HADOOP-10842. CryptoExtension generateEncryptedKey method should receive the key name. (asuresh via tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619535 13f79535-47bb-0310-9956-ffa450edef68
2014-08-21 18:59:25 +00:00 · 2014-08-21 18:59:25 +00:00 · f21bd86958
parent 0197f57ff4
commit f21bd86958
3 changed files with 20 additions and 19 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -148,6 +148,9 @@ Release 2.6.0 - UNRELEASED
    HADOOP-10841. EncryptedKeyVersion should have a key name property.
    (asuresh via tucu)

+    HADOOP-10842. CryptoExtension generateEncryptedKey method should
+    receive the key name. (asuresh via tucu)
+
  BUG FIXES

    HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java
@ -84,14 +84,13 @@ public class KeyProviderCryptoExtension extends
    /**
     * Generates a key material and encrypts it using the given key version name
     * and initialization vector. The generated key material is of the same
-     * length as the <code>KeyVersion</code> material and is encrypted using the
-     * same cipher.
+     * length as the <code>KeyVersion</code> material of the latest key version
+     * of the key and is encrypted using the same cipher.
     * <p/>
     * NOTE: The generated key is not stored by the <code>KeyProvider</code>
     *
-     * @param encryptionKeyVersion
-     *          a KeyVersion object containing the keyVersion name and material
-     *          to encrypt.
+     * @param encryptionKeyName
+     *          The latest KeyVersion of this key's material will be encrypted.
     * @return EncryptedKeyVersion with the generated key material, the version
     *         name is 'EEK' (for Encrypted Encryption Key)
     * @throws IOException
@ -101,7 +100,7 @@ public class KeyProviderCryptoExtension extends
     *           cryptographic issue.
     */
    public EncryptedKeyVersion generateEncryptedKey(
-        KeyVersion encryptionKeyVersion) throws IOException,
+        String encryptionKeyName) throws IOException,
        GeneralSecurityException;

    /**
@ -146,12 +145,11 @@ public class KeyProviderCryptoExtension extends
    }

    @Override
-    public EncryptedKeyVersion generateEncryptedKey(KeyVersion keyVersion)
+    public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
        throws IOException, GeneralSecurityException {
-      KeyVersion keyVer =
-          keyProvider.getKeyVersion(keyVersion.getVersionName());
-      Preconditions.checkNotNull(keyVer, "KeyVersion name '%s' does not exist",
-          keyVersion.getVersionName());
+      KeyVersion keyVer = keyProvider.getCurrentKey(encryptionKeyName);
+      Preconditions.checkNotNull(keyVer, "No KeyVersion exists for key '%s' ",
+          encryptionKeyName);
      byte[] newKey = new byte[keyVer.getMaterial().length];
      SecureRandom.getInstance("SHA1PRNG").nextBytes(newKey);
      Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
@ -159,8 +157,8 @@ public class KeyProviderCryptoExtension extends
      cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(keyVer.getMaterial(),
          "AES"), new IvParameterSpec(flipIV(iv)));
      byte[] ek = cipher.doFinal(newKey);
-      return new EncryptedKeyVersion(keyVersion.getName(),
-          keyVersion.getVersionName(), iv,
+      return new EncryptedKeyVersion(encryptionKeyName,
+          keyVer.getVersionName(), iv,
          new KeyVersion(keyVer.getName(), EEK, ek));
    }

@ -197,18 +195,18 @@ public class KeyProviderCryptoExtension extends
   * <p/>
   * NOTE: The generated key is not stored by the <code>KeyProvider</code>
   *
-   * @param encryptionKey a KeyVersion object containing the keyVersion name and
-   * material to encrypt.
+   * @param encryptionKeyName The latest KeyVersion of this key's material will
+   * be encrypted.
   * @return EncryptedKeyVersion with the generated key material, the version
   * name is 'EEK' (for Encrypted Encryption Key)
   * @throws IOException thrown if the key material could not be generated
   * @throws GeneralSecurityException thrown if the key material could not be
   * encrypted because of a cryptographic issue.
   */
-  public EncryptedKeyVersion generateEncryptedKey(KeyVersion encryptionKey)
+  public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
      throws IOException,
                                           GeneralSecurityException {
-    return getExtension().generateEncryptedKey(encryptionKey);
+    return getExtension().generateEncryptedKey(encryptionKeyName);
  }

  /**
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.java
@ -42,7 +42,7 @@ public class TestKeyProviderCryptoExtension {
        KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);

    KeyProviderCryptoExtension.EncryptedKeyVersion ek1 =
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
    Assert.assertEquals(KeyProviderCryptoExtension.EEK,
        ek1.getEncryptedKey().getVersionName());
    Assert.assertEquals("foo", ek1.getKeyName());
@ -56,7 +56,7 @@ public class TestKeyProviderCryptoExtension {
    Assert.assertEquals(kv.getMaterial().length, k1.getMaterial().length);

    KeyProviderCryptoExtension.EncryptedKeyVersion ek2 =
-        kpExt.generateEncryptedKey(kv);
+        kpExt.generateEncryptedKey(kv.getName());
    KeyProvider.KeyVersion k2 = kpExt.decryptEncryptedKey(ek2);
    boolean eq = true;
    for (int i = 0; eq && i < ek2.getEncryptedKey().getMaterial().length; i++) {