/** * Creates a new KeyProviderCryptoExtension by wrapping the * KeyProvider specified in the given Configuration. * * @param conf Configuration * @return new KeyProviderCryptoExtension, or null if no provider was found. * @throws IOException if the KeyProvider is improperly specified in * the Configuration */ public static KeyProviderCryptoExtension createKeyProviderCryptoExtension( final Configuration conf) throws IOException { KeyProvider keyProvider = HdfsKMSUtil.createKeyProvider(conf); if (keyProvider == null) { return null; } KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(keyProvider); return cryptoProvider; }
/** * Creates a new KeyProviderCryptoExtension by wrapping the * KeyProvider specified in the given Configuration. * * @param conf Configuration * @return new KeyProviderCryptoExtension, or null if no provider was found. * @throws IOException if the KeyProvider is improperly specified in * the Configuration */ public static KeyProviderCryptoExtension createKeyProviderCryptoExtension( final Configuration conf) throws IOException { KeyProvider keyProvider = createKeyProvider(conf); if (keyProvider == null) { return null; } KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(keyProvider); return cryptoProvider; }
/** * Creates a new KeyProviderCryptoExtension by wrapping the * KeyProvider specified in the given Configuration. * * @param conf Configuration * @return new KeyProviderCryptoExtension, or null if no provider was found. * @throws IOException if the KeyProvider is improperly specified in * the Configuration */ public static KeyProviderCryptoExtension createKeyProviderCryptoExtension( final Configuration conf) throws IOException { KeyProvider keyProvider = createKeyProvider(conf); if (keyProvider == null) { return null; } KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(keyProvider); return cryptoProvider; }
createKeyProviderCryptoExtension(keyProvider); keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf,
/** * Decrypts a EDEK by consulting the KeyProvider. */ static KeyVersion decryptEncryptedDataEncryptionKey(FileEncryptionInfo feInfo, KeyProvider keyProvider) throws IOException { if (keyProvider == null) { throw new IOException("No KeyProvider is configured, cannot access" + " an encrypted file"); } EncryptedKeyVersion ekv = EncryptedKeyVersion.createForDecryption( feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(), feInfo.getEncryptedDataEncryptionKey()); try { KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(keyProvider); return cryptoProvider.decryptEncryptedKey(ekv); } catch (GeneralSecurityException e) { throw new IOException(e); } } }
/** * Decrypts a EDEK by consulting the KeyProvider. */ private KeyVersion decryptEncryptedDataEncryptionKey(FileEncryptionInfo feInfo) throws IOException { TraceScope scope = Trace.startSpan("decryptEDEK", traceSampler); try { KeyProvider provider = getKeyProvider(); if (provider == null) { throw new IOException("No KeyProvider is configured, cannot access" + " an encrypted file"); } EncryptedKeyVersion ekv = EncryptedKeyVersion.createForDecryption( feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(), feInfo.getEncryptedDataEncryptionKey()); try { KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(provider); return cryptoProvider.decryptEncryptedKey(ekv); } catch (GeneralSecurityException e) { throw new IOException(e); } } finally { scope.close(); } }
/** * Decrypts a EDEK by consulting the KeyProvider. */ private KeyVersion decryptEncryptedDataEncryptionKey(FileEncryptionInfo feInfo) throws IOException { TraceScope scope = Trace.startSpan("decryptEDEK", traceSampler); try { KeyProvider provider = getKeyProvider(); if (provider == null) { throw new IOException("No KeyProvider is configured, cannot access" + " an encrypted file"); } EncryptedKeyVersion ekv = EncryptedKeyVersion.createForDecryption( feInfo.getKeyName(), feInfo.getEzKeyVersionName(), feInfo.getIV(), feInfo.getEncryptedDataEncryptionKey()); try { KeyProviderCryptoExtension cryptoProvider = KeyProviderCryptoExtension .createKeyProviderCryptoExtension(provider); return cryptoProvider.decryptEncryptedKey(ekv); } catch (GeneralSecurityException e) { throw new IOException(e); } } finally { scope.close(); } }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf); kpExt = KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.setCipher(CIPHER); options.setBitLength(128); encryptionKey = kp.createKey(ENCRYPTION_KEY_NAME, SecureRandom.getSeed(16), options); }
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf); kpExt = KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.setCipher(CIPHER); options.setBitLength(128); encryptionKey = kp.createKey(ENCRYPTION_KEY_NAME, SecureRandom.getSeed(16), options); }
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
final KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider( KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), mock);
try { KeyProvider kp = createProvider(uri, conf); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp) .generateEncryptedKey("a"); } catch (SocketTimeoutException e) { try { KeyProvider kp = createProvider(uri, conf); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp) .decryptEncryptedKey( new KMSClientProvider.KMSEncryptedKeyVersion("a",
try { KeyProvider kp = createProvider(uri, conf); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp) .generateEncryptedKey("a"); } catch (SocketTimeoutException e) { try { KeyProvider kp = createProvider(uri, conf); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp) .decryptEncryptedKey( new KMSClientProvider.KMSEncryptedKeyVersion("a",
KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); kpExt.generateEncryptedKey(kVer2.getName()); Assert.fail("User should not be allowed to encrypt !!"); createKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.setCipher("AES/CTR/NoPadding");
KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp); kpExt.generateEncryptedKey(kVer2.getName()); Assert.fail("User should not be allowed to encrypt !!"); createKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.setCipher("AES/CTR/NoPadding");