diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index cb8b26c5c0e..4612d6cfd6b 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -148,6 +148,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10841. EncryptedKeyVersion should have a key name property.
(asuresh via tucu)
+ HADOOP-10842. CryptoExtension generateEncryptedKey method should
+ receive the key name. (asuresh via tucu)
+
BUG FIXES
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
index 9baf67fe46b..7afea99b989 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
@@ -84,14 +84,13 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
/**
* Generates a key material and encrypts it using the given key version name
* and initialization vector. The generated key material is of the same
- * length as the KeyVersion
material and is encrypted using the
- * same cipher.
+ * length as the KeyVersion
material of the latest key version
+ * of the key and is encrypted using the same cipher.
*
KeyProvider
*
- * @param encryptionKeyVersion
- * a KeyVersion object containing the keyVersion name and material
- * to encrypt.
+ * @param encryptionKeyName
+ * The latest KeyVersion of this key's material will be encrypted.
* @return EncryptedKeyVersion with the generated key material, the version
* name is 'EEK' (for Encrypted Encryption Key)
* @throws IOException
@@ -101,7 +100,7 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
* cryptographic issue.
*/
public EncryptedKeyVersion generateEncryptedKey(
- KeyVersion encryptionKeyVersion) throws IOException,
+ String encryptionKeyName) throws IOException,
GeneralSecurityException;
/**
@@ -146,12 +145,11 @@ private byte[] flipIV(byte[] iv) {
}
@Override
- public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
+ public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
throws IOException, GeneralSecurityException {
- KeyVersion keyVer =
- keyProvider.getKeyVersion(keyVersion.getVersionName());
- Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist",
- keyVersion.getVersionName());
+ KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName);
+ Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ",
+ encryptionKeyName);
byte[] newKey = new byte[keyVer.getMaterial().length];
SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
@@ -159,8 +157,8 @@ public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(),
"AES"), new IvParameterSpec(flipIV(iv)));
byte[] ek = cipher.doFinal(newKey);
- return new EncryptedKeyVersion(keyVersion.getName(),
- keyVersion.getVersionName(), iv,
+ return new EncryptedKeyVersion(encryptionKeyName,
+ keyVer.getVersionName(), iv,
new KeyVersion(keyVer.getName(), EEK, ek));
}
@@ -197,18 +195,18 @@ private KeyProviderCryptoExtension(KeyProvider keyProvider,
*
* NOTE: The generated key is not stored by the KeyProvider
*
- * @param encryptionKey a KeyVersion object containing the keyVersion name and
- * material to encrypt.
+ * @param encryptionKeyName The latest KeyVersion of this key's material will
+ * be encrypted.
* @return EncryptedKeyVersion with the generated key material, the version
* name is 'EEK' (for Encrypted Encryption Key)
* @throws IOException thrown if the key material could not be generated
* @throws GeneralSecurityException thrown if the key material could not be
* encrypted because of a cryptographic issue.
*/
- public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey)
+ public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
throws IOException,
GeneralSecurityException {
- return getExtension().generateEncryptedKey(encryptionKey);
+ return getExtension().generateEncryptedKey(encryptionKeyName);
}
/**
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
index 32dda2ac2e8..56a4958ab57 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
@@ -42,7 +42,7 @@ public void testGenerateEncryptedKey() throws Exception {
KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);
KeyProviderCryptoExtension.EncryptedKeyVersion ek1 =
- kpExt.generateEncryptedKey(kv);
+ kpExt.generateEncryptedKey(kv.getName());
Assert.assertEquals(KeyProviderCryptoExtension.EEK,
ek1.getEncryptedKey().getVersionName());
Assert.assertEquals("foo", ek1.getKeyName());
@@ -56,7 +56,7 @@ public void testGenerateEncryptedKey() throws Exception {
Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length);
KeyProviderCryptoExtension.EncryptedKeyVersion ek2 =
- kpExt.generateEncryptedKey(kv);
+ kpExt.generateEncryptedKey(kv.getName());
KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2);
boolean eq = true;
for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) {