HADOOP-10842. CryptoExtension generateEncryptedKey method should receive the key name. (asuresh via tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619535 13f79535-47bb-0310-9956-ffa450edef68

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -148,6 +148,9 @@ Release 2.6.0 - UNRELEASED
     HADOOP-10841. EncryptedKeyVersion should have a key name property.
     (asuresh via tucu)
 
+    HADOOP-10842. CryptoExtension generateEncryptedKey method should
+    receive the key name. (asuresh via tucu)
+
   BUG FIXES
 
     HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java

@@ -84,14 +84,13 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
     /**
      * Generates a key material and encrypts it using the given key version name
      * and initialization vector. The generated key material is of the same
-     * length as the <code>KeyVersion</code> material and is encrypted using the
-     * same cipher.
+     * length as the <code>KeyVersion</code> material of the latest key version
+     * of the key and is encrypted using the same cipher.
      * <p/>
      * NOTE: The generated key is not stored by the <code>KeyProvider</code>
      *
-     * @param encryptionKeyVersion
-     *          a KeyVersion object containing the keyVersion name and material
-     *          to encrypt.
+     * @param encryptionKeyName
+     *          The latest KeyVersion of this key's material will be encrypted.
      * @return EncryptedKeyVersion with the generated key material, the version
      *         name is 'EEK' (for Encrypted Encryption Key)
      * @throws IOException
@@ -101,7 +100,7 @@ public interface CryptoExtension extends KeyProviderExtension.Extension {
      *           cryptographic issue.
      */
     public EncryptedKeyVersion generateEncryptedKey(
-        KeyVersion encryptionKeyVersion) throws IOException,
+        String encryptionKeyName) throws IOException,
         GeneralSecurityException;
 
     /**
@@ -146,12 +145,11 @@ private byte[] flipIV(byte[] iv) {
     }
 
     @Override
-    public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
+    public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
         throws IOException, GeneralSecurityException {
-      KeyVersion keyVer =
-          keyProvider.getKeyVersion(keyVersion.getVersionName());
-      Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist",
-          keyVersion.getVersionName());
+      KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName);
+      Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ",
+          encryptionKeyName);
       byte[] newKey = new byte[keyVer.getMaterial().length];
       SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey);
       Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
@@ -159,8 +157,8 @@ public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
       cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(),
           "AES"), new IvParameterSpec(flipIV(iv)));
       byte[] ek = cipher.doFinal(newKey);
-      return new EncryptedKeyVersion(keyVersion.getName(),
-          keyVersion.getVersionName(), iv,
+      return new EncryptedKeyVersion(encryptionKeyName,
+          keyVer.getVersionName(), iv,
           new KeyVersion(keyVer.getName(), EEK, ek));
     }
 
@@ -197,18 +195,18 @@ private KeyProviderCryptoExtension(KeyProvider keyProvider,
    * <p/>
    * NOTE: The generated key is not stored by the <code>KeyProvider</code>
    *
-   * @param encryptionKey a KeyVersion object containing the keyVersion name and
-   * material to encrypt.
+   * @param encryptionKeyName The latest KeyVersion of this key's material will
+   * be encrypted.
    * @return EncryptedKeyVersion with the generated key material, the version
    * name is 'EEK' (for Encrypted Encryption Key)
    * @throws IOException thrown if the key material could not be generated
    * @throws GeneralSecurityException thrown if the key material could not be
    * encrypted because of a cryptographic issue.
    */
-  public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey)
+  public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
       throws IOException,
                                            GeneralSecurityException {
-    return getExtension().generateEncryptedKey(encryptionKey);
+    return getExtension().generateEncryptedKey(encryptionKeyName);
   }
 
   /**

hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java

@@ -42,7 +42,7 @@ public void testGenerateEncryptedKey() throws Exception {
         KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);
 
     KeyProviderCryptoExtension.EncryptedKeyVersion ek1 =
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
     Assert.assertEquals(KeyProviderCryptoExtension.EEK,
         ek1.getEncryptedKey().getVersionName());
     Assert.assertEquals("foo", ek1.getKeyName());
@@ -56,7 +56,7 @@ public void testGenerateEncryptedKey() throws Exception {
     Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length);
 
     KeyProviderCryptoExtension.EncryptedKeyVersion ek2 =
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
     KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2);
     boolean eq = true;
     for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) {