HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.
This commit is contained in:
parent
f894d86b2f
commit
2b115222cd
|
@ -21,7 +21,6 @@ package org.apache.hadoop.hdds.security.x509;
|
|||
|
||||
import com.google.common.base.Preconditions;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.ozone.OzoneConfigKeys;
|
||||
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.slf4j.Logger;
|
||||
|
@ -95,7 +94,6 @@ public class SecurityConfig {
|
|||
private final Duration certDuration;
|
||||
private final String x509SignatureAlgo;
|
||||
private final Boolean grpcBlockTokenEnabled;
|
||||
private final int getMaxKeyLength;
|
||||
private final String certificateDir;
|
||||
private final String certificateFileName;
|
||||
private final Boolean grpcTlsEnabled;
|
||||
|
@ -112,9 +110,6 @@ public class SecurityConfig {
|
|||
public SecurityConfig(Configuration configuration) {
|
||||
Preconditions.checkNotNull(configuration, "Configuration cannot be null");
|
||||
this.configuration = configuration;
|
||||
this.getMaxKeyLength = configuration.getInt(
|
||||
OzoneConfigKeys.OZONE_MAX_KEY_LEN,
|
||||
OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
|
||||
this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
|
||||
this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
|
||||
HDDS_DEFAULT_KEY_ALGORITHM);
|
||||
|
@ -421,8 +416,4 @@ public class SecurityConfig {
|
|||
throw new SecurityException("Unknown security provider:" + provider);
|
||||
}
|
||||
}
|
||||
|
||||
public int getMaxKeyLength() {
|
||||
return this.getMaxKeyLength;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
|
|||
public static final String OZONE_CONTAINER_COPY_WORKDIR =
|
||||
"hdds.datanode.replication.work.dir";
|
||||
|
||||
public static final String OZONE_MAX_KEY_LEN =
|
||||
"ozone.max.key.len";
|
||||
public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
|
||||
|
||||
/**
|
||||
* Config properties to set client side checksum properties.
|
||||
*/
|
||||
|
|
|
@ -992,15 +992,6 @@
|
|||
the logs. Very useful when debugging REST protocol.
|
||||
</description>
|
||||
</property>
|
||||
<property>
|
||||
<name>ozone.max.key.len</name>
|
||||
<value>1048576</value>
|
||||
<tag>OZONE, SECURITY</tag>
|
||||
<description>
|
||||
Maximum length of private key in Ozone. Used in Ozone delegation and
|
||||
block tokens.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<!--Client Settings-->
|
||||
<property>
|
||||
|
|
|
@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
|
|||
private long expiryDate;
|
||||
private PrivateKey privateKey;
|
||||
private PublicKey publicKey;
|
||||
private int maxKeyLen;
|
||||
private SecurityConfig securityConfig;
|
||||
|
||||
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
|
||||
int maxKeyLen) {
|
||||
public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
|
||||
Preconditions.checkNotNull(keyId);
|
||||
this.keyId = keyId;
|
||||
this.expiryDate = expiryDate;
|
||||
byte[] encodedKey = keyPair.getPrivate().getEncoded();
|
||||
this.maxKeyLen = maxKeyLen;
|
||||
if (encodedKey.length > maxKeyLen) {
|
||||
throw new RuntimeException("can't create " + encodedKey.length +
|
||||
" byte long DelegationKey.");
|
||||
}
|
||||
this.privateKey = keyPair.getPrivate();
|
||||
this.publicKey = keyPair.getPublic();
|
||||
}
|
||||
|
@ -70,18 +62,13 @@ public class OzoneSecretKey implements Writable {
|
|||
* Create new instance using default signature algorithm and provider.
|
||||
* */
|
||||
public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
|
||||
byte[] publicKey, int maxKeyLen) {
|
||||
byte[] publicKey) {
|
||||
Preconditions.checkNotNull(pvtKey);
|
||||
Preconditions.checkNotNull(publicKey);
|
||||
|
||||
this.securityConfig = new SecurityConfig(new OzoneConfiguration());
|
||||
this.keyId = keyId;
|
||||
this.expiryDate = expiryDate;
|
||||
this.maxKeyLen = maxKeyLen;
|
||||
if (pvtKey.length > maxKeyLen) {
|
||||
throw new RuntimeException("can't create " + pvtKey.length +
|
||||
" byte long DelegationKey. Max allowed length is " + maxKeyLen);
|
||||
}
|
||||
this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
|
||||
this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
|
||||
}
|
||||
|
@ -102,10 +89,6 @@ public class OzoneSecretKey implements Writable {
|
|||
return publicKey;
|
||||
}
|
||||
|
||||
public int getMaxKeyLen() {
|
||||
return maxKeyLen;
|
||||
}
|
||||
|
||||
public byte[] getEncodedPrivateKey() {
|
||||
return privateKey.getEncoded();
|
||||
}
|
||||
|
@ -125,7 +108,6 @@ public class OzoneSecretKey implements Writable {
|
|||
.setExpiryDate(getExpiryDate())
|
||||
.setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
|
||||
.setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
|
||||
.setMaxKeyLen(getMaxKeyLen())
|
||||
.build();
|
||||
out.write(token.toByteArray());
|
||||
}
|
||||
|
@ -139,7 +121,6 @@ public class OzoneSecretKey implements Writable {
|
|||
.toByteArray(), securityConfig);
|
||||
publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
|
||||
.toByteArray(), securityConfig);
|
||||
maxKeyLen = secretKey.getMaxKeyLen();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -179,7 +160,7 @@ public class OzoneSecretKey implements Writable {
|
|||
SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
|
||||
return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
|
||||
key.getPrivateKeyBytes().toByteArray(),
|
||||
key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
|
||||
key.getPublicKeyBytes().toByteArray());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
|
|||
private final Text service;
|
||||
private volatile boolean running;
|
||||
private OzoneSecretKey currentKey;
|
||||
private int maxKeyLength;
|
||||
private AtomicInteger currentKeyId;
|
||||
private AtomicInteger tokenSequenceNumber;
|
||||
protected final Map<Integer, OzoneSecretKey> allKeys;
|
||||
|
@ -83,7 +82,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
|
|||
tokenSequenceNumber = new AtomicInteger();
|
||||
allKeys = new ConcurrentHashMap<>();
|
||||
this.service = service;
|
||||
this.maxKeyLength = securityConfig.getMaxKeyLength();
|
||||
this.logger = logger;
|
||||
}
|
||||
|
||||
|
@ -189,7 +187,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
|
|||
// expire time.
|
||||
int newCurrentId = incrementCurrentKeyId();
|
||||
OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
|
||||
keyPair, maxKeyLength);
|
||||
keyPair);
|
||||
currentKey = newKey;
|
||||
return currentKey;
|
||||
}
|
||||
|
|
|
@ -497,7 +497,6 @@ message SecretKeyProto {
|
|||
required uint64 expiryDate = 2;
|
||||
required bytes privateKeyBytes = 3;
|
||||
required bytes publicKeyBytes = 4;
|
||||
required uint32 maxKeyLen = 5;
|
||||
}
|
||||
|
||||
message ListKeysRequest {
|
||||
|
|
Loading…
Reference in New Issue