HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619545 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
331421c2a4
commit
05daefb1a8
|
@ -168,6 +168,8 @@ Release 2.6.0 - UNRELEASED
|
||||||
|
|
||||||
HADOOP-10793. KeyShell args should use single-dash style. (wang)
|
HADOOP-10793. KeyShell args should use single-dash style. (wang)
|
||||||
|
|
||||||
|
HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
|
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
|
||||||
|
|
|
@ -54,7 +54,7 @@ public abstract class KeyProvider {
|
||||||
public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding";
|
public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding";
|
||||||
public static final String DEFAULT_BITLENGTH_NAME =
|
public static final String DEFAULT_BITLENGTH_NAME =
|
||||||
"hadoop.security.key.default.bitlength";
|
"hadoop.security.key.default.bitlength";
|
||||||
public static final int DEFAULT_BITLENGTH = 256;
|
public static final int DEFAULT_BITLENGTH = 128;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The combination of both the key version name and the key material.
|
* The combination of both the key version name and the key material.
|
||||||
|
@ -341,6 +341,16 @@ public abstract class KeyProvider {
|
||||||
public Map<String, String> getAttributes() {
|
public Map<String, String> getAttributes() {
|
||||||
return (attributes == null) ? Collections.EMPTY_MAP : attributes;
|
return (attributes == null) ? Collections.EMPTY_MAP : attributes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "Options{" +
|
||||||
|
"cipher='" + cipher + '\'' +
|
||||||
|
", bitLength=" + bitLength +
|
||||||
|
", description='" + description + '\'' +
|
||||||
|
", attributes=" + attributes +
|
||||||
|
'}';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -445,7 +445,7 @@ public class KeyShell extends Configured implements Tool {
|
||||||
"by the <keyname> argument within the provider specified by the\n" +
|
"by the <keyname> argument within the provider specified by the\n" +
|
||||||
"-provider argument. You may specify a cipher with the -cipher\n" +
|
"-provider argument. You may specify a cipher with the -cipher\n" +
|
||||||
"argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" +
|
"argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" +
|
||||||
"The default keysize is 256. You may specify the requested key\n" +
|
"The default keysize is 128. You may specify the requested key\n" +
|
||||||
"length using the -size argument. Arbitrary attribute=value\n" +
|
"length using the -size argument. Arbitrary attribute=value\n" +
|
||||||
"style attributes may be specified using the -attr argument.\n" +
|
"style attributes may be specified using the -attr argument.\n" +
|
||||||
"-attr may be specified multiple times, once per attribute.\n";
|
"-attr may be specified multiple times, once per attribute.\n";
|
||||||
|
@ -479,7 +479,8 @@ public class KeyShell extends Configured implements Tool {
|
||||||
warnIfTransientProvider();
|
warnIfTransientProvider();
|
||||||
try {
|
try {
|
||||||
provider.createKey(keyName, options);
|
provider.createKey(keyName, options);
|
||||||
out.println(keyName + " has been successfully created.");
|
out.println(keyName + " has been successfully created with options "
|
||||||
|
+ options.toString() + ".");
|
||||||
provider.flush();
|
provider.flush();
|
||||||
printProviderWritten();
|
printProviderWritten();
|
||||||
} catch (InvalidParameterException e) {
|
} catch (InvalidParameterException e) {
|
||||||
|
|
|
@ -110,7 +110,7 @@ public class TestKeyShell {
|
||||||
rc = ks.run(args1);
|
rc = ks.run(args1);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains(keyName + " has been " +
|
assertTrue(outContent.toString().contains(keyName + " has been " +
|
||||||
"successfully created."));
|
"successfully created"));
|
||||||
|
|
||||||
String listOut = listKeys(ks, false);
|
String listOut = listKeys(ks, false);
|
||||||
assertTrue(listOut.contains(keyName));
|
assertTrue(listOut.contains(keyName));
|
||||||
|
@ -145,7 +145,7 @@ public class TestKeyShell {
|
||||||
rc = ks.run(args1);
|
rc = ks.run(args1);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains("key1 has been successfully " +
|
assertTrue(outContent.toString().contains("key1 has been successfully " +
|
||||||
"created."));
|
"created"));
|
||||||
|
|
||||||
String listOut = listKeys(ks, true);
|
String listOut = listKeys(ks, true);
|
||||||
assertTrue(listOut.contains("description"));
|
assertTrue(listOut.contains("description"));
|
||||||
|
@ -233,7 +233,7 @@ public class TestKeyShell {
|
||||||
rc = ks.run(args1);
|
rc = ks.run(args1);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains(keyName + " has been " +
|
assertTrue(outContent.toString().contains(keyName + " has been " +
|
||||||
"successfully " + "created."));
|
"successfully created"));
|
||||||
|
|
||||||
deleteKey(ks, keyName);
|
deleteKey(ks, keyName);
|
||||||
}
|
}
|
||||||
|
@ -250,7 +250,7 @@ public class TestKeyShell {
|
||||||
rc = ks.run(args1);
|
rc = ks.run(args1);
|
||||||
assertEquals(0, rc);
|
assertEquals(0, rc);
|
||||||
assertTrue(outContent.toString().contains("keyattr1 has been " +
|
assertTrue(outContent.toString().contains("keyattr1 has been " +
|
||||||
"successfully " + "created."));
|
"successfully created"));
|
||||||
|
|
||||||
/* ...and list to see that we have the attr */
|
/* ...and list to see that we have the attr */
|
||||||
String listOut = listKeys(ks, true);
|
String listOut = listKeys(ks, true);
|
||||||
|
|
|
@ -181,12 +181,19 @@ public class KMSWebApp implements ServletContextListener {
|
||||||
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis,
|
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis,
|
||||||
currKeyTimeOutMillis);
|
currKeyTimeOutMillis);
|
||||||
}
|
}
|
||||||
|
LOG.info("Initialized KeyProvider " + keyProvider);
|
||||||
|
|
||||||
keyProviderCryptoExtension = KeyProviderCryptoExtension.
|
keyProviderCryptoExtension = KeyProviderCryptoExtension.
|
||||||
createKeyProviderCryptoExtension(keyProvider);
|
createKeyProviderCryptoExtension(keyProvider);
|
||||||
keyProviderCryptoExtension =
|
keyProviderCryptoExtension =
|
||||||
new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf,
|
new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf,
|
||||||
keyProviderCryptoExtension);
|
keyProviderCryptoExtension);
|
||||||
|
LOG.info("Initialized KeyProviderCryptoExtension "
|
||||||
|
+ keyProviderCryptoExtension);
|
||||||
|
final int defaultBitlength = kmsConf
|
||||||
|
.getInt(KeyProvider.DEFAULT_BITLENGTH_NAME,
|
||||||
|
KeyProvider.DEFAULT_BITLENGTH);
|
||||||
|
LOG.info("Default key bitlength is {}", defaultBitlength);
|
||||||
LOG.info("KMS Started");
|
LOG.info("KMS Started");
|
||||||
} catch (Throwable ex) {
|
} catch (Throwable ex) {
|
||||||
System.out.println();
|
System.out.println();
|
||||||
|
|
Loading…
Reference in New Issue