HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.

This commit is contained in:
Xiaoyu Yao 2018-12-19 14:40:26 -08:00
parent f894d86b2f
commit 2b115222cd
6 changed files with 4 additions and 48 deletions

View File

@ -21,7 +21,6 @@ package org.apache.hadoop.hdds.security.x509;
import com.google.common.base.Preconditions;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
@ -95,7 +94,6 @@ public class SecurityConfig {
private final Duration certDuration;
private final String x509SignatureAlgo;
private final Boolean grpcBlockTokenEnabled;
private final int getMaxKeyLength;
private final String certificateDir;
private final String certificateFileName;
private final Boolean grpcTlsEnabled;
@ -112,9 +110,6 @@ public class SecurityConfig {
public SecurityConfig(Configuration configuration) {
Preconditions.checkNotNull(configuration, "Configuration cannot be null");
this.configuration = configuration;
this.getMaxKeyLength = configuration.getInt(
OzoneConfigKeys.OZONE_MAX_KEY_LEN,
OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
HDDS_DEFAULT_KEY_ALGORITHM);
@ -421,8 +416,4 @@ public class SecurityConfig {
throw new SecurityException("Unknown security provider:" + provider);
}
}
public int getMaxKeyLength() {
return this.getMaxKeyLength;
}
}

View File

@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
public static final String OZONE_CONTAINER_COPY_WORKDIR =
"hdds.datanode.replication.work.dir";
public static final String OZONE_MAX_KEY_LEN =
"ozone.max.key.len";
public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
/**
* Config properties to set client side checksum properties.
*/

View File

@ -992,15 +992,6 @@
the logs. Very useful when debugging REST protocol.
</description>
</property>
<property>
<name>ozone.max.key.len</name>
<value>1048576</value>
<tag>OZONE, SECURITY</tag>
<description>
Maximum length of private key in Ozone. Used in Ozone delegation and
block tokens.
</description>
</property>
<!--Client Settings-->
<property>

View File

@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
private long expiryDate;
private PrivateKey privateKey;
private PublicKey publicKey;
private int maxKeyLen;
private SecurityConfig securityConfig;
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
int maxKeyLen) {
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
Preconditions.checkNotNull(keyId);
this.keyId = keyId;
this.expiryDate = expiryDate;
byte[] encodedKey = keyPair.getPrivate().getEncoded();
this.maxKeyLen = maxKeyLen;
if (encodedKey.length > maxKeyLen) {
throw new RuntimeException("can't create " + encodedKey.length +
" byte long DelegationKey.");
}
this.privateKey = keyPair.getPrivate();
this.publicKey = keyPair.getPublic();
}
@ -70,18 +62,13 @@ public class OzoneSecretKey implements Writable {
* Create new instance using default signature algorithm and provider.
* */
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
byte[] publicKey, int maxKeyLen) {
byte[] publicKey) {
Preconditions.checkNotNull(pvtKey);
Preconditions.checkNotNull(publicKey);
this.securityConfig = new SecurityConfig(new OzoneConfiguration());
this.keyId = keyId;
this.expiryDate = expiryDate;
this.maxKeyLen = maxKeyLen;
if (pvtKey.length > maxKeyLen) {
throw new RuntimeException("can't create " + pvtKey.length +
" byte long DelegationKey. Max allowed length is " + maxKeyLen);
}
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
}
@ -102,10 +89,6 @@ public class OzoneSecretKey implements Writable {
return publicKey;
}
public int getMaxKeyLen() {
return maxKeyLen;
}
public byte[] getEncodedPrivateKey() {
return privateKey.getEncoded();
}
@ -125,7 +108,6 @@ public class OzoneSecretKey implements Writable {
.setExpiryDate(getExpiryDate())
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
.setMaxKeyLen(getMaxKeyLen())
.build();
out.write(token.toByteArray());
}
@ -139,7 +121,6 @@ public class OzoneSecretKey implements Writable {
.toByteArray(), securityConfig);
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
.toByteArray(), securityConfig);
maxKeyLen = secretKey.getMaxKeyLen();
}
@Override
@ -179,7 +160,7 @@ public class OzoneSecretKey implements Writable {
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
key.getPrivateKeyBytes().toByteArray(),
key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
key.getPublicKeyBytes().toByteArray());
}
/**

View File

@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
private final Text service;
private volatile boolean running;
private OzoneSecretKey currentKey;
private int maxKeyLength;
private AtomicInteger currentKeyId;
private AtomicInteger tokenSequenceNumber;
protected final Map<Integer, OzoneSecretKey> allKeys;
@ -83,7 +82,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
tokenSequenceNumber = new AtomicInteger();
allKeys = new ConcurrentHashMap<>();
this.service = service;
this.maxKeyLength = securityConfig.getMaxKeyLength();
this.logger = logger;
}
@ -189,7 +187,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
// expire time.
int newCurrentId = incrementCurrentKeyId();
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
keyPair, maxKeyLength);
keyPair);
currentKey = newKey;
return currentKey;
}

View File

@ -497,7 +497,6 @@ message SecretKeyProto {
required uint64 expiryDate = 2;
required bytes privateKeyBytes = 3;
required bytes publicKeyBytes = 4;
required uint32 maxKeyLen = 5;
}
message ListKeysRequest {