/// <exception cref="NoSuchAlgorithmException"/>
/// <exception cref="System.IO.IOException"/>
private KeyProvider.KeyVersion CreateKeyInternal(string name, byte[] material, KeyProvider.Options
options)
{
CheckNotEmpty(name, "name");
CheckNotNull(options, "options");
IDictionary <string, object> jsonKey = new Dictionary <string, object>();
jsonKey[KMSRESTConstants.NameField] = name;
jsonKey[KMSRESTConstants.CipherField] = options.GetCipher();
jsonKey[KMSRESTConstants.LengthField] = options.GetBitLength();
if (material != null)
{
jsonKey[KMSRESTConstants.MaterialField] = Base64.EncodeBase64String(material);
}
if (options.GetDescription() != null)
{
jsonKey[KMSRESTConstants.DescriptionField] = options.GetDescription();
}
if (options.GetAttributes() != null && !options.GetAttributes().IsEmpty())
{
jsonKey[KMSRESTConstants.AttributesField] = options.GetAttributes();
}
Uri url = CreateURL(KMSRESTConstants.KeysResource, null, null, null);
HttpURLConnection conn = CreateConnection(url, HttpPost);
conn.SetRequestProperty(ContentType, ApplicationJsonMime);
IDictionary response = Call <IDictionary>(conn, jsonKey, HttpURLConnection.HttpCreated
);
return(ParseJSONKeyVersion(response));
}
// This method first checks if "key.acl.name" attribute is present as an
// attribute in the provider Options. If yes, use the aclName for any
// subsequent access checks, else use the keyName as the aclName and set it
// as the value of the "key.acl.name" in the key's metadata.
/// <exception cref="System.IO.IOException"/>
private void AuthorizeCreateKey(string keyName, KeyProvider.Options options, UserGroupInformation
ugi)
{
Preconditions.CheckNotNull(ugi, "UserGroupInformation cannot be null");
IDictionary <string, string> attributes = options.GetAttributes();
string aclName = attributes[KeyAclName];
bool success = false;
if (Strings.IsNullOrEmpty(aclName))
{
if (acls.IsACLPresent(keyName, KeyAuthorizationKeyProvider.KeyOpType.Management))
{
options.SetAttributes(ImmutableMap.Builder <string, string>().PutAll(attributes).Put
(KeyAclName, keyName).Build());
success = acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType
.Management) || acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType
.All);
}
else
{
success = false;
}
}
else
{
success = acls.IsACLPresent(aclName, KeyAuthorizationKeyProvider.KeyOpType.Management
) && (acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.Management
) || acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.All
));
}
if (!success)
{
throw new AuthorizationException(string.Format("User [%s] is not" + " authorized to create key !!"
, ugi.GetShortUserName()));
}
}