List of usage examples for org.apache.hadoop.hdfs.security.token.block BlockKey getKey
public SecretKey getKey()
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
@Override public DataEncryptionKey generateDataEncryptionKey() throws IOException { byte[] nonce = new byte[8]; nonceGenerator.nextBytes(nonce);/*from ww w. j a va2s.com*/ BlockKey key = getBlockKeyByType(BlockKey.KeyType.CurrKey); byte[] encryptionKey = createPassword(nonce, key.getKey()); return new DataEncryptionKey(key.getKeyId(), blockPoolId, nonce, encryptionKey, Time.now() + tokenLifetime, encryptionAlgorithm); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
@Override protected byte[] createPassword(BlockTokenIdentifier identifier) { BlockKey key; try {/* ww w .ja va2s. com*/ key = getBlockKeyByType(BlockKey.KeyType.CurrKey); } catch (IOException ex) { throw new IllegalStateException("currentKey hasn't been initialized. [" + ex.getMessage() + "]"); } if (key == null) { throw new IllegalStateException("currentKey hasn't been initialized."); } identifier.setExpiryDate(Time.now() + tokenLifetime); identifier.setKeyId(key.getKeyId()); if (LOG.isDebugEnabled()) { LOG.debug("Generating block token for " + identifier.toString()); } return createPassword(identifier.getBytes(), key.getKey()); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
@Override public byte[] retrievePassword(BlockTokenIdentifier identifier) throws InvalidToken { if (isExpired(identifier.getExpiryDate())) { throw new InvalidToken("Block token with " + identifier.toString() + " is expired."); }/*from w ww. j a v a 2 s .c o m*/ BlockKey key = null; try { key = getBlockKeyById(identifier.getKeyId()); } catch (IOException ex) { } if (key == null) { throw new InvalidToken("Can't re-compute password for " + identifier.toString() + ", since the required block key (keyID=" + identifier.getKeyId() + ") doesn't exist."); } return createPassword(identifier.getBytes(), key.getKey()); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
private boolean updateBlockKeys() throws IOException { return (Boolean) new HopsTransactionalRequestHandler(HDFSOperationType.UPDATE_BLOCK_KEYS) { @Override//from www . j a va 2 s .com public void acquireLock(TransactionLocks locks) throws IOException { LockFactory lf = LockFactory.getInstance(); locks.add(lf.getVariableLock(Variable.Finder.BlockTokenKeys, LockType.WRITE)); } @Override public Object performTask() throws StorageException, IOException { Map<Integer, BlockKey> keys = HdfsVariables.getAllBlockTokenKeysByType(); if (keys.isEmpty()) { log.debug("keys is not generated yet to be updated"); return false; } // set final expiry date of retiring currentKey // also modifying this key to mark it as 'simple key' instead of 'current key' BlockKey currentKeyFromDB = keys.get(BlockKey.KeyType.CurrKey.ordinal()); currentKeyFromDB.setExpiryDate(Time.now() + keyUpdateInterval + tokenLifetime); currentKeyFromDB.setKeyType(BlockKey.KeyType.SimpleKey); // after above update, we only have a key marked as 'next key' // the 'next key' becomes the 'current key' // update the estimated expiry date of new currentKey BlockKey nextKeyFromDB = keys.get(BlockKey.KeyType.NextKey.ordinal()); currentKey = new BlockKey(nextKeyFromDB.getKeyId(), Time.now() + 2 * keyUpdateInterval + tokenLifetime, nextKeyFromDB.getKey()); currentKey.setKeyType(BlockKey.KeyType.CurrKey); // generate a new nextKey setSerialNo(serialNo + 1); nextKey = new BlockKey(serialNo, Time.now() + 3 * keyUpdateInterval + tokenLifetime, generateSecret()); nextKey.setKeyType(BlockKey.KeyType.NextKey); HdfsVariables.updateBlockTokenKeys(currentKey, nextKey, currentKeyFromDB); return true; } }.handle(); }