diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index cbd583e61cf..71c4ea86b2b 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -126,6 +126,9 @@ Release 2.6.0 - UNRELEASED HADOOP-10695. KMSClientProvider should respect a configurable timeout. (yoderme via tucu) + HADOOP-10757. KeyProvider KeyVersion should provide the key name. + (asuresh via tucu) + BUG FIXES HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java index 0f22f6343ae..529a21287ce 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java @@ -173,7 +173,7 @@ public class JavaKeyStoreProvider extends KeyProvider { } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key " + key + " from " + path, e); } - return new KeyVersion(versionName, key.getEncoded()); + return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); } finally { readLock.unlock(); } @@ -277,7 +277,7 @@ public class JavaKeyStoreProvider extends KeyProvider { } cache.put(name, meta); String versionName = buildVersionName(name, 0); - return innerSetKeyVersion(versionName, material, meta.getCipher()); + return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } @@ -316,7 +316,7 @@ public class JavaKeyStoreProvider extends KeyProvider { } } - KeyVersion innerSetKeyVersion(String versionName, byte[] material, + KeyVersion innerSetKeyVersion(String name, String versionName, byte[] material, String cipher) throws IOException { try { keyStore.setKeyEntry(versionName, new SecretKeySpec(material, cipher), @@ -326,7 +326,7 @@ public class JavaKeyStoreProvider extends KeyProvider { e); } changed = true; - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override @@ -344,7 +344,7 @@ public class JavaKeyStoreProvider extends KeyProvider { } int nextVersion = meta.addVersion(); String versionName = buildVersionName(name, nextVersion); - return innerSetKeyVersion(versionName, material, meta.getCipher()); + return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java index 01d7b697ae1..67eb832e73f 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java @@ -63,15 +63,21 @@ public abstract class KeyProvider { * The combination of both the key version name and the key material. */ public static class KeyVersion { + private final String name; private final String versionName; private final byte[] material; - protected KeyVersion(String versionName, + protected KeyVersion(String name, String versionName, byte[] material) { + this.name = name; this.versionName = versionName; this.material = material; } + public String getName() { + return name; + } + public String getVersionName() { return versionName; } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java index 6cfb46bd719..e09b3f8d432 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java @@ -55,12 +55,13 @@ public class UserProvider extends KeyProvider { } @Override - public synchronized KeyVersion getKeyVersion(String versionName) { + public synchronized KeyVersion getKeyVersion(String versionName) + throws IOException { byte[] bytes = credentials.getSecretKey(new Text(versionName)); if (bytes == null) { return null; } - return new KeyVersion(versionName, bytes); + return new KeyVersion(getBaseName(versionName), versionName, bytes); } @Override @@ -94,7 +95,7 @@ public class UserProvider extends KeyProvider { String versionName = buildVersionName(name, 0); credentials.addSecretKey(nameT, meta.serialize()); credentials.addSecretKey(new Text(versionName), material); - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override @@ -125,7 +126,7 @@ public class UserProvider extends KeyProvider { credentials.addSecretKey(new Text(name), meta.serialize()); String versionName = buildVersionName(name, nextVersion); credentials.addSecretKey(new Text(versionName), material); - return new KeyVersion(versionName, material); + return new KeyVersion(name, versionName, material); } @Override diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index c18e8613d08..7d52854845a 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -84,8 +84,9 @@ public class KMSClientProvider extends KeyProvider { byte[] material = (valueMap.containsKey(KMSRESTConstants.MATERIAL_FIELD)) ? Base64.decodeBase64((String) valueMap.get(KMSRESTConstants.MATERIAL_FIELD)) : null; - keyVersion = new KMSKeyVersion((String) - valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD), material); + String versionName = (String)valueMap.get(KMSRESTConstants.VERSION_NAME_FIELD); + String keyName = (String)valueMap.get(KMSRESTConstants.NAME_FIELD); + keyVersion = new KMSKeyVersion(keyName, versionName, material); } return keyVersion; } @@ -362,8 +363,8 @@ public class KMSClientProvider extends KeyProvider { } public static class KMSKeyVersion extends KeyVersion { - public KMSKeyVersion(String versionName, byte[] material) { - super(versionName, material); + public KMSKeyVersion(String keyName, String versionName, byte[] material) { + super(keyName, versionName, material); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java index 47e07a03462..dbf0fe6fe5c 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java @@ -64,7 +64,7 @@ public class TestKeyProvider { @Test public void testKeyMaterial() throws Exception { byte[] key1 = new byte[]{1,2,3,4}; - KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1@1", key1); + KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1); assertEquals("key1@1", obj.getVersionName()); assertArrayEquals(new byte[]{1,2,3,4}, obj.getMaterial()); } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java index 3446c787b88..3574bf43b74 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java @@ -90,8 +90,8 @@ public class KMS { private static KeyProvider.KeyVersion removeKeyMaterial( KeyProvider.KeyVersion keyVersion) { - return new KMSClientProvider.KMSKeyVersion(keyVersion.getVersionName(), - null); + return new KMSClientProvider.KMSKeyVersion(keyVersion.getName(), + keyVersion.getVersionName(), null); } private static URI getKeyURI(String name) throws URISyntaxException { diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java index 9131a189adb..94501ecf3d4 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java @@ -35,6 +35,8 @@ public class KMSServerJSONUtils { public static Map toJSON(KeyProvider.KeyVersion keyVersion) { Map json = new LinkedHashMap(); if (keyVersion != null) { + json.put(KMSRESTConstants.NAME_FIELD, + keyVersion.getName()); json.put(KMSRESTConstants.VERSION_NAME_FIELD, keyVersion.getVersionName()); json.put(KMSRESTConstants.MATERIAL_FIELD, keyVersion.getMaterial());