HADOOP-10891. Add EncryptedKeyVersion factory method to KeyProviderCryptoExtension. (wang)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619540 13f79535-47bb-0310-9956-ffa450edef68
2014-08-21 18:59:38 +00:00 · 2014-08-21 18:59:38 +00:00 · c6eee38b81
parent 30fe1849c3
commit c6eee38b81
2 changed files with 27 additions and 0 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -160,6 +160,9 @@ Release 2.6.0 - UNRELEASED
    HADOOP-10720. KMS: Implement generateEncryptedKey and decryptEncryptedKey
    in the REST API. (asuresh via tucu)

+    HADOOP-10891. Add EncryptedKeyVersion factory method to
+    KeyProviderCryptoExtension. (wang)
+
  BUG FIXES

    HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
@ -79,6 +79,30 @@ public class KeyProviderCryptoExtension extends
      this.encryptedKeyVersion = encryptedKeyVersion;
    }

+    /**
+     * Factory method to create a new EncryptedKeyVersion that can then be
+     * passed into {@link #decryptEncryptedKey}. Note that the fields of the
+     * returned EncryptedKeyVersion will only partially be populated; it is not
+     * necessarily suitable for operations besides decryption.
+     *
+     * @param encryptionKeyVersionName Version name of the encryption key used
+     *                                 to encrypt the encrypted key.
+     * @param encryptedKeyIv           Initialization vector of the encrypted
+     *                                 key. The IV of the encryption key used to
+     *                                 encrypt the encrypted key is derived from
+     *                                 this IV.
+     * @param encryptedKeyMaterial     Key material of the encrypted key.
+     * @return EncryptedKeyVersion suitable for decryption.
+     */
+    public static EncryptedKeyVersion createForDecryption(String
+        encryptionKeyVersionName, byte[] encryptedKeyIv,
+        byte[] encryptedKeyMaterial) {
+      KeyVersion encryptedKeyVersion = new KeyVersion(null, null,
+          encryptedKeyMaterial);
+      return new EncryptedKeyVersion(null, encryptionKeyVersionName,
+          encryptedKeyIv, encryptedKeyVersion);
+    }
+
    /**
     * @return Name of the encryption key used to encrypt the encrypted key.
     */