You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by wa...@apache.org on 2014/10/02 22:52:29 UTC
[1/2] git commit: HDFS-7179. DFSClient should instantiate a
KeyProvider, not a KeyProviderCryptoExtension. (wang)
Repository: hadoop
Updated Branches:
refs/heads/trunk a56f3ecf8 -> 6ac10516e
HDFS-7179. DFSClient should instantiate a KeyProvider, not a KeyProviderCryptoExtension. (wang)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d2d5a0ea
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d2d5a0ea
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d2d5a0ea
Branch: refs/heads/trunk
Commit: d2d5a0ea03b0d461a4d376c7b9de8cd5c147effa
Parents: a56f3ec
Author: Andrew Wang <wa...@apache.org>
Authored: Thu Oct 2 13:50:05 2014 -0700
Committer: Andrew Wang <wa...@apache.org>
Committed: Thu Oct 2 13:50:05 2014 -0700
----------------------------------------------------------------------
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++
.../java/org/apache/hadoop/hdfs/DFSClient.java | 11 +++++----
.../java/org/apache/hadoop/hdfs/DFSUtil.java | 25 ++++++++++++++++----
.../apache/hadoop/hdfs/TestEncryptionZones.java | 3 +--
4 files changed, 32 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d2d5a0ea/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index bb7664a..e806e4a 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -900,6 +900,9 @@ Release 2.6.0 - UNRELEASED
HDFS-7162. Wrong path when deleting through fuse-dfs a file which already
exists in trash (Chengbing Liu via cmccabe)
+ HDFS-7179. DFSClient should instantiate a KeyProvider, not a
+ KeyProviderCryptoExtension. (wang)
+
BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
HDFS-6387. HDFS CLI admin tool for creating & deleting an
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d2d5a0ea/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
index d83d8cb..c975ad5 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
@@ -104,6 +104,7 @@ import org.apache.hadoop.crypto.CryptoCodec;
import org.apache.hadoop.crypto.CryptoInputStream;
import org.apache.hadoop.crypto.CryptoOutputStream;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
+import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.BlockLocation;
import org.apache.hadoop.fs.BlockStorageLocation;
@@ -264,7 +265,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
new DFSHedgedReadMetrics();
private static ThreadPoolExecutor HEDGED_READ_THREAD_POOL;
@VisibleForTesting
- KeyProviderCryptoExtension provider;
+ KeyProvider provider;
/**
* DFSClient configuration
*/
@@ -596,7 +597,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
this.authority = nameNodeUri == null? "null": nameNodeUri.getAuthority();
this.clientName = "DFSClient_" + dfsClientConf.taskId + "_" +
DFSUtil.getRandom().nextInt() + "_" + Thread.currentThread().getId();
- provider = DFSUtil.createKeyProviderCryptoExtension(conf);
+ provider = DFSUtil.createKeyProvider(conf);
if (LOG.isDebugEnabled()) {
if (provider == null) {
LOG.debug("No KeyProvider found.");
@@ -1315,7 +1316,9 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(),
feInfo.getEncryptedDataEncryptionKey());
try {
- return provider.decryptEncryptedKey(ekv);
+ KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
+ .createKeyProviderCryptoExtension(provider);
+ return cryptoProvider.decryptEncryptedKey(ekv);
} catch (GeneralSecurityException e) {
throw new IOException(e);
}
@@ -3138,7 +3141,7 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
return HEDGED_READ_METRIC;
}
- public KeyProviderCryptoExtension getKeyProvider() {
+ public KeyProvider getKeyProvider() {
return provider;
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d2d5a0ea/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
index aba86d1..f1bfcb4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
@@ -1791,15 +1791,14 @@ public class DFSUtil {
}
/**
- * Creates a new KeyProviderCryptoExtension by wrapping the
- * KeyProvider specified in the given Configuration.
+ * Creates a new KeyProvider from the given Configuration.
*
* @param conf Configuration
- * @return new KeyProviderCryptoExtension, or null if no provider was found.
+ * @return new KeyProvider, or null if no provider was found.
* @throws IOException if the KeyProvider is improperly specified in
* the Configuration
*/
- public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
+ public static KeyProvider createKeyProvider(
final Configuration conf) throws IOException {
final String providerUriStr =
conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, null);
@@ -1823,6 +1822,24 @@ public class DFSUtil {
throw new IOException("KeyProvider " + keyProvider.toString()
+ " was found but it is a transient provider.");
}
+ return keyProvider;
+ }
+
+ /**
+ * Creates a new KeyProviderCryptoExtension by wrapping the
+ * KeyProvider specified in the given Configuration.
+ *
+ * @param conf Configuration
+ * @return new KeyProviderCryptoExtension, or null if no provider was found.
+ * @throws IOException if the KeyProvider is improperly specified in
+ * the Configuration
+ */
+ public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
+ final Configuration conf) throws IOException {
+ KeyProvider keyProvider = createKeyProvider(conf);
+ if (keyProvider == null) {
+ return null;
+ }
KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension
.createKeyProviderCryptoExtension(keyProvider);
return cryptoProvider;
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d2d5a0ea/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
index df1864c..c384bfb 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
@@ -43,7 +43,6 @@ import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
import org.apache.hadoop.crypto.key.KeyProvider;
-import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.CreateFlag;
@@ -1043,7 +1042,7 @@ public class TestEncryptionZones {
public void testDelegationToken() throws Exception {
UserGroupInformation.createRemoteUser("JobTracker");
DistributedFileSystem dfs = cluster.getFileSystem();
- KeyProviderCryptoExtension keyProvider = Mockito.mock(KeyProviderCryptoExtension.class,
+ KeyProvider keyProvider = Mockito.mock(KeyProvider.class,
withSettings().extraInterfaces(
DelegationTokenExtension.class,
CryptoExtension.class));
[2/2] git commit: HDFS-7181. Remove incorrect precondition check on
key length in FileEncryptionInfo. (wang)
Posted by wa...@apache.org.
HDFS-7181. Remove incorrect precondition check on key length in FileEncryptionInfo. (wang)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6ac10516
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6ac10516
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6ac10516
Branch: refs/heads/trunk
Commit: 6ac10516e7fa28384b6d3c2670f6621e2666ffdb
Parents: d2d5a0e
Author: Andrew Wang <wa...@apache.org>
Authored: Thu Oct 2 13:51:08 2014 -0700
Committer: Andrew Wang <wa...@apache.org>
Committed: Thu Oct 2 13:51:08 2014 -0700
----------------------------------------------------------------------
.../main/java/org/apache/hadoop/crypto/CipherSuite.java | 10 ----------
.../java/org/apache/hadoop/fs/FileEncryptionInfo.java | 2 --
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++
3 files changed, 3 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/6ac10516/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java
index 9962b38..c9355d7 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/CipherSuite.java
@@ -73,16 +73,6 @@ public enum CipherSuite {
return builder.toString();
}
- public static void checkName(String name) {
- CipherSuite[] suites = CipherSuite.values();
- for (CipherSuite suite : suites) {
- if (suite.getName().equals(name)) {
- return;
- }
- }
- throw new IllegalArgumentException("Invalid cipher suite name: " + name);
- }
-
/**
* Convert to CipherSuite from name, {@link #algoBlockSize} is fixed for
* certain cipher suite, just need to compare the name.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/6ac10516/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java
index 27e0c85..00ddfe8 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileEncryptionInfo.java
@@ -58,8 +58,6 @@ public class FileEncryptionInfo {
checkNotNull(iv);
checkNotNull(keyName);
checkNotNull(ezKeyVersionName);
- checkArgument(edek.length == suite.getAlgorithmBlockSize(),
- "Unexpected key length");
checkArgument(iv.length == suite.getAlgorithmBlockSize(),
"Unexpected IV length");
this.cipherSuite = suite;
http://git-wip-us.apache.org/repos/asf/hadoop/blob/6ac10516/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index e806e4a..c9e2bd0 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -903,6 +903,9 @@ Release 2.6.0 - UNRELEASED
HDFS-7179. DFSClient should instantiate a KeyProvider, not a
KeyProviderCryptoExtension. (wang)
+ HDFS-7181. Remove incorrect precondition check on key length in
+ FileEncryptionInfo. (wang)
+
BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
HDFS-6387. HDFS CLI admin tool for creating & deleting an