHER_FIELD, meta.getCipher());
json.put(KMSRESTConstants.LENGTH_FIELD, meta.getBitLength());
json.put(KMSRESTConstants.DESCRIPTION_FIELD, meta.getDescription());
json.put(KMSRESTConstants.ATTRIBUTES_FIELD, meta.getAttributes());
json.put(KMSRESTConstants.CREATED_FIELD,
meta.getCreated().getTime());
json.put(KMSRESTConstants.VERSIONS_FIELD,
(long) meta.getVersions());
}
return json;
}
Example 7
| Source File: KMSServerJSONUtils.java From ranger with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
public static Map toJSON(String keyName, KeyProvider.Metadata meta) {
Map json = new LinkedHashMap();
if (meta != null) {
json.put(KMSRESTConstants.NAME_FIELD, keyName);
json.put(KMSRESTConstants.CIPHER_FIELD, meta.getCipher());
json.put(KMSRESTConstants.LENGTH_FIELD, meta.getBitLength());
json.put(KMSRESTConstants.DESCRIPTION_FIELD, meta.getDescription());
json.put(KMSRESTConstants.ATTRIBUTES_FIELD, meta.getAttributes());
json.put(KMSRESTConstants.CREATED_FIELD,
meta.getCreated().getTime());
json.put(KMSRESTConstants.VERSIONS_FIELD,
(long) meta.getVersions());
}
return json;
}
Example 8
| Source File: OMBucketCreateRequest.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
private BucketEncryptionInfoProto getBeinfo(
KeyProviderCryptoExtension kmsProvider, BucketInfo bucketInfo)
throws IOException {
BucketEncryptionInfoProto bek = bucketInfo.getBeinfo();
BucketEncryptionInfoProto.Builder bekb = null;
if (kmsProvider == null) {
throw new OMException("Invalid KMS provider, check configuration " +
CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
OMException.ResultCodes.INVALID_KMS_PROVIDER);
}
if (bek.getKeyName() == null) {
throw new OMException("Bucket encryption key needed.", OMException
.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
}
// Talk to KMS to retrieve the bucket encryption key info.
KeyProvider.Metadata metadata = kmsProvider.getMetadata(
bek.getKeyName());
if (metadata == null) {
throw new OMException("Bucket encryption key " + bek.getKeyName()
+ " doesn't exist.",
OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
}
// If the provider supports pool for EDEKs, this will fill in the pool
kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
bekb = BucketEncryptionInfoProto.newBuilder()
.setKeyName(bek.getKeyName())
.setCryptoProtocolVersion(ENCRYPTION_ZONES)
.setSuite(OMPBHelper.convert(
CipherSuite.convert(metadata.getCipher())));
return bekb.build();
}
Example 9
| Source File: TestBucketManagerImpl.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
@Test
public void testCreateBucket() throws Exception {
OmMetadataManagerImpl metaMgr = createSampleVol();
KeyProviderCryptoExtension kmsProvider = Mockito.mock(
KeyProviderCryptoExtension.class);
String testBekName = "key1";
String testCipherName = "AES/CTR/NoPadding";
KeyProvider.Metadata mockMetadata = Mockito.mock(KeyProvider.Metadata
.class);
Mockito.when(kmsProvider.getMetadata(testBekName)).thenReturn(mockMetadata);
Mockito.when(mockMetadata.getCipher()).thenReturn(testCipherName);
BucketManager bucketManager = new BucketManagerImpl(metaMgr,
kmsProvider);
OmBucketInfo bucketInfo = OmBucketInfo.newBuilder()
.setVolumeName("sampleVol")
.setBucketName("bucketOne")
.setBucketEncryptionKey(new
BucketEncryptionKeyInfo.Builder().setKeyName("key1").build())
.build();
bucketManager.createBucket(bucketInfo);
Assert.assertNotNull(bucketManager.getBucketInfo("sampleVol", "bucketOne"));
OmBucketInfo bucketInfoRead =
bucketManager.getBucketInfo("sampleVol", "bucketOne");
Assert.assertTrue(bucketInfoRead.getEncryptionKeyInfo().getKeyName()
.equals(bucketInfo.getEncryptionKeyInfo().getKeyName()));
metaMgr.getStore().close();
}
Example 10
| Source File: KMSServerJSONUtils.java From hadoop with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static List toJSON(String[] keyNames, KeyProvider.Metadata[] metas) {
List json = new ArrayList();
for (int i = 0; i < keyNames.length; i++) {
json.add(toJSON(keyNames[i], metas[i]));
}
return json;
}
Example 11
| Source File: KMSServerJSONUtils.java From big-c with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static List toJSON(String[] keyNames, KeyProvider.Metadata[] metas) {
List json = new ArrayList();
for (int i = 0; i < keyNames.length; i++) {
json.add(toJSON(keyNames[i], metas[i]));
}
return json;
}
Example 12
| Source File: KMS.java From ranger with Apache License 2.0 | 5 votes |
|
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
List<String> keyNamesList, @Context HttpServletRequest request) throws Exception {
try {
if (LOG.isDebugEnabled()) {
LOG.debug("Entering getKeysMetadata method.");
}
KMSWebApp.getAdminCallsMeter().mark();
UserGroupInformation user = HttpUserGroupInformation.get();
final String[] keyNames = keyNamesList.toArray( new String[keyNamesList.size()]);
assertAccess(Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA, request.getRemoteAddr());
KeyProvider.Metadata[] keysMeta = user.doAs(new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
@Override
public KeyProvider.Metadata[] run() throws Exception {
return provider.getKeysMetadata(keyNames);
}
});
Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
if (LOG.isDebugEnabled()) {
LOG.debug("Exiting getKeysMetadata method.");
}
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
} catch (Exception e) {
LOG.error("Exception in getKeysmetadata.", e);
throw e;
}
}
Example 13
| Source File: KMS.java From ranger with Apache License 2.0 | 5 votes |
|
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name, @Context HttpServletRequest request)
throws Exception {
try {
if (LOG.isDebugEnabled()) {
LOG.debug("Entering getMetadata method.");
}
UserGroupInformation user = HttpUserGroupInformation.get();
checkNotEmpty(name, "name");
KMSWebApp.getAdminCallsMeter().mark();
assertAccess(Type.GET_METADATA, user, KMSOp.GET_METADATA, name, request.getRemoteAddr());
LOG.debug("Getting metadata for key with name {}.", name);
KeyProvider.Metadata metadata = user.doAs(
new PrivilegedExceptionAction<KeyProvider.Metadata>() {
@Override
public KeyProvider.Metadata run() throws Exception {
return provider.getMetadata(name);
}
});
Object json = KMSServerJSONUtils.toJSON(name, metadata);
kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
if (LOG.isDebugEnabled()) {
LOG.debug("Exiting getMetadata method.");
}
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
} catch (Exception e) {
LOG.error("Exception in getMetadata.", e);
throw e;
}
}
Example 14
| Source File: KMSServerJSONUtils.java From ranger with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static List toJSON(String[] keyNames, KeyProvider.Metadata[] metas) {
List json = new ArrayList();
for (int i = 0; i < keyNames.length; i++) {
json.add(toJSON(keyNames[i], metas[i]));
}
return json;
}
Example 15
| Source File: BucketManagerImpl.java From hadoop-ozone with Apache License 2.0 | 4 votes |
|
/**
* Creates a bucket.
*
* @param bucketInfo - OmBucketInfo.
*/
@Override
public void createBucket(OmBucketInfo bucketInfo) throws IOException {
Preconditions.checkNotNull(bucketInfo);
String volumeName = bucketInfo.getVolumeName();
String bucketName = bucketInfo.getBucketName();
boolean acquiredBucketLock = false;
metadataManager.getLock().acquireLock(VOLUME_LOCK, volumeName);
try {
acquiredBucketLock = metadataManager.getLock().acquireLock(BUCKET_LOCK,
volumeName, bucketName);
String volumeKey = metadataManager.getVolumeKey(volumeName);
String bucketKey = metadataManager.getBucketKey(volumeName, bucketName);
OmVolumeArgs volumeArgs = metadataManager.getVolumeTable().get(volumeKey);
//Check if the volume exists
if (volumeArgs == null) {
LOG.debug("volume: {} not found ", volumeName);
throw new OMException("Volume doesn't exist",
OMException.ResultCodes.VOLUME_NOT_FOUND);
}
//Check if bucket already exists
if (metadataManager.getBucketTable().get(bucketKey) != null) {
LOG.debug("bucket: {} already exists ", bucketName);
throw new OMException("Bucket already exist",
OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
}
BucketEncryptionKeyInfo bek = bucketInfo.getEncryptionKeyInfo();
BucketEncryptionKeyInfo.Builder bekb = null;
if (bek != null) {
if (kmsProvider == null) {
throw new OMException("Invalid KMS provider, check configuration " +
CommonConfigurationKeys.HADOOP_SECURITY_KEY_PROVIDER_PATH,
OMException.ResultCodes.INVALID_KMS_PROVIDER);
}
if (bek.getKeyName() == null) {
throw new OMException("Bucket encryption key needed.", OMException
.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
}
// Talk to KMS to retrieve the bucket encryption key info.
KeyProvider.Metadata metadata = getKMSProvider().getMetadata(
bek.getKeyName());
if (metadata == null) {
throw new OMException("Bucket encryption key " + bek.getKeyName()
+ " doesn't exist.",
OMException.ResultCodes.BUCKET_ENCRYPTION_KEY_NOT_FOUND);
}
// If the provider supports pool for EDEKs, this will fill in the pool
kmsProvider.warmUpEncryptedKeys(bek.getKeyName());
bekb = new BucketEncryptionKeyInfo.Builder()
.setKeyName(bek.getKeyName())
.setVersion(CryptoProtocolVersion.ENCRYPTION_ZONES)
.setSuite(CipherSuite.convert(metadata.getCipher()));
}
List<OzoneAcl> acls = new ArrayList<>();
acls.addAll(bucketInfo.getAcls());
volumeArgs.getAclMap().getDefaultAclList().forEach(
a -> acls.add(OzoneAcl.fromProtobufWithAccessType(a)));
OmBucketInfo.Builder omBucketInfoBuilder = OmBucketInfo.newBuilder()
.setVolumeName(bucketInfo.getVolumeName())
.setBucketName(bucketInfo.getBucketName())
.setAcls(acls)
.setStorageType(bucketInfo.getStorageType())
.setIsVersionEnabled(bucketInfo.getIsVersionEnabled())
.setCreationTime(Time.now())
.addAllMetadata(bucketInfo.getMetadata());
if (bekb != null) {
omBucketInfoBuilder.setBucketEncryptionKey(bekb.build());
}
OmBucketInfo omBucketInfo = omBucketInfoBuilder.build();
commitBucketInfoToDB(omBucketInfo);
LOG.debug("created bucket: {} in volume: {}", bucketName, volumeName);
} catch (IOException | DBException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Bucket creation failed for bucket:{} in volume:{}",
bucketName, volumeName, ex);
}
throw ex;
} finally {
if (acquiredBucketLock) {
metadataManager.getLock().releaseLock(BUCKET_LOCK, volumeName,
bucketName);
}
metadataManager.getLock().releaseLock(VOLUME_LOCK, volumeName);
}
}
