HADOOP-13669. KMS Server should log exceptions before throwing. Contributed by Suraj Acharya.
This commit is contained in:
parent
03060075c5
commit
65912e4027
|
@ -104,6 +104,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@SuppressWarnings("unchecked")
|
||||
public Response createKey(Map jsonKey) throws Exception {
|
||||
try{
|
||||
LOG.trace("Entering createKey Method.");
|
||||
KMSWebApp.getAdminCallsMeter().mark();
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
|
@ -111,7 +112,8 @@ public class KMS {
|
|||
KMSClientProvider.checkNotEmpty(name, KMSRESTConstants.NAME_FIELD);
|
||||
assertAccess(KMSACLs.Type.CREATE, user, KMSOp.CREATE_KEY, name);
|
||||
String cipher = (String) jsonKey.get(KMSRESTConstants.CIPHER_FIELD);
|
||||
final String material = (String) jsonKey.get(KMSRESTConstants.MATERIAL_FIELD);
|
||||
final String material;
|
||||
material = (String) jsonKey.get(KMSRESTConstants.MATERIAL_FIELD);
|
||||
int length = (jsonKey.containsKey(KMSRESTConstants.LENGTH_FIELD))
|
||||
? (Integer) jsonKey.get(KMSRESTConstants.LENGTH_FIELD) : 0;
|
||||
String description = (String)
|
||||
|
@ -141,7 +143,8 @@ public class KMS {
|
|||
@Override
|
||||
public KeyVersion run() throws Exception {
|
||||
KeyProvider.KeyVersion keyVersion = (material != null)
|
||||
? provider.createKey(name, Base64.decodeBase64(material), options)
|
||||
? provider.createKey(name, Base64.decodeBase64(material),
|
||||
options)
|
||||
: provider.createKey(name, options);
|
||||
provider.flush();
|
||||
return keyVersion;
|
||||
|
@ -163,12 +166,17 @@ public class KMS {
|
|||
return Response.created(getKeyURI(KMSRESTConstants.SERVICE_VERSION, name))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.header("Location", getKeyURI(requestURL, name)).entity(json).build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in createKey.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
|
||||
public Response deleteKey(@PathParam("name") final String name)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering deleteKey method.");
|
||||
KMSWebApp.getAdminCallsMeter().mark();
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
|
@ -187,6 +195,10 @@ public class KMS {
|
|||
kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");
|
||||
LOG.trace("Exiting deleteKey method.");
|
||||
return Response.ok().build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in deleteKey.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@POST
|
||||
|
@ -195,6 +207,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response rolloverKey(@PathParam("name") final String name,
|
||||
Map jsonMaterial) throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering rolloverKey Method.");
|
||||
KMSWebApp.getAdminCallsMeter().mark();
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
|
@ -213,7 +226,8 @@ public class KMS {
|
|||
@Override
|
||||
public KeyVersion run() throws Exception {
|
||||
KeyVersion keyVersion = (material != null)
|
||||
? provider.rollNewVersion(name, Base64.decodeBase64(material))
|
||||
? provider.rollNewVersion(name,
|
||||
Base64.decodeBase64(material))
|
||||
: provider.rollNewVersion(name);
|
||||
provider.flush();
|
||||
return keyVersion;
|
||||
|
@ -222,14 +236,20 @@ public class KMS {
|
|||
);
|
||||
|
||||
kmsAudit.ok(user, KMSOp.ROLL_NEW_VERSION, name, "UserProvidedMaterial:" +
|
||||
(material != null) + " NewVersion:" + keyVersion.getVersionName());
|
||||
(material != null) +
|
||||
" NewVersion:" + keyVersion.getVersionName());
|
||||
|
||||
if (!KMSWebApp.getACLs().hasAccess(KMSACLs.Type.GET, user)) {
|
||||
keyVersion = removeKeyMaterial(keyVersion);
|
||||
}
|
||||
Map json = KMSServerJSONUtils.toJSON(keyVersion);
|
||||
LOG.trace("Exiting rolloverKey Method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in rolloverKey.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -237,6 +257,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
|
||||
List<String> keyNamesList) throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getKeysMetadata method.");
|
||||
KMSWebApp.getAdminCallsMeter().mark();
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
|
@ -256,13 +277,19 @@ public class KMS {
|
|||
Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
|
||||
kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
|
||||
LOG.trace("Exiting getKeysMetadata method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getKeysmetadata.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getKeyNames() throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getKeyNames method.");
|
||||
KMSWebApp.getAdminCallsMeter().mark();
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
|
@ -279,17 +306,27 @@ public class KMS {
|
|||
|
||||
kmsAudit.ok(user, KMSOp.GET_KEYS, "");
|
||||
LOG.trace("Exiting getKeyNames method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getkeyNames.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
|
||||
public Response getKey(@PathParam("name") String name)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getKey method.");
|
||||
LOG.debug("Getting key information for key with name {}.", name);
|
||||
LOG.trace("Exiting getKey method.");
|
||||
return getMetadata(name);
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getKey.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -298,6 +335,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getMetadata(@PathParam("name") final String name)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getMetadata method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(name, "name");
|
||||
|
@ -317,7 +355,12 @@ public class KMS {
|
|||
Object json = KMSServerJSONUtils.toJSON(name, metadata);
|
||||
kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
|
||||
LOG.trace("Exiting getMetadata method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getMetadata.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -326,6 +369,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getCurrentVersion(@PathParam("name") final String name)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getCurrentVersion method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(name, "name");
|
||||
|
@ -345,7 +389,12 @@ public class KMS {
|
|||
Object json = KMSServerJSONUtils.toJSON(keyVersion);
|
||||
kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
|
||||
LOG.trace("Exiting getCurrentVersion method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getCurrentVersion.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -353,6 +402,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getKeyVersion(
|
||||
@PathParam("versionName") final String versionName) throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getKeyVersion method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(versionName, "versionName");
|
||||
|
@ -374,7 +424,12 @@ public class KMS {
|
|||
}
|
||||
Object json = KMSServerJSONUtils.toJSON(keyVersion);
|
||||
LOG.trace("Exiting getKeyVersion method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getKeyVersion.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings({ "rawtypes", "unchecked" })
|
||||
|
@ -388,6 +443,7 @@ public class KMS {
|
|||
@DefaultValue("1")
|
||||
@QueryParam(KMSRESTConstants.EEK_NUM_KEYS) final int numKeys)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering generateEncryptedKeys method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(name, "name");
|
||||
|
@ -408,8 +464,8 @@ public class KMS {
|
|||
new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
public Void run() throws Exception {
|
||||
LOG.debug("Generated Encrypted key for {} number of keys.",
|
||||
numKeys);
|
||||
LOG.debug("Generated Encrypted key for {} number of " +
|
||||
"keys.", numKeys);
|
||||
for (int i = 0; i < numKeys; i++) {
|
||||
retEdeks.add(provider.generateEncryptedKey(name));
|
||||
}
|
||||
|
@ -442,6 +498,10 @@ public class KMS {
|
|||
LOG.trace("Exiting generateEncryptedKeys method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in generateEncryptedKeys.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("rawtypes")
|
||||
|
@ -454,6 +514,7 @@ public class KMS {
|
|||
@QueryParam(KMSRESTConstants.EEK_OP) String eekOp,
|
||||
Map jsonPayload)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering decryptEncryptedKey method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(versionName, "versionName");
|
||||
|
@ -468,7 +529,8 @@ public class KMS {
|
|||
(String) jsonPayload.get(KMSRESTConstants.MATERIAL_FIELD);
|
||||
Object retJSON;
|
||||
if (eekOp.equals(KMSRESTConstants.EEK_DECRYPT)) {
|
||||
assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK, keyName);
|
||||
assertAccess(KMSACLs.Type.DECRYPT_EEK, user, KMSOp.DECRYPT_EEK,
|
||||
keyName);
|
||||
KMSClientProvider.checkNotNull(ivStr, KMSRESTConstants.IV_FIELD);
|
||||
final byte[] iv = Base64.decodeBase64(ivStr);
|
||||
KMSClientProvider.checkNotNull(encMaterialStr,
|
||||
|
@ -480,8 +542,9 @@ public class KMS {
|
|||
@Override
|
||||
public KeyVersion run() throws Exception {
|
||||
return provider.decryptEncryptedKey(
|
||||
new KMSClientProvider.KMSEncryptedKeyVersion(keyName,
|
||||
versionName, iv, KeyProviderCryptoExtension.EEK,
|
||||
new KMSClientProvider.KMSEncryptedKeyVersion(
|
||||
keyName, versionName, iv,
|
||||
KeyProviderCryptoExtension.EEK,
|
||||
encMaterial)
|
||||
);
|
||||
}
|
||||
|
@ -505,6 +568,10 @@ public class KMS {
|
|||
LOG.trace("Exiting decryptEncryptedKey method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(retJSON)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in decryptEncryptedKey.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -513,6 +580,7 @@ public class KMS {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getKeyVersions(@PathParam("name") final String name)
|
||||
throws Exception {
|
||||
try {
|
||||
LOG.trace("Entering getKeyVersions method.");
|
||||
UserGroupInformation user = HttpUserGroupInformation.get();
|
||||
KMSClientProvider.checkNotEmpty(name, "name");
|
||||
|
@ -532,7 +600,12 @@ public class KMS {
|
|||
Object json = KMSServerJSONUtils.toJSON(ret);
|
||||
kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
|
||||
LOG.trace("Exiting getKeyVersions method.");
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
|
||||
return Response.ok().type(MediaType.APPLICATION_JSON).entity(json)
|
||||
.build();
|
||||
} catch (Exception e) {
|
||||
LOG.debug("Exception in getKeyVersions.", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue