You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ignite.apache.org by GitBox <gi...@apache.org> on 2020/10/01 12:33:20 UTC

[GitHub] [ignite] alex-plekhanov commented on a change in pull request #7941: IGNITE-12843

alex-plekhanov commented on a change in pull request #7941:
URL: https://github.com/apache/ignite/pull/7941#discussion_r498207521



##########
File path: modules/core/src/main/java/org/apache/ignite/internal/managers/encryption/GridEncryptionManager.java
##########
@@ -627,22 +739,104 @@ public void groupKey(int grpId, byte[] encGrpKey) {
         return withMasterKeyChangeReadLock(() -> getSpi().getMasterKeyName());
     }
 
+    /** {@inheritDoc} */
+    @Override public IgniteFuture<Void> changeCacheGroupKey(Collection<String> cacheOrGrpNames) {
+        A.notEmpty(cacheOrGrpNames, "cacheOrGrpNames");
+
+        synchronized (opsMux) {
+            if (stopped) {
+                return new IgniteFinishedFutureImpl<>(new IgniteException("Cache group key change was rejected. " +
+                    "Node is stopping."));
+            }
+
+            return grpKeyChangeProc.start(cacheOrGrpNames);
+        }
+    }
+
+    /**
+     * @param grpIds Cache group IDs.
+     * @param keyIds Encryption key IDs.
+     * @param keys Encryption keys.
+     * @throws IgniteCheckedException If failed.
+     */
+    protected void changeCacheGroupKeyLocal(int[] grpIds, byte[] keyIds, byte[][] keys) throws IgniteCheckedException {
+        Map<Integer, Byte> encryptionStatus = U.newHashMap(grpIds.length);
+
+        for (int i = 0; i < grpIds.length; i++)
+            encryptionStatus.put(grpIds[i], keyIds[i]);
+
+        WALPointer ptr = ctx.cache().context().wal().log(new ReencryptionStartRecord(encryptionStatus));
+
+        if (ptr != null)
+            ctx.cache().context().wal().flush(ptr, false);
+
+        for (int i = 0; i < grpIds.length; i++) {
+            int grpId = grpIds[i];
+            int newKeyId = keyIds[i] & 0xff;
+
+            synchronized (metaStorageMux) {
+                // Set new key as key for writing. Note that we cannot pass the encrypted key here because the master
+                // key may have changed in which case we will not be able to decrypt the cache encryption key.
+                GroupKey prevGrpKey = grpKeys.changeActiveKey(grpId, newKeyId);
+
+                List<GroupKeyEncrypted> keysEncrypted = withMasterKeyChangeReadLock(() -> grpKeys.getAll(grpId));

Review comment:
       Wrong lock order again




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org