org.apache.hadoop.crypto.key.kms

Class KMSClientProvider

java.lang.Object

org.apache.hadoop.crypto.key.KeyProvider

org.apache.hadoop.crypto.key.kms.KMSClientProvider

All Implemented Interfaces:

org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension, org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension, org.apache.hadoop.crypto.key.KeyProviderExtension.Extension, org.apache.hadoop.security.token.DelegationTokenIssuer

@InterfaceAudience.Private
public class KMSClientProvider
extends org.apache.hadoop.crypto.key.KeyProvider
implements org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension, org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension

KMS client KeyProvider implementation.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	KMSClientProvider.Factory The factory to create KMSClientProvider, which is used by the ServiceLoader.
static class	KMSClientProvider.KMSEncryptedKeyVersion
static class	KMSClientProvider.KMSKeyVersion
static class	KMSClientProvider.KMSMetadata
static class	KMSClientProvider.KMSTokenRenewer The KMS implementation of TokenRenewer.

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProvider

org.apache.hadoop.crypto.key.KeyProvider.KeyVersion, org.apache.hadoop.crypto.key.KeyProvider.Metadata, org.apache.hadoop.crypto.key.KeyProvider.Options

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTH_RETRY
static int	DEFAULT_AUTH_RETRY
static String	SCHEME_NAME
static org.apache.hadoop.io.Text	TOKEN_KIND
static String	TOKEN_KIND_STR

Fields inherited from class org.apache.hadoop.crypto.key.KeyProvider

DEFAULT_BITLENGTH, DEFAULT_BITLENGTH_NAME, DEFAULT_CIPHER, DEFAULT_CIPHER_NAME, JCEKS_KEY_SERIAL_FILTER, JCEKS_KEY_SERIALFILTER_DEFAULT

Constructor Summary

Constructors

Constructor and Description
KMSClientProvider(URI uri, org.apache.hadoop.conf.Configuration conf)

Method Summary

Modifier and Type	Method and Description
Void	cancelDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)
void	close() Shutdown valueQueue executor threads
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	createKey(String name, byte[] material, org.apache.hadoop.crypto.key.KeyProvider.Options options)
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	createKey(String name, org.apache.hadoop.crypto.key.KeyProvider.Options options)
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
void	deleteKey(String name)
void	drain(String keyName)
void	flush()
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion	generateEncryptedKey(String encryptionKeyName)
String	getCanonicalServiceName()
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	getCurrentKey(String name)
org.apache.hadoop.security.token.Token<?>	getDelegationToken(String renewer)
protected static org.apache.hadoop.io.Text	getDtService(URI uri)
int	getEncKeyQueueSize(String keyName)
List<String>	getKeys()
org.apache.hadoop.crypto.key.KeyProvider.Metadata[]	getKeysMetadata(String... keyNames)
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	getKeyVersion(String versionName)
List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion>	getKeyVersions(String name)
org.apache.hadoop.crypto.key.KeyProvider.Metadata	getMetadata(String name)
void	invalidateCache(String name)
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion	reencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv)
void	reencryptEncryptedKeys(List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)
long	renewDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	rollNewVersion(String name)
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion	rollNewVersion(String name, byte[] material)
org.apache.hadoop.security.token.Token<?>	selectDelegationToken(org.apache.hadoop.security.Credentials creds)
protected static org.apache.hadoop.security.token.Token<?>	selectDelegationToken(org.apache.hadoop.security.Credentials creds, org.apache.hadoop.io.Text service)
protected void	setClientTokenProvider(org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension provider)
String	toString()
void	warmUpEncryptedKeys(String... keyNames)

Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider

buildVersionName, findProvider, generateKey, getBaseName, getConf, isTransient, needsPassword, noPasswordError, noPasswordWarning, options

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.hadoop.security.token.DelegationTokenIssuer

addDelegationTokens, collectDelegationTokens, getAdditionalTokenIssuers

Field Detail

TOKEN_KIND_STR

public static final String TOKEN_KIND_STR

See Also:

Constant Field Values

TOKEN_KIND

public static final org.apache.hadoop.io.Text TOKEN_KIND

SCHEME_NAME

public static final String SCHEME_NAME

See Also:

Constant Field Values

AUTH_RETRY

public static final String AUTH_RETRY

See Also:

Constant Field Values

DEFAULT_AUTH_RETRY

public static final int DEFAULT_AUTH_RETRY

See Also:

Constant Field Values

Constructor Detail

KMSClientProvider

public KMSClientProvider(URI uri,
                         org.apache.hadoop.conf.Configuration conf)
                  throws IOException

Throws:

IOException

Method Detail

toString

public String toString()

Overrides:

toString in class Object

getDtService

protected static org.apache.hadoop.io.Text getDtService(URI uri)

getKeyVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getKeyVersion(String versionName)
                                                                  throws IOException

Specified by:

getKeyVersion in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

getCurrentKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getCurrentKey(String name)
                                                                  throws IOException

Overrides:

getCurrentKey in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

getKeys

public List<String> getKeys()
                     throws IOException

Specified by:

getKeys in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

getKeysMetadata

public org.apache.hadoop.crypto.key.KeyProvider.Metadata[] getKeysMetadata(String... keyNames)
                                                                    throws IOException

Overrides:

getKeysMetadata in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

createKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name,
                                                                     org.apache.hadoop.crypto.key.KeyProvider.Options options)
                                                              throws NoSuchAlgorithmException,
                                                                     IOException

Overrides:

createKey in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

NoSuchAlgorithmException

IOException

createKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name,
                                                                     byte[] material,
                                                                     org.apache.hadoop.crypto.key.KeyProvider.Options options)
                                                              throws IOException

Specified by:

createKey in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

invalidateCache

public void invalidateCache(String name)
                     throws IOException

Overrides:

invalidateCache in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

rollNewVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name)
                                                                   throws NoSuchAlgorithmException,
                                                                          IOException

Overrides:

rollNewVersion in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

NoSuchAlgorithmException

IOException

rollNewVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name,
                                                                          byte[] material)
                                                                   throws IOException

Specified by:

rollNewVersion in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

generateEncryptedKey

public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
                                                                                                 throws IOException,
                                                                                                        GeneralSecurityException

Specified by:

generateEncryptedKey in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

Throws:

IOException

GeneralSecurityException

decryptEncryptedKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
                                                                        throws IOException,
                                                                               GeneralSecurityException

Specified by:

decryptEncryptedKey in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

Throws:

IOException

GeneralSecurityException

reencryptEncryptedKey

public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion reencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv)
                                                                                                  throws IOException,
                                                                                                         GeneralSecurityException

Specified by:

reencryptEncryptedKey in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

Throws:

IOException

GeneralSecurityException

reencryptEncryptedKeys

public void reencryptEncryptedKeys(List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)
                            throws IOException,
                                   GeneralSecurityException

Specified by:

reencryptEncryptedKeys in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

Throws:

IOException

GeneralSecurityException

getKeyVersions

public List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion> getKeyVersions(String name)
                                                                         throws IOException

Specified by:

getKeyVersions in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

getMetadata

public org.apache.hadoop.crypto.key.KeyProvider.Metadata getMetadata(String name)
                                                              throws IOException

Specified by:

getMetadata in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

deleteKey

public void deleteKey(String name)
               throws IOException

Specified by:

deleteKey in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

flush

public void flush()
           throws IOException

Specified by:

flush in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException

warmUpEncryptedKeys

public void warmUpEncryptedKeys(String... keyNames)
                         throws IOException

Specified by:

warmUpEncryptedKeys in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

Throws:

IOException

drain

public void drain(String keyName)

Specified by:

drain in interface org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension

getEncKeyQueueSize

public int getEncKeyQueueSize(String keyName)

setClientTokenProvider

protected void setClientTokenProvider(org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension provider)

selectDelegationToken

@InterfaceAudience.Private
public org.apache.hadoop.security.token.Token<?> selectDelegationToken(org.apache.hadoop.security.Credentials creds)

Specified by:

selectDelegationToken in interface org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension

selectDelegationToken

protected static org.apache.hadoop.security.token.Token<?> selectDelegationToken(org.apache.hadoop.security.Credentials creds,
                                                                                 org.apache.hadoop.io.Text service)

getCanonicalServiceName

public String getCanonicalServiceName()

Specified by:

getCanonicalServiceName in interface org.apache.hadoop.security.token.DelegationTokenIssuer

getDelegationToken

public org.apache.hadoop.security.token.Token<?> getDelegationToken(String renewer)
                                                             throws IOException

Specified by:

getDelegationToken in interface org.apache.hadoop.security.token.DelegationTokenIssuer

Throws:

IOException

renewDelegationToken

public long renewDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)
                          throws IOException

Specified by:

renewDelegationToken in interface org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension

Throws:

IOException

cancelDelegationToken

public Void cancelDelegationToken(org.apache.hadoop.security.token.Token<?> dToken)
                           throws IOException

Specified by:

cancelDelegationToken in interface org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension

Throws:

IOException

close

public void close()
           throws IOException

Shutdown valueQueue executor threads

Overrides:

close in class org.apache.hadoop.crypto.key.KeyProvider

Throws:

IOException