HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619545 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-08-21 18:59:48 +00:00
parent 331421c2a4
commit 05daefb1a8
5 changed files with 28 additions and 8 deletions

View File

@ -168,6 +168,8 @@ Release 2.6.0 - UNRELEASED
HADOOP-10793. KeyShell args should use single-dash style. (wang) HADOOP-10793. KeyShell args should use single-dash style. (wang)
HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
BUG FIXES BUG FIXES
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry

View File

@ -54,7 +54,7 @@ public abstract class KeyProvider {
public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding"; public static final String DEFAULT_CIPHER = "AES/CTR/NoPadding";
public static final String DEFAULT_BITLENGTH_NAME = public static final String DEFAULT_BITLENGTH_NAME =
"hadoop.security.key.default.bitlength"; "hadoop.security.key.default.bitlength";
public static final int DEFAULT_BITLENGTH = 256; public static final int DEFAULT_BITLENGTH = 128;
/** /**
* The combination of both the key version name and the key material. * The combination of both the key version name and the key material.
@ -341,6 +341,16 @@ public abstract class KeyProvider {
public Map<String, String> getAttributes() { public Map<String, String> getAttributes() {
return (attributes == null) ? Collections.EMPTY_MAP : attributes; return (attributes == null) ? Collections.EMPTY_MAP : attributes;
} }
@Override
public String toString() {
return "Options{" +
"cipher='" + cipher + '\'' +
", bitLength=" + bitLength +
", description='" + description + '\'' +
", attributes=" + attributes +
'}';
}
} }
/** /**

View File

@ -445,7 +445,7 @@ public class KeyShell extends Configured implements Tool {
"by the <keyname> argument within the provider specified by the\n" + "by the <keyname> argument within the provider specified by the\n" +
"-provider argument. You may specify a cipher with the -cipher\n" + "-provider argument. You may specify a cipher with the -cipher\n" +
"argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" + "argument. The default cipher is currently \"AES/CTR/NoPadding\".\n" +
"The default keysize is 256. You may specify the requested key\n" + "The default keysize is 128. You may specify the requested key\n" +
"length using the -size argument. Arbitrary attribute=value\n" + "length using the -size argument. Arbitrary attribute=value\n" +
"style attributes may be specified using the -attr argument.\n" + "style attributes may be specified using the -attr argument.\n" +
"-attr may be specified multiple times, once per attribute.\n"; "-attr may be specified multiple times, once per attribute.\n";
@ -479,7 +479,8 @@ public class KeyShell extends Configured implements Tool {
warnIfTransientProvider(); warnIfTransientProvider();
try { try {
provider.createKey(keyName, options); provider.createKey(keyName, options);
out.println(keyName + " has been successfully created."); out.println(keyName + " has been successfully created with options "
+ options.toString() + ".");
provider.flush(); provider.flush();
printProviderWritten(); printProviderWritten();
} catch (InvalidParameterException e) { } catch (InvalidParameterException e) {

View File

@ -110,7 +110,7 @@ public class TestKeyShell {
rc = ks.run(args1); rc = ks.run(args1);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains(keyName + " has been " + assertTrue(outContent.toString().contains(keyName + " has been " +
"successfully created.")); "successfully created"));
String listOut = listKeys(ks, false); String listOut = listKeys(ks, false);
assertTrue(listOut.contains(keyName)); assertTrue(listOut.contains(keyName));
@ -145,7 +145,7 @@ public class TestKeyShell {
rc = ks.run(args1); rc = ks.run(args1);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains("key1 has been successfully " + assertTrue(outContent.toString().contains("key1 has been successfully " +
"created.")); "created"));
String listOut = listKeys(ks, true); String listOut = listKeys(ks, true);
assertTrue(listOut.contains("description")); assertTrue(listOut.contains("description"));
@ -233,7 +233,7 @@ public class TestKeyShell {
rc = ks.run(args1); rc = ks.run(args1);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains(keyName + " has been " + assertTrue(outContent.toString().contains(keyName + " has been " +
"successfully " + "created.")); "successfully created"));
deleteKey(ks, keyName); deleteKey(ks, keyName);
} }
@ -250,7 +250,7 @@ public class TestKeyShell {
rc = ks.run(args1); rc = ks.run(args1);
assertEquals(0, rc); assertEquals(0, rc);
assertTrue(outContent.toString().contains("keyattr1 has been " + assertTrue(outContent.toString().contains("keyattr1 has been " +
"successfully " + "created.")); "successfully created"));
/* ...and list to see that we have the attr */ /* ...and list to see that we have the attr */
String listOut = listKeys(ks, true); String listOut = listKeys(ks, true);

View File

@ -181,12 +181,19 @@ public class KMSWebApp implements ServletContextListener {
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis,
currKeyTimeOutMillis); currKeyTimeOutMillis);
} }
LOG.info("Initialized KeyProvider " + keyProvider);
keyProviderCryptoExtension = KeyProviderCryptoExtension. keyProviderCryptoExtension = KeyProviderCryptoExtension.
createKeyProviderCryptoExtension(keyProvider); createKeyProviderCryptoExtension(keyProvider);
keyProviderCryptoExtension = keyProviderCryptoExtension =
new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf, new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf,
keyProviderCryptoExtension); keyProviderCryptoExtension);
LOG.info("Initialized KeyProviderCryptoExtension "
+ keyProviderCryptoExtension);
final int defaultBitlength = kmsConf
.getInt(KeyProvider.DEFAULT_BITLENGTH_NAME,
KeyProvider.DEFAULT_BITLENGTH);
LOG.info("Default key bitlength is {}", defaultBitlength);
LOG.info("KMS Started"); LOG.info("KMS Started");
} catch (Throwable ex) { } catch (Throwable ex) {
System.out.println(); System.out.println();