HDFS-7179. DFSClient should instantiate a KeyProvider, not a KeyProviderCryptoExtension. (wang)
(cherry picked from commit d2d5a0ea03
)
This commit is contained in:
parent
fb0107ef0d
commit
6ddd9eff78
|
@ -548,6 +548,9 @@ Release 2.6.0 - UNRELEASED
|
||||||
HDFS-7162. Wrong path when deleting through fuse-dfs a file which already
|
HDFS-7162. Wrong path when deleting through fuse-dfs a file which already
|
||||||
exists in trash (Chengbing Liu via cmccabe)
|
exists in trash (Chengbing Liu via cmccabe)
|
||||||
|
|
||||||
|
HDFS-7179. DFSClient should instantiate a KeyProvider, not a
|
||||||
|
KeyProviderCryptoExtension. (wang)
|
||||||
|
|
||||||
BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
|
BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
|
||||||
|
|
||||||
HDFS-6387. HDFS CLI admin tool for creating & deleting an
|
HDFS-6387. HDFS CLI admin tool for creating & deleting an
|
||||||
|
|
|
@ -104,6 +104,7 @@ import org.apache.hadoop.crypto.CryptoCodec;
|
||||||
import org.apache.hadoop.crypto.CryptoInputStream;
|
import org.apache.hadoop.crypto.CryptoInputStream;
|
||||||
import org.apache.hadoop.crypto.CryptoOutputStream;
|
import org.apache.hadoop.crypto.CryptoOutputStream;
|
||||||
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
||||||
|
import org.apache.hadoop.crypto.key.KeyProvider;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||||
import org.apache.hadoop.fs.BlockLocation;
|
import org.apache.hadoop.fs.BlockLocation;
|
||||||
import org.apache.hadoop.fs.BlockStorageLocation;
|
import org.apache.hadoop.fs.BlockStorageLocation;
|
||||||
|
@ -264,7 +265,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
new DFSHedgedReadMetrics();
|
new DFSHedgedReadMetrics();
|
||||||
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
|
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
KeyProviderCryptoExtension provider;
|
KeyProvider provider;
|
||||||
/**
|
/**
|
||||||
* DFSClient configuration
|
* DFSClient configuration
|
||||||
*/
|
*/
|
||||||
|
@ -596,7 +597,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
this.authority = nameNodeUri == null? "null": nameNodeUri.getAuthority();
|
this.authority = nameNodeUri == null? "null": nameNodeUri.getAuthority();
|
||||||
this.clientName = "DFSClient_" + dfsClientConf.taskId + "_" +
|
this.clientName = "DFSClient_" + dfsClientConf.taskId + "_" +
|
||||||
DFSUtil.getRandom().nextInt() + "_" + Thread.currentThread().getId();
|
DFSUtil.getRandom().nextInt() + "_" + Thread.currentThread().getId();
|
||||||
provider = DFSUtil.createKeyProviderCryptoExtension(conf);
|
provider = DFSUtil.createKeyProvider(conf);
|
||||||
if (LOG.isDebugEnabled()) {
|
if (LOG.isDebugEnabled()) {
|
||||||
if (provider == null) {
|
if (provider == null) {
|
||||||
LOG.debug("No KeyProvider found.");
|
LOG.debug("No KeyProvider found.");
|
||||||
|
@ -1315,7 +1316,9 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
|
feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
|
||||||
feInfo.getEncryptedDataEncryptionKey());
|
feInfo.getEncryptedDataEncryptionKey());
|
||||||
try {
|
try {
|
||||||
return provider.decryptEncryptedKey(ekv);
|
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
|
||||||
|
.createKeyProviderCryptoExtension(provider);
|
||||||
|
return cryptoProvider.decryptEncryptedKey(ekv);
|
||||||
} catch (GeneralSecurityException e) {
|
} catch (GeneralSecurityException e) {
|
||||||
throw new IOException(e);
|
throw new IOException(e);
|
||||||
}
|
}
|
||||||
|
@ -3138,7 +3141,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
|
||||||
return HEDGED_READ_METRIC;
|
return HEDGED_READ_METRIC;
|
||||||
}
|
}
|
||||||
|
|
||||||
public KeyProviderCryptoExtension getKeyProvider() {
|
public KeyProvider getKeyProvider() {
|
||||||
return provider;
|
return provider;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1825,15 +1825,14 @@ public class DFSUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new KeyProviderCryptoExtension by wrapping the
|
* Creates a new KeyProvider from the given Configuration.
|
||||||
* KeyProvider specified in the given Configuration.
|
|
||||||
*
|
*
|
||||||
* @param conf Configuration
|
* @param conf Configuration
|
||||||
* @return new KeyProviderCryptoExtension, or null if no provider was found.
|
* @return new KeyProvider, or null if no provider was found.
|
||||||
* @throws IOException if the KeyProvider is improperly specified in
|
* @throws IOException if the KeyProvider is improperly specified in
|
||||||
* the Configuration
|
* the Configuration
|
||||||
*/
|
*/
|
||||||
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
|
public static KeyProvider createKeyProvider(
|
||||||
final Configuration conf) throws IOException {
|
final Configuration conf) throws IOException {
|
||||||
final String providerUriStr =
|
final String providerUriStr =
|
||||||
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
|
||||||
|
@ -1857,6 +1856,24 @@ public class DFSUtil {
|
||||||
throw new IOException("KeyProvider " + keyProvider.toString()
|
throw new IOException("KeyProvider " + keyProvider.toString()
|
||||||
+ " was found but it is a transient provider.");
|
+ " was found but it is a transient provider.");
|
||||||
}
|
}
|
||||||
|
return keyProvider;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new KeyProviderCryptoExtension by wrapping the
|
||||||
|
* KeyProvider specified in the given Configuration.
|
||||||
|
*
|
||||||
|
* @param conf Configuration
|
||||||
|
* @return new KeyProviderCryptoExtension, or null if no provider was found.
|
||||||
|
* @throws IOException if the KeyProvider is improperly specified in
|
||||||
|
* the Configuration
|
||||||
|
*/
|
||||||
|
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
|
||||||
|
final Configuration conf) throws IOException {
|
||||||
|
KeyProvider keyProvider = createKeyProvider(conf);
|
||||||
|
if (keyProvider == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
|
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
|
||||||
.createKeyProviderCryptoExtension(keyProvider);
|
.createKeyProviderCryptoExtension(keyProvider);
|
||||||
return cryptoProvider;
|
return cryptoProvider;
|
||||||
|
|
|
@ -43,7 +43,6 @@ import org.apache.hadoop.crypto.CipherSuite;
|
||||||
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
import org.apache.hadoop.crypto.CryptoProtocolVersion;
|
||||||
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
|
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
|
||||||
import org.apache.hadoop.crypto.key.KeyProvider;
|
import org.apache.hadoop.crypto.key.KeyProvider;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderFactory;
|
import org.apache.hadoop.crypto.key.KeyProviderFactory;
|
||||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
import org.apache.hadoop.fs.CreateFlag;
|
import org.apache.hadoop.fs.CreateFlag;
|
||||||
|
@ -1043,7 +1042,7 @@ public class TestEncryptionZones {
|
||||||
public void testDelegationToken() throws Exception {
|
public void testDelegationToken() throws Exception {
|
||||||
UserGroupInformation.createRemoteUser("JobTracker");
|
UserGroupInformation.createRemoteUser("JobTracker");
|
||||||
DistributedFileSystem dfs = cluster.getFileSystem();
|
DistributedFileSystem dfs = cluster.getFileSystem();
|
||||||
KeyProviderCryptoExtension keyProvider = Mockito.mock(KeyProviderCryptoExtension.class,
|
KeyProvider keyProvider = Mockito.mock(KeyProvider.class,
|
||||||
withSettings().extraInterfaces(
|
withSettings().extraInterfaces(
|
||||||
DelegationTokenExtension.class,
|
DelegationTokenExtension.class,
|
||||||
CryptoExtension.class));
|
CryptoExtension.class));
|
||||||
|
|
Loading…
Reference in New Issue