Package org.apache.hadoop.crypto.key.kms
Class KMSClientProvider
- java.lang.Object
-
- org.apache.hadoop.crypto.key.KeyProvider
-
- org.apache.hadoop.crypto.key.kms.KMSClientProvider
-
- All Implemented Interfaces:
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension,org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension,org.apache.hadoop.crypto.key.KeyProviderExtension.Extension,org.apache.hadoop.security.token.DelegationTokenIssuer
@Private public class KMSClientProvider extends org.apache.hadoop.crypto.key.KeyProvider implements org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension, org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtensionKMS clientKeyProviderimplementation.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classKMSClientProvider.FactoryThe factory to create KMSClientProvider, which is used by the ServiceLoader.static classKMSClientProvider.KMSEncryptedKeyVersionstatic classKMSClientProvider.KMSKeyVersionstatic classKMSClientProvider.KMSMetadatastatic classKMSClientProvider.KMSTokenRenewerThe KMS implementation ofTokenRenewer.
-
Field Summary
Fields Modifier and Type Field Description static StringAUTH_RETRYstatic intDEFAULT_AUTH_RETRYstatic StringSCHEME_NAMEstatic org.apache.hadoop.io.TextTOKEN_KINDstatic StringTOKEN_KIND_STR
-
Constructor Summary
Constructors Constructor Description KMSClientProvider(URI uri, org.apache.hadoop.conf.Configuration conf)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description VoidcancelDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)voidclose()Shutdown valueQueue executor threadsorg.apache.hadoop.crypto.key.KeyProvider.KeyVersioncreateKey(String name, byte[] material, org.apache.hadoop.crypto.key.KeyProvider.Options options)org.apache.hadoop.crypto.key.KeyProvider.KeyVersioncreateKey(String name, org.apache.hadoop.crypto.key.KeyProvider.Options options)org.apache.hadoop.crypto.key.KeyProvider.KeyVersiondecryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)voiddeleteKey(String name)voiddrain(String keyName)voidflush()org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersiongenerateEncryptedKey(String encryptionKeyName)StringgetCanonicalServiceName()org.apache.hadoop.crypto.key.KeyProvider.KeyVersiongetCurrentKey(String name)org.apache.hadoop.security.token.Token<?>getDelegationToken(String renewer)protected static org.apache.hadoop.io.TextgetDtService(URI uri)intgetEncKeyQueueSize(String keyName)List<String>getKeys()org.apache.hadoop.crypto.key.KeyProvider.Metadata[]getKeysMetadata(String... keyNames)org.apache.hadoop.crypto.key.KeyProvider.KeyVersiongetKeyVersion(String versionName)List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion>getKeyVersions(String name)org.apache.hadoop.crypto.key.KeyProvider.MetadatagetMetadata(String name)voidinvalidateCache(String name)org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersionreencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv)voidreencryptEncryptedKeys(List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)longrenewDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)org.apache.hadoop.crypto.key.KeyProvider.KeyVersionrollNewVersion(String name)org.apache.hadoop.crypto.key.KeyProvider.KeyVersionrollNewVersion(String name, byte[] material)org.apache.hadoop.security.token.Token<?>selectDelegationToken(org.apache.hadoop.security.Credentials creds)protected static org.apache.hadoop.security.token.Token<?>selectDelegationToken(org.apache.hadoop.security.Credentials creds, org.apache.hadoop.io.Text service)protected voidsetClientTokenProvider(org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension provider)StringtoString()voidwarmUpEncryptedKeys(String... keyNames)-
Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider
buildVersionName, findProvider, generateKey, getBaseName, getConf, isTransient, needsPassword, noPasswordError, noPasswordWarning, options
-
-
-
-
Field Detail
-
TOKEN_KIND_STR
public static final String TOKEN_KIND_STR
- See Also:
- Constant Field Values
-
TOKEN_KIND
public static final org.apache.hadoop.io.Text TOKEN_KIND
-
SCHEME_NAME
public static final String SCHEME_NAME
- See Also:
- Constant Field Values
-
AUTH_RETRY
public static final String AUTH_RETRY
- See Also:
- Constant Field Values
-
DEFAULT_AUTH_RETRY
public static final int DEFAULT_AUTH_RETRY
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
KMSClientProvider
public KMSClientProvider(URI uri, org.apache.hadoop.conf.Configuration conf) throws IOException
- Throws:
IOException
-
-
Method Detail
-
getDtService
protected static org.apache.hadoop.io.Text getDtService(URI uri)
-
getKeyVersion
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getKeyVersion(String versionName) throws IOException
- Specified by:
getKeyVersionin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
getCurrentKey
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getCurrentKey(String name) throws IOException
- Overrides:
getCurrentKeyin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
getKeys
public List<String> getKeys() throws IOException
- Specified by:
getKeysin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
getKeysMetadata
public org.apache.hadoop.crypto.key.KeyProvider.Metadata[] getKeysMetadata(String... keyNames) throws IOException
- Overrides:
getKeysMetadatain classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
createKey
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name, org.apache.hadoop.crypto.key.KeyProvider.Options options) throws NoSuchAlgorithmException, IOException
- Overrides:
createKeyin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
NoSuchAlgorithmExceptionIOException
-
createKey
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name, byte[] material, org.apache.hadoop.crypto.key.KeyProvider.Options options) throws IOException
- Specified by:
createKeyin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
invalidateCache
public void invalidateCache(String name) throws IOException
- Overrides:
invalidateCachein classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
rollNewVersion
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException
- Overrides:
rollNewVersionin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
NoSuchAlgorithmExceptionIOException
-
rollNewVersion
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name, byte[] material) throws IOException
- Specified by:
rollNewVersionin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
generateEncryptedKey
public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException
- Specified by:
generateEncryptedKeyin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension- Throws:
IOExceptionGeneralSecurityException
-
decryptEncryptedKey
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException- Specified by:
decryptEncryptedKeyin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension- Throws:
IOExceptionGeneralSecurityException
-
reencryptEncryptedKey
public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion reencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv) throws IOException, GeneralSecurityException- Specified by:
reencryptEncryptedKeyin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension- Throws:
IOExceptionGeneralSecurityException
-
reencryptEncryptedKeys
public void reencryptEncryptedKeys(List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs) throws IOException, GeneralSecurityException
- Specified by:
reencryptEncryptedKeysin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension- Throws:
IOExceptionGeneralSecurityException
-
getKeyVersions
public List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion> getKeyVersions(String name) throws IOException
- Specified by:
getKeyVersionsin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
getMetadata
public org.apache.hadoop.crypto.key.KeyProvider.Metadata getMetadata(String name) throws IOException
- Specified by:
getMetadatain classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
deleteKey
public void deleteKey(String name) throws IOException
- Specified by:
deleteKeyin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
flush
public void flush() throws IOException- Specified by:
flushin classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
warmUpEncryptedKeys
public void warmUpEncryptedKeys(String... keyNames) throws IOException
- Specified by:
warmUpEncryptedKeysin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension- Throws:
IOException
-
drain
public void drain(String keyName)
- Specified by:
drainin interfaceorg.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
-
getEncKeyQueueSize
public int getEncKeyQueueSize(String keyName)
-
setClientTokenProvider
protected void setClientTokenProvider(org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension provider)
-
selectDelegationToken
@Private public org.apache.hadoop.security.token.Token<?> selectDelegationToken(org.apache.hadoop.security.Credentials creds)
- Specified by:
selectDelegationTokenin interfaceorg.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension
-
selectDelegationToken
protected static org.apache.hadoop.security.token.Token<?> selectDelegationToken(org.apache.hadoop.security.Credentials creds, org.apache.hadoop.io.Text service)
-
getCanonicalServiceName
public String getCanonicalServiceName()
- Specified by:
getCanonicalServiceNamein interfaceorg.apache.hadoop.security.token.DelegationTokenIssuer
-
getDelegationToken
public org.apache.hadoop.security.token.Token<?> getDelegationToken(String renewer) throws IOException
- Specified by:
getDelegationTokenin interfaceorg.apache.hadoop.security.token.DelegationTokenIssuer- Throws:
IOException
-
renewDelegationToken
public long renewDelegationToken(org.apache.hadoop.security.token.Token<?> dToken) throws IOException- Specified by:
renewDelegationTokenin interfaceorg.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension- Throws:
IOException
-
cancelDelegationToken
public Void cancelDelegationToken(org.apache.hadoop.security.token.Token<?> dToken) throws IOException
- Specified by:
cancelDelegationTokenin interfaceorg.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension- Throws:
IOException
-
close
public void close() throws IOExceptionShutdown valueQueue executor threads- Overrides:
closein classorg.apache.hadoop.crypto.key.KeyProvider- Throws:
IOException
-
-