org.apache.hadoop.crypto.CryptoProtocolVersion Java Examples
The following examples show how to use
org.apache.hadoop.crypto.CryptoProtocolVersion.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestEncryptionZones.java From hadoop with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private static void mockCreate(ClientProtocol mcp, CipherSuite suite, CryptoProtocolVersion version) throws Exception { Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, new FileEncryptionInfo(suite, version, new byte[suite.getAlgorithmBlockSize()], new byte[suite.getAlgorithmBlockSize()], "fakeKey", "fakeVersion"), (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); }
Example #2
Source File: FileEncryptionInfo.java From big-c with Apache License 2.0 | 6 votes |
/** * Create a FileEncryptionInfo. * * @param suite CipherSuite used to encrypt the file * @param edek encrypted data encryption key (EDEK) of the file * @param iv initialization vector (IV) used to encrypt the file * @param keyName name of the key used for the encryption zone * @param ezKeyVersionName name of the KeyVersion used to encrypt the * encrypted data encryption key. */ public FileEncryptionInfo(final CipherSuite suite, final CryptoProtocolVersion version, final byte[] edek, final byte[] iv, final String keyName, final String ezKeyVersionName) { checkNotNull(suite); checkNotNull(version); checkNotNull(edek); checkNotNull(iv); checkNotNull(keyName); checkNotNull(ezKeyVersionName); checkArgument(iv.length == suite.getAlgorithmBlockSize(), "Unexpected IV length"); this.cipherSuite = suite; this.version = version; this.edek = edek; this.iv = iv; this.keyName = keyName; this.ezKeyVersionName = ezKeyVersionName; }
Example #3
Source File: TestEncryptionZones.java From big-c with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private static void mockCreate(ClientProtocol mcp, CipherSuite suite, CryptoProtocolVersion version) throws Exception { Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, new FileEncryptionInfo(suite, version, new byte[suite.getAlgorithmBlockSize()], new byte[suite.getAlgorithmBlockSize()], "fakeKey", "fakeVersion"), (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); }
Example #4
Source File: FileEncryptionInfo.java From hadoop with Apache License 2.0 | 6 votes |
/** * Create a FileEncryptionInfo. * * @param suite CipherSuite used to encrypt the file * @param edek encrypted data encryption key (EDEK) of the file * @param iv initialization vector (IV) used to encrypt the file * @param keyName name of the key used for the encryption zone * @param ezKeyVersionName name of the KeyVersion used to encrypt the * encrypted data encryption key. */ public FileEncryptionInfo(final CipherSuite suite, final CryptoProtocolVersion version, final byte[] edek, final byte[] iv, final String keyName, final String ezKeyVersionName) { checkNotNull(suite); checkNotNull(version); checkNotNull(edek); checkNotNull(iv); checkNotNull(keyName); checkNotNull(ezKeyVersionName); checkArgument(iv.length == suite.getAlgorithmBlockSize(), "Unexpected IV length"); this.cipherSuite = suite; this.version = version; this.edek = edek; this.iv = iv; this.keyName = keyName; this.ezKeyVersionName = ezKeyVersionName; }
Example #5
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static CryptoProtocolVersion convert(CryptoProtocolVersionProto proto) { switch(proto) { case ENCRYPTION_ZONES: return CryptoProtocolVersion.ENCRYPTION_ZONES; default: // Set to UNKNOWN and stash the unknown enum value CryptoProtocolVersion version = CryptoProtocolVersion.UNKNOWN; version.setUnknownValue(proto.getNumber()); return version; } }
Example #6
Source File: FSDirectory.java From hadoop with Apache License 2.0 | 5 votes |
XAttr createEncryptionZone(String src, CipherSuite suite, CryptoProtocolVersion version, String keyName) throws IOException { writeLock(); try { return ezManager.createEncryptionZone(src, suite, version, keyName); } finally { writeUnlock(); } }
Example #7
Source File: ClientNamenodeProtocolTranslatorPB.java From hadoop with Apache License 2.0 | 5 votes |
@Override public HdfsFileStatus create(String src, FsPermission masked, String clientName, EnumSetWritable<CreateFlag> flag, boolean createParent, short replication, long blockSize, CryptoProtocolVersion[] supportedVersions) throws AccessControlException, AlreadyBeingCreatedException, DSQuotaExceededException, FileAlreadyExistsException, FileNotFoundException, NSQuotaExceededException, ParentNotDirectoryException, SafeModeException, UnresolvedLinkException, IOException { CreateRequestProto.Builder builder = CreateRequestProto.newBuilder() .setSrc(src) .setMasked(PBHelper.convert(masked)) .setClientName(clientName) .setCreateFlag(PBHelper.convertCreateFlag(flag)) .setCreateParent(createParent) .setReplication(replication) .setBlockSize(blockSize); builder.addAllCryptoProtocolVersion(PBHelper.convert(supportedVersions)); CreateRequestProto req = builder.build(); try { CreateResponseProto res = rpcProxy.create(null, req); return res.hasFs() ? PBHelper.convert(res.getFs()) : null; } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
Example #8
Source File: TestLease.java From hadoop with Apache License 2.0 | 5 votes |
@SuppressWarnings("unchecked") @Test public void testFactory() throws Exception { final String[] groups = new String[]{"supergroup"}; final UserGroupInformation[] ugi = new UserGroupInformation[3]; for(int i = 0; i < ugi.length; i++) { ugi[i] = UserGroupInformation.createUserForTesting("user" + i, groups); } Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, null, (byte) 0)).when(mcp).getFileInfo(anyString()); Mockito .doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, null, (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); final Configuration conf = new Configuration(); final DFSClient c1 = createDFSClientAs(ugi[0], conf); FSDataOutputStream out1 = createFsOut(c1, "/out1"); final DFSClient c2 = createDFSClientAs(ugi[0], conf); FSDataOutputStream out2 = createFsOut(c2, "/out2"); Assert.assertEquals(c1.getLeaseRenewer(), c2.getLeaseRenewer()); final DFSClient c3 = createDFSClientAs(ugi[1], conf); FSDataOutputStream out3 = createFsOut(c3, "/out3"); Assert.assertTrue(c1.getLeaseRenewer() != c3.getLeaseRenewer()); final DFSClient c4 = createDFSClientAs(ugi[1], conf); FSDataOutputStream out4 = createFsOut(c4, "/out4"); Assert.assertEquals(c3.getLeaseRenewer(), c4.getLeaseRenewer()); final DFSClient c5 = createDFSClientAs(ugi[2], conf); FSDataOutputStream out5 = createFsOut(c5, "/out5"); Assert.assertTrue(c1.getLeaseRenewer() != c5.getLeaseRenewer()); Assert.assertTrue(c3.getLeaseRenewer() != c5.getLeaseRenewer()); }
Example #9
Source File: TestRetryCacheWithHA.java From hadoop with Apache License 2.0 | 5 votes |
@Override void invoke() throws Exception { EnumSet<CreateFlag> createFlag = EnumSet.of(CreateFlag.CREATE); this.status = client.getNamenode().create(fileName, FsPermission.getFileDefault(), client.getClientName(), new EnumSetWritable<CreateFlag>(createFlag), false, DataNodes, BlockSize, new CryptoProtocolVersion[] {CryptoProtocolVersion.ENCRYPTION_ZONES}); }
Example #10
Source File: EncryptionZone.java From big-c with Apache License 2.0 | 5 votes |
public EncryptionZone(long id, String path, CipherSuite suite, CryptoProtocolVersion version, String keyName) { this.id = id; this.path = path; this.suite = suite; this.version = version; this.keyName = keyName; }
Example #11
Source File: DFSClient.java From big-c with Apache License 2.0 | 5 votes |
/** * Obtain the crypto protocol version from the provided FileEncryptionInfo, * checking to see if this version is supported by. * * @param feInfo FileEncryptionInfo * @return CryptoProtocolVersion from the feInfo * @throws IOException if the protocol version is unsupported. */ private static CryptoProtocolVersion getCryptoProtocolVersion (FileEncryptionInfo feInfo) throws IOException { final CryptoProtocolVersion version = feInfo.getCryptoProtocolVersion(); if (!CryptoProtocolVersion.supports(version)) { throw new IOException("Client does not support specified " + "CryptoProtocolVersion " + version.getDescription() + " version " + "number" + version.getVersion()); } return version; }
Example #12
Source File: FSDirectory.java From big-c with Apache License 2.0 | 5 votes |
XAttr createEncryptionZone(String src, CipherSuite suite, CryptoProtocolVersion version, String keyName) throws IOException { writeLock(); try { return ezManager.createEncryptionZone(src, suite, version, keyName); } finally { writeUnlock(); } }
Example #13
Source File: NameNodeRpcServer.java From big-c with Apache License 2.0 | 5 votes |
@Override // ClientProtocol public HdfsFileStatus create(String src, FsPermission masked, String clientName, EnumSetWritable<CreateFlag> flag, boolean createParent, short replication, long blockSize, CryptoProtocolVersion[] supportedVersions) throws IOException { checkNNStartup(); String clientMachine = getClientMachine(); if (stateChangeLog.isDebugEnabled()) { stateChangeLog.debug("*DIR* NameNode.create: file " +src+" for "+clientName+" at "+clientMachine); } if (!checkPathLength(src)) { throw new IOException("create: Pathname too long. Limit " + MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels."); } CacheEntryWithPayload cacheEntry = RetryCache.waitForCompletion(retryCache, null); if (cacheEntry != null && cacheEntry.isSuccess()) { return (HdfsFileStatus) cacheEntry.getPayload(); } HdfsFileStatus status = null; try { PermissionStatus perm = new PermissionStatus(getRemoteUser() .getShortUserName(), null, masked); status = namesystem.startFile(src, perm, clientName, clientMachine, flag.get(), createParent, replication, blockSize, supportedVersions, cacheEntry != null); } finally { RetryCache.setState(cacheEntry, status != null, status); } metrics.incrFilesCreated(); metrics.incrCreateFileOps(); return status; }
Example #14
Source File: EncryptionZoneManager.java From big-c with Apache License 2.0 | 5 votes |
EncryptionZoneInt(long inodeId, CipherSuite suite, CryptoProtocolVersion version, String keyName) { Preconditions.checkArgument(suite != CipherSuite.UNKNOWN); Preconditions.checkArgument(version != CryptoProtocolVersion.UNKNOWN); this.inodeId = inodeId; this.suite = suite; this.version = version; this.keyName = keyName; }
Example #15
Source File: EncryptionZoneManager.java From big-c with Apache License 2.0 | 5 votes |
/** * Create a new encryption zone. * <p/> * Called while holding the FSDirectory lock. */ XAttr createEncryptionZone(String src, CipherSuite suite, CryptoProtocolVersion version, String keyName) throws IOException { assert dir.hasWriteLock(); final INodesInPath srcIIP = dir.getINodesInPath4Write(src, false); if (dir.isNonEmptyDirectory(srcIIP)) { throw new IOException( "Attempt to create an encryption zone for a non-empty directory."); } if (srcIIP != null && srcIIP.getLastINode() != null && !srcIIP.getLastINode().isDirectory()) { throw new IOException("Attempt to create an encryption zone for a file."); } EncryptionZoneInt ezi = getEncryptionZoneForPath(srcIIP); if (ezi != null) { throw new IOException("Directory " + src + " is already in an " + "encryption zone. (" + getFullPathName(ezi) + ")"); } final HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.convert(suite, version, keyName); final XAttr ezXAttr = XAttrHelper .buildXAttr(CRYPTO_XATTR_ENCRYPTION_ZONE, proto.toByteArray()); final List<XAttr> xattrs = Lists.newArrayListWithCapacity(1); xattrs.add(ezXAttr); // updating the xattr will call addEncryptionZone, // done this way to handle edit log loading FSDirXAttrOp.unprotectedSetXAttrs(dir, src, xattrs, EnumSet.of(XAttrSetFlag.CREATE)); return ezXAttr; }
Example #16
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static List<CryptoProtocolVersionProto> convert( CryptoProtocolVersion[] versions) { List<CryptoProtocolVersionProto> protos = Lists.newArrayListWithCapacity(versions.length); for (CryptoProtocolVersion v: versions) { protos.add(convert(v)); } return protos; }
Example #17
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static CryptoProtocolVersion[] convertCryptoProtocolVersions( List<CryptoProtocolVersionProto> protos) { List<CryptoProtocolVersion> versions = Lists.newArrayListWithCapacity(protos.size()); for (CryptoProtocolVersionProto p: protos) { versions.add(convert(p)); } return versions.toArray(new CryptoProtocolVersion[] {}); }
Example #18
Source File: ProxiedDFSClient.java From spliceengine with GNU Affero General Public License v3.0 | 5 votes |
/** * Obtain the crypto protocol version from the provided FileEncryptionInfo, * checking to see if this version is supported by. * * @param feInfo FileEncryptionInfo * @return CryptoProtocolVersion from the feInfo * @throws IOException if the protocol version is unsupported. */ private static CryptoProtocolVersion getCryptoProtocolVersion (FileEncryptionInfo feInfo) throws IOException { final CryptoProtocolVersion version = feInfo.getCryptoProtocolVersion(); if (!CryptoProtocolVersion.supports(version)) { throw new IOException("Client does not support specified " + "CryptoProtocolVersion " + version.getDescription() + " version " + "number" + version.getVersion()); } return version; }
Example #19
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static CryptoProtocolVersionProto convert(CryptoProtocolVersion version) { switch(version) { case UNKNOWN: return CryptoProtocolVersionProto.UNKNOWN_PROTOCOL_VERSION; case ENCRYPTION_ZONES: return CryptoProtocolVersionProto.ENCRYPTION_ZONES; default: return null; } }
Example #20
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static HdfsProtos.ZoneEncryptionInfoProto convert( CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (suite == null || version == null || keyName == null) { return null; } return HdfsProtos.ZoneEncryptionInfoProto.newBuilder() .setSuite(convert(suite)) .setCryptoProtocolVersion(convert(version)) .setKeyName(keyName) .build(); }
Example #21
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.FileEncryptionInfoProto proto) { if (proto == null) { return null; } CipherSuite suite = convert(proto.getSuite()); CryptoProtocolVersion version = convert(proto.getCryptoProtocolVersion()); byte[] key = proto.getKey().toByteArray(); byte[] iv = proto.getIv().toByteArray(); String ezKeyVersionName = proto.getEzKeyVersionName(); String keyName = proto.getKeyName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #22
Source File: PBHelper.java From big-c with Apache License 2.0 | 5 votes |
public static FileEncryptionInfo convert( HdfsProtos.PerFileEncryptionInfoProto fileProto, CipherSuite suite, CryptoProtocolVersion version, String keyName) { if (fileProto == null || suite == null || version == null || keyName == null) { return null; } byte[] key = fileProto.getKey().toByteArray(); byte[] iv = fileProto.getIv().toByteArray(); String ezKeyVersionName = fileProto.getEzKeyVersionName(); return new FileEncryptionInfo(suite, version, key, iv, keyName, ezKeyVersionName); }
Example #23
Source File: ClientNamenodeProtocolTranslatorPB.java From big-c with Apache License 2.0 | 5 votes |
@Override public HdfsFileStatus create(String src, FsPermission masked, String clientName, EnumSetWritable<CreateFlag> flag, boolean createParent, short replication, long blockSize, CryptoProtocolVersion[] supportedVersions) throws AccessControlException, AlreadyBeingCreatedException, DSQuotaExceededException, FileAlreadyExistsException, FileNotFoundException, NSQuotaExceededException, ParentNotDirectoryException, SafeModeException, UnresolvedLinkException, IOException { CreateRequestProto.Builder builder = CreateRequestProto.newBuilder() .setSrc(src) .setMasked(PBHelper.convert(masked)) .setClientName(clientName) .setCreateFlag(PBHelper.convertCreateFlag(flag)) .setCreateParent(createParent) .setReplication(replication) .setBlockSize(blockSize); builder.addAllCryptoProtocolVersion(PBHelper.convert(supportedVersions)); CreateRequestProto req = builder.build(); try { CreateResponseProto res = rpcProxy.create(null, req); return res.hasFs() ? PBHelper.convert(res.getFs()) : null; } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
Example #24
Source File: TestLease.java From big-c with Apache License 2.0 | 5 votes |
@SuppressWarnings("unchecked") @Test public void testFactory() throws Exception { final String[] groups = new String[]{"supergroup"}; final UserGroupInformation[] ugi = new UserGroupInformation[3]; for(int i = 0; i < ugi.length; i++) { ugi[i] = UserGroupInformation.createUserForTesting("user" + i, groups); } Mockito.doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, null, (byte) 0)).when(mcp).getFileInfo(anyString()); Mockito .doReturn( new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission( (short) 777), "owner", "group", new byte[0], new byte[0], 1010, 0, null, (byte) 0)) .when(mcp) .create(anyString(), (FsPermission) anyObject(), anyString(), (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(), anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject()); final Configuration conf = new Configuration(); final DFSClient c1 = createDFSClientAs(ugi[0], conf); FSDataOutputStream out1 = createFsOut(c1, "/out1"); final DFSClient c2 = createDFSClientAs(ugi[0], conf); FSDataOutputStream out2 = createFsOut(c2, "/out2"); Assert.assertEquals(c1.getLeaseRenewer(), c2.getLeaseRenewer()); final DFSClient c3 = createDFSClientAs(ugi[1], conf); FSDataOutputStream out3 = createFsOut(c3, "/out3"); Assert.assertTrue(c1.getLeaseRenewer() != c3.getLeaseRenewer()); final DFSClient c4 = createDFSClientAs(ugi[1], conf); FSDataOutputStream out4 = createFsOut(c4, "/out4"); Assert.assertEquals(c3.getLeaseRenewer(), c4.getLeaseRenewer()); final DFSClient c5 = createDFSClientAs(ugi[2], conf); FSDataOutputStream out5 = createFsOut(c5, "/out5"); Assert.assertTrue(c1.getLeaseRenewer() != c5.getLeaseRenewer()); Assert.assertTrue(c3.getLeaseRenewer() != c5.getLeaseRenewer()); }
Example #25
Source File: TestRetryCacheWithHA.java From big-c with Apache License 2.0 | 5 votes |
@Override void invoke() throws Exception { EnumSet<CreateFlag> createFlag = EnumSet.of(CreateFlag.CREATE); this.status = client.getNamenode().create(fileName, FsPermission.getFileDefault(), client.getClientName(), new EnumSetWritable<CreateFlag>(createFlag), false, DataNodes, BlockSize, new CryptoProtocolVersion[] {CryptoProtocolVersion.ENCRYPTION_ZONES}); }
Example #26
Source File: FanOutOneBlockAsyncDFSOutputHelper.java From hbase with Apache License 2.0 | 5 votes |
default HdfsFileStatus create(ClientProtocol instance, String src, FsPermission masked, String clientName, EnumSetWritable<CreateFlag> flag, boolean createParent, short replication, long blockSize, CryptoProtocolVersion[] supportedVersions) throws Exception { try { return (HdfsFileStatus) createObject(instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions); } catch (InvocationTargetException e) { if (e.getCause() instanceof Exception) { throw (Exception) e.getCause(); } else { throw new RuntimeException(e.getCause()); } } }
Example #27
Source File: FanOutOneBlockAsyncDFSOutputHelper.java From hbase with Apache License 2.0 | 5 votes |
private static FileCreator createFileCreator3_3() throws NoSuchMethodException { Method createMethod = ClientProtocol.class.getMethod("create", String.class, FsPermission.class, String.class, EnumSetWritable.class, boolean.class, short.class, long.class, CryptoProtocolVersion[].class, String.class, String.class); return (instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions) -> { return (HdfsFileStatus) createMethod.invoke(instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions, null, null); }; }
Example #28
Source File: FanOutOneBlockAsyncDFSOutputHelper.java From hbase with Apache License 2.0 | 5 votes |
private static FileCreator createFileCreator3() throws NoSuchMethodException { Method createMethod = ClientProtocol.class.getMethod("create", String.class, FsPermission.class, String.class, EnumSetWritable.class, boolean.class, short.class, long.class, CryptoProtocolVersion[].class, String.class); return (instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions) -> { return (HdfsFileStatus) createMethod.invoke(instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions, null); }; }
Example #29
Source File: FanOutOneBlockAsyncDFSOutputHelper.java From hbase with Apache License 2.0 | 5 votes |
private static FileCreator createFileCreator2() throws NoSuchMethodException { Method createMethod = ClientProtocol.class.getMethod("create", String.class, FsPermission.class, String.class, EnumSetWritable.class, boolean.class, short.class, long.class, CryptoProtocolVersion[].class); return (instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions) -> { return (HdfsFileStatus) createMethod.invoke(instance, src, masked, clientName, flag, createParent, replication, blockSize, supportedVersions); }; }
Example #30
Source File: OzoneKMSUtil.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static CryptoProtocolVersion getCryptoProtocolVersion( FileEncryptionInfo feInfo) throws IOException { CryptoProtocolVersion version = feInfo.getCryptoProtocolVersion(); if (!CryptoProtocolVersion.supports(version)) { throw new IOException("Client does not support specified " + "CryptoProtocolVersion " + version.getDescription() + " version number" + version.getVersion()); } else { return version; } }