List of usage examples for org.apache.hadoop.hdfs.security.token.block BlockKey getKeyId
public int getKeyId()
From source file:io.hops.metadata.HdfsVariables.java
License:Apache License
private static Map<Integer, BlockKey> getAllBlockTokenKeys(boolean useKeyId, boolean leightWeight) throws IOException { List<Variable> vars = (List<Variable>) (leightWeight ? getVariableLightWeight(Variable.Finder.BlockTokenKeys).getValue() : Variables.getVariable(Variable.Finder.BlockTokenKeys).getValue()); Map<Integer, BlockKey> keys = new HashMap<Integer, BlockKey>(); for (Variable var : vars) { BlockKey key = deserializeBlockKey((ByteArrayVariable) var); int mapKey = useKeyId ? key.getKeyId() : key.getKeyType().ordinal(); keys.put(mapKey, key);/* w ww .jav a 2 s .co m*/ } return keys; }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
@Override public DataEncryptionKey generateDataEncryptionKey() throws IOException { byte[] nonce = new byte[8]; nonceGenerator.nextBytes(nonce);/*from w w w . j a va 2s .com*/ BlockKey key = getBlockKeyByType(BlockKey.KeyType.CurrKey); byte[] encryptionKey = createPassword(nonce, key.getKey()); return new DataEncryptionKey(key.getKeyId(), blockPoolId, nonce, encryptionKey, Time.now() + tokenLifetime, encryptionAlgorithm); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
@Override protected byte[] createPassword(BlockTokenIdentifier identifier) { BlockKey key; try {/*w w w .j a v a2s . co m*/ key = getBlockKeyByType(BlockKey.KeyType.CurrKey); } catch (IOException ex) { throw new IllegalStateException("currentKey hasn't been initialized. [" + ex.getMessage() + "]"); } if (key == null) { throw new IllegalStateException("currentKey hasn't been initialized."); } identifier.setExpiryDate(Time.now() + tokenLifetime); identifier.setKeyId(key.getKeyId()); if (LOG.isDebugEnabled()) { LOG.debug("Generating block token for " + identifier.toString()); } return createPassword(identifier.getBytes(), key.getKey()); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
private boolean updateBlockKeys() throws IOException { return (Boolean) new HopsTransactionalRequestHandler(HDFSOperationType.UPDATE_BLOCK_KEYS) { @Override/*from www . j a va2 s . c om*/ public void acquireLock(TransactionLocks locks) throws IOException { LockFactory lf = LockFactory.getInstance(); locks.add(lf.getVariableLock(Variable.Finder.BlockTokenKeys, LockType.WRITE)); } @Override public Object performTask() throws StorageException, IOException { Map<Integer, BlockKey> keys = HdfsVariables.getAllBlockTokenKeysByType(); if (keys.isEmpty()) { log.debug("keys is not generated yet to be updated"); return false; } // set final expiry date of retiring currentKey // also modifying this key to mark it as 'simple key' instead of 'current key' BlockKey currentKeyFromDB = keys.get(BlockKey.KeyType.CurrKey.ordinal()); currentKeyFromDB.setExpiryDate(Time.now() + keyUpdateInterval + tokenLifetime); currentKeyFromDB.setKeyType(BlockKey.KeyType.SimpleKey); // after above update, we only have a key marked as 'next key' // the 'next key' becomes the 'current key' // update the estimated expiry date of new currentKey BlockKey nextKeyFromDB = keys.get(BlockKey.KeyType.NextKey.ordinal()); currentKey = new BlockKey(nextKeyFromDB.getKeyId(), Time.now() + 2 * keyUpdateInterval + tokenLifetime, nextKeyFromDB.getKey()); currentKey.setKeyType(BlockKey.KeyType.CurrKey); // generate a new nextKey setSerialNo(serialNo + 1); nextKey = new BlockKey(serialNo, Time.now() + 3 * keyUpdateInterval + tokenLifetime, generateSecret()); nextKey.setKeyType(BlockKey.KeyType.NextKey); HdfsVariables.updateBlockTokenKeys(currentKey, nextKey, currentKeyFromDB); return true; } }.handle(); }