Ejemplo n.º 1
0
        public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate()
        {
            byte[] plaintextKey1 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
            byte[] plaintextKey2 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
            byte[] plaintextKey3 = { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };

            DataEncryptionKey encryptionkey1 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
            DataEncryptionKey encryptionkey2 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);

            Assert.Same(encryptionkey1, encryptionkey2);

            DataEncryptionKey encryptionkey3 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
            DataEncryptionKey encryptionkey4 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey2);

            Assert.Same(encryptionkey3, encryptionkey4);

            DataEncryptionKey encryptionkey5 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
            DataEncryptionKey encryptionkey6 = PlaintextDataEncryptionKey.GetOrCreate("Not_EK", plaintextKey1);

            Assert.NotSame(encryptionkey5, encryptionkey6);

            DataEncryptionKey encryptionkey7 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
            DataEncryptionKey encryptionkey8 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey3);

            Assert.NotSame(encryptionkey7, encryptionkey8);
        }
        public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate()
        {
            KeyEncryptionKey masterKey1 = new KeyEncryptionKey("MK", keyEncryptionKeyPath, azureKeyProvider);
            KeyEncryptionKey masterKey2 = new KeyEncryptionKey("MK", keyEncryptionKeyPath, azureKeyProvider);
            KeyEncryptionKey masterKey3 = new KeyEncryptionKey("Not_MK", keyEncryptionKeyPath, azureKeyProvider);

            byte[] EncryptedKey1 = { 1, 206, 0, 0, 1, 104, 0, 116, 0, 116, 0, 112, 0, 115, 0, 58, 0, 47, 0, 47, 0, 106, 0, 101, 0, 116, 0, 114, 0, 105, 0, 109, 0, 109, 0, 101, 0, 45, 0, 107, 0, 101, 0, 121, 0, 45, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 122, 0, 117, 0, 114, 0, 101, 0, 46, 0, 110, 0, 101, 0, 116, 0, 47, 0, 107, 0, 101, 0, 121, 0, 115, 0, 47, 0, 97, 0, 108, 0, 119, 0, 97, 0, 121, 0, 115, 0, 45, 0, 101, 0, 110, 0, 99, 0, 114, 0, 121, 0, 112, 0, 116, 0, 101, 0, 100, 0, 45, 0, 97, 0, 117, 0, 116, 0, 111, 0, 49, 0, 47, 0, 97, 0, 55, 0, 100, 0, 53, 0, 99, 0, 57, 0, 56, 0, 57, 0, 100, 0, 53, 0, 97, 0, 48, 0, 52, 0, 50, 0, 51, 0, 102, 0, 56, 0, 100, 0, 51, 0, 53, 0, 54, 0, 102, 0, 49, 0, 57, 0, 53, 0, 53, 0, 51, 0, 54, 0, 101, 0, 53, 0, 57, 0, 48, 0, 146, 197, 248, 185, 212, 19, 214, 85, 165, 169, 226, 123, 111, 175, 36, 125, 232, 11, 157, 149, 159, 59, 85, 94, 205, 149, 132, 235, 77, 85, 113, 234, 252, 191, 31, 138, 176, 171, 34, 177, 99, 108, 122, 127, 250, 60, 198, 101, 237, 238, 73, 109, 146, 56, 227, 101, 159, 141, 193, 102, 165, 82, 221, 233, 169, 55, 13, 102, 135, 162, 19, 133, 126, 147, 117, 254, 79, 128, 38, 251, 104, 60, 175, 40, 37, 73, 207, 66, 93, 25, 252, 150, 234, 122, 54, 166, 133, 208, 122, 221, 80, 139, 226, 186, 112, 158, 75, 154, 11, 61, 116, 18, 241, 187, 130, 251, 38, 222, 19, 179, 227, 115, 88, 194, 56, 28, 231, 94, 34, 153, 136, 26, 241, 109, 193, 150, 165, 91, 209, 210, 157, 196, 45, 171, 180, 10, 51, 130, 115, 100, 132, 54, 167, 192, 1, 41, 26, 99, 161, 206, 83, 172, 231, 44, 249, 232, 29, 25, 193, 12, 28, 133, 193, 7, 86, 78, 41, 151, 56, 13, 159, 8, 167, 226, 242, 31, 14, 51, 196, 36, 94, 109, 12, 181, 103, 126, 84, 208, 18, 134, 183, 74, 74, 209, 55, 40, 206, 187, 162, 159, 94, 208, 114, 188, 254, 25, 31, 79, 88, 126, 163, 167, 38, 245, 45, 217, 133, 149, 21, 141, 124, 34, 176, 39, 61, 177, 2, 124, 160, 138, 170, 65, 7, 61, 203, 40, 32, 57, 228, 172, 10, 193, 162, 30, 51, 121, 1, 185, 3, 43, 189, 28, 36, 109, 14, 153, 209, 17, 165, 201, 245, 18, 86, 215, 86, 104, 206, 109, 227, 78, 207, 14, 112, 148, 130, 136, 144, 115, 212, 4, 144, 194, 150, 234, 6, 53, 123, 51, 220, 126, 21, 75, 64, 186, 145, 208, 96, 176, 46, 249, 242, 10, 177, 18, 158, 131, 92, 76, 203, 28, 123, 218, 121, 112, 75, 215, 187, 226, 247, 116, 159, 244, 229, 30, 115, 206, 227, 175, 72, 80, 229, 117, 198, 184, 28, 35, 86, 185, 226, 192, 99, 178, 40, 153, 98, 155, 219, 43, 111, 190, 58, 183, 241, 234, 139, 155, 252, 109, 207, 237, 56, 222, 212, 163, 216, 35, 55, 57, 106, 60, 145, 102, 163, 132, 65, 128, 149, 48, 187, 174, 75, 62, 157, 31, 162, 38, 239, 43, 88, 140, 203, 221, 181, 244, 200, 182, 237, 36, 224, 241, 89, 40, 232, 107, 65, 64, 15, 164, 110, 21, 121, 183, 36, 200, 20, 223, 45, 238, 209, 43, 88, 123, 108, 252, 219, 75, 80, 197, 173, 244, 130, 193, 11, 96, 143, 7, 23, 250, 60, 21, 168, 69, 108, 168, 85, 8, 96, 78, 156, 122, 45, 202, 82, 180, 135, 200, 131, 220, 248, 42, 210, 234, 132, 100, 88, 80, 93, 212, 145, 253, 45, 117, 51, 163, 214, 134, 42, 167, 0, 120, 40, 165, 171, 114, 252, 151, 74, 0, 157, 190, 250, 132, 22, 141, 14, 146, 34, 155, 39, 103, 58, 226 };
            byte[] EncryptedKey2 = { 1, 206, 0, 0, 1, 104, 0, 116, 0, 116, 0, 112, 0, 115, 0, 58, 0, 47, 0, 47, 0, 106, 0, 101, 0, 116, 0, 114, 0, 105, 0, 109, 0, 109, 0, 101, 0, 45, 0, 107, 0, 101, 0, 121, 0, 45, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 122, 0, 117, 0, 114, 0, 101, 0, 46, 0, 110, 0, 101, 0, 116, 0, 47, 0, 107, 0, 101, 0, 121, 0, 115, 0, 47, 0, 97, 0, 108, 0, 119, 0, 97, 0, 121, 0, 115, 0, 45, 0, 101, 0, 110, 0, 99, 0, 114, 0, 121, 0, 112, 0, 116, 0, 101, 0, 100, 0, 45, 0, 97, 0, 117, 0, 116, 0, 111, 0, 49, 0, 47, 0, 97, 0, 55, 0, 100, 0, 53, 0, 99, 0, 57, 0, 56, 0, 57, 0, 100, 0, 53, 0, 97, 0, 48, 0, 52, 0, 50, 0, 51, 0, 102, 0, 56, 0, 100, 0, 51, 0, 53, 0, 54, 0, 102, 0, 49, 0, 57, 0, 53, 0, 53, 0, 51, 0, 54, 0, 101, 0, 53, 0, 57, 0, 48, 0, 146, 197, 248, 185, 212, 19, 214, 85, 165, 169, 226, 123, 111, 175, 36, 125, 232, 11, 157, 149, 159, 59, 85, 94, 205, 149, 132, 235, 77, 85, 113, 234, 252, 191, 31, 138, 176, 171, 34, 177, 99, 108, 122, 127, 250, 60, 198, 101, 237, 238, 73, 109, 146, 56, 227, 101, 159, 141, 193, 102, 165, 82, 221, 233, 169, 55, 13, 102, 135, 162, 19, 133, 126, 147, 117, 254, 79, 128, 38, 251, 104, 60, 175, 40, 37, 73, 207, 66, 93, 25, 252, 150, 234, 122, 54, 166, 133, 208, 122, 221, 80, 139, 226, 186, 112, 158, 75, 154, 11, 61, 116, 18, 241, 187, 130, 251, 38, 222, 19, 179, 227, 115, 88, 194, 56, 28, 231, 94, 34, 153, 136, 26, 241, 109, 193, 150, 165, 91, 209, 210, 157, 196, 45, 171, 180, 10, 51, 130, 115, 100, 132, 54, 167, 192, 1, 41, 26, 99, 161, 206, 83, 172, 231, 44, 249, 232, 29, 25, 193, 12, 28, 133, 193, 7, 86, 78, 41, 151, 56, 13, 159, 8, 167, 226, 242, 31, 14, 51, 196, 36, 94, 109, 12, 181, 103, 126, 84, 208, 18, 134, 183, 74, 74, 209, 55, 40, 206, 187, 162, 159, 94, 208, 114, 188, 254, 25, 31, 79, 88, 126, 163, 167, 38, 245, 45, 217, 133, 149, 21, 141, 124, 34, 176, 39, 61, 177, 2, 124, 160, 138, 170, 65, 7, 61, 203, 40, 32, 57, 228, 172, 10, 193, 162, 30, 51, 121, 1, 185, 3, 43, 189, 28, 36, 109, 14, 153, 209, 17, 165, 201, 245, 18, 86, 215, 86, 104, 206, 109, 227, 78, 207, 14, 112, 148, 130, 136, 144, 115, 212, 4, 144, 194, 150, 234, 6, 53, 123, 51, 220, 126, 21, 75, 64, 186, 145, 208, 96, 176, 46, 249, 242, 10, 177, 18, 158, 131, 92, 76, 203, 28, 123, 218, 121, 112, 75, 215, 187, 226, 247, 116, 159, 244, 229, 30, 115, 206, 227, 175, 72, 80, 229, 117, 198, 184, 28, 35, 86, 185, 226, 192, 99, 178, 40, 153, 98, 155, 219, 43, 111, 190, 58, 183, 241, 234, 139, 155, 252, 109, 207, 237, 56, 222, 212, 163, 216, 35, 55, 57, 106, 60, 145, 102, 163, 132, 65, 128, 149, 48, 187, 174, 75, 62, 157, 31, 162, 38, 239, 43, 88, 140, 203, 221, 181, 244, 200, 182, 237, 36, 224, 241, 89, 40, 232, 107, 65, 64, 15, 164, 110, 21, 121, 183, 36, 200, 20, 223, 45, 238, 209, 43, 88, 123, 108, 252, 219, 75, 80, 197, 173, 244, 130, 193, 11, 96, 143, 7, 23, 250, 60, 21, 168, 69, 108, 168, 85, 8, 96, 78, 156, 122, 45, 202, 82, 180, 135, 200, 131, 220, 248, 42, 210, 234, 132, 100, 88, 80, 93, 212, 145, 253, 45, 117, 51, 163, 214, 134, 42, 167, 0, 120, 40, 165, 171, 114, 252, 151, 74, 0, 157, 190, 250, 132, 22, 141, 14, 146, 34, 155, 39, 103, 58, 226 };

            DataEncryptionKey encryptionkey1 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
            DataEncryptionKey encryptionkey2 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey2, EncryptedKey1);

            Assert.Same(encryptionkey1, encryptionkey2);

            DataEncryptionKey encryptionkey3 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
            DataEncryptionKey encryptionkey4 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey3, EncryptedKey1);

            Assert.NotSame(encryptionkey3, encryptionkey4);

            DataEncryptionKey encryptionkey5 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
            DataEncryptionKey encryptionkey6 = ProtectedDataEncryptionKey.GetOrCreate("Not_EK", masterKey1, EncryptedKey1);

            Assert.NotSame(encryptionkey5, encryptionkey6);

            DataEncryptionKey encryptionkey7 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
            DataEncryptionKey encryptionkey8 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey2);

            Assert.Same(encryptionkey7, encryptionkey8);
        }
Ejemplo n.º 3
0
 /// <summary>Sends client SASL negotiation if required.</summary>
 /// <remarks>
 /// Sends client SASL negotiation if required.  Determines the correct type of
 /// SASL handshake based on configuration.
 /// </remarks>
 /// <param name="addr">connection address</param>
 /// <param name="underlyingOut">connection output stream</param>
 /// <param name="underlyingIn">connection input stream</param>
 /// <param name="encryptionKey">for an encrypted SASL handshake</param>
 /// <param name="accessToken">connection block access token</param>
 /// <param name="datanodeId">ID of destination DataNode</param>
 /// <returns>new pair of streams, wrapped after SASL negotiation</returns>
 /// <exception cref="System.IO.IOException">for any error</exception>
 private IOStreamPair Send(IPAddress addr, OutputStream underlyingOut, InputStream
                           underlyingIn, DataEncryptionKey encryptionKey, Org.Apache.Hadoop.Security.Token.Token
                           <BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
 {
     if (encryptionKey != null)
     {
         Log.Debug("SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
                   addr, datanodeId);
         return(GetEncryptedStreams(underlyingOut, underlyingIn, encryptionKey));
     }
     else
     {
         if (!UserGroupInformation.IsSecurityEnabled())
         {
             Log.Debug("SASL client skipping handshake in unsecured configuration for " + "addr = {}, datanodeId = {}"
                       , addr, datanodeId);
             return(null);
         }
         else
         {
             if (SecurityUtil.IsPrivilegedPort(datanodeId.GetXferPort()))
             {
                 Log.Debug("SASL client skipping handshake in secured configuration with " + "privileged port for addr = {}, datanodeId = {}"
                           , addr, datanodeId);
                 return(null);
             }
             else
             {
                 if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.Get())
                 {
                     Log.Debug("SASL client skipping handshake in secured configuration with " + "unsecured cluster for addr = {}, datanodeId = {}"
                               , addr, datanodeId);
                     return(null);
                 }
                 else
                 {
                     if (saslPropsResolver != null)
                     {
                         Log.Debug("SASL client doing general handshake for addr = {}, datanodeId = {}", addr
                                   , datanodeId);
                         return(GetSaslStreams(addr, underlyingOut, underlyingIn, accessToken, datanodeId));
                     }
                     else
                     {
                         // It's a secured cluster using non-privileged ports, but no SASL.  The
                         // only way this can happen is if the DataNode has
                         // ignore.secure.ports.for.testing configured, so this is a rare edge case.
                         Log.Debug("SASL client skipping handshake in secured configuration with no SASL "
                                   + "protection configured for addr = {}, datanodeId = {}", addr, datanodeId);
                         return(null);
                     }
                 }
             }
         }
     }
 }
Ejemplo n.º 4
0
        /// <summary>Sends client SASL negotiation for a newly allocated socket if required.</summary>
        /// <param name="socket">connection socket</param>
        /// <param name="underlyingOut">connection output stream</param>
        /// <param name="underlyingIn">connection input stream</param>
        /// <param name="encryptionKeyFactory">for creation of an encryption key</param>
        /// <param name="accessToken">connection block access token</param>
        /// <param name="datanodeId">ID of destination DataNode</param>
        /// <returns>new pair of streams, wrapped after SASL negotiation</returns>
        /// <exception cref="System.IO.IOException">for any error</exception>
        public virtual IOStreamPair NewSocketSend(Socket socket, OutputStream underlyingOut
                                                  , InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
                                                  <BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
        {
            // The encryption key factory only returns a key if encryption is enabled.
            DataEncryptionKey encryptionKey = !trustedChannelResolver.IsTrusted() ? encryptionKeyFactory
                                              .NewDataEncryptionKey() : null;
            IOStreamPair ios = Send(socket.GetInetAddress(), underlyingOut, underlyingIn, encryptionKey
                                    , accessToken, datanodeId);

            return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut));
        }
Ejemplo n.º 5
0
            public override async Task <byte[]> EncryptAsync(
                byte[] plainText,
                string dataEncryptionKeyId,
                string encryptionAlgorithm,
                CancellationToken cancellationToken = default)
            {
                DataEncryptionKey dek = await this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync(
                    dataEncryptionKeyId,
                    encryptionAlgorithm,
                    cancellationToken);

                return(dek.EncryptData(plainText));
            }
        public void EncryptToSameCiphertextWhenDeterministicEncryptionTypeSelected(DataEncryptionKey encryptionKey)
        {
            EncryptionType encryptionType = EncryptionType.Deterministic;

            byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 };
            AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType);

            byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext);
            byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext);
            byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext);

            Assert.Equal(ciphertext1, ciphertext2);
            Assert.Equal(ciphertext2, ciphertext3);
            Assert.Equal(ciphertext1, ciphertext3);
        }
        public void EncryptToDifferentCiphertextWhenRandomizedEncryptionTypeSelected(DataEncryptionKey encryptionKey)
        {
            EncryptionType encryptionType = EncryptionType.Randomized;

            byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 };
            AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType);

            byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext);
            byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext);
            byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext);

            Assert.NotEqual(ciphertext1, ciphertext2);
            Assert.NotEqual(ciphertext2, ciphertext3);
            Assert.NotEqual(ciphertext1, ciphertext3);
        }
Ejemplo n.º 8
0
 public virtual DataEncryptionKey NewDataEncryptionKey()
 {
     if (encryptDataTransfer)
     {
         lock (this)
         {
             if (encryptionKey == null)
             {
                 encryptionKey = blockTokenSecretManager.GenerateDataEncryptionKey();
             }
             return(encryptionKey);
         }
     }
     else
     {
         return(null);
     }
 }
            public override async Task <byte[]> DecryptAsync(
                byte[] cipherText,
                string dataEncryptionKeyId,
                string encryptionAlgorithm,
                CancellationToken cancellationToken = default)
            {
                DataEncryptionKey dek = await this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync(
                    dataEncryptionKeyId,
                    encryptionAlgorithm,
                    cancellationToken);

                if (dek == null)
                {
                    throw new InvalidOperationException($"Null {nameof(DataEncryptionKey)} returned from {nameof(this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync)}.");
                }

                return(dek.DecryptData(cipherText));
            }
Ejemplo n.º 10
0
        /// <summary>Sends client SASL negotiation for specialized encrypted handshake.</summary>
        /// <param name="underlyingOut">connection output stream</param>
        /// <param name="underlyingIn">connection input stream</param>
        /// <param name="encryptionKey">for an encrypted SASL handshake</param>
        /// <returns>new pair of streams, wrapped after SASL negotiation</returns>
        /// <exception cref="System.IO.IOException">for any error</exception>
        private IOStreamPair GetEncryptedStreams(OutputStream underlyingOut, InputStream
                                                 underlyingIn, DataEncryptionKey encryptionKey)
        {
            IDictionary <string, string> saslProps = DataTransferSaslUtil.CreateSaslPropertiesForEncryption
                                                         (encryptionKey.encryptionAlgorithm);

            Log.Debug("Client using encryption algorithm {}", encryptionKey.encryptionAlgorithm
                      );
            string userName = GetUserNameFromEncryptionKey(encryptionKey);

            char[] password = DataTransferSaslUtil.EncryptionKeyToPassword(encryptionKey.encryptionKey
                                                                           );
            CallbackHandler callbackHandler = new SaslDataTransferClient.SaslClientCallbackHandler
                                                  (userName, password);

            return(DoSaslHandshake(underlyingOut, underlyingIn, userName, saslProps, callbackHandler
                                   ));
        }
Ejemplo n.º 11
0
 /// <summary>
 /// Checks if an address is already trusted and then sends client SASL
 /// negotiation if required.
 /// </summary>
 /// <param name="addr">connection address</param>
 /// <param name="underlyingOut">connection output stream</param>
 /// <param name="underlyingIn">connection input stream</param>
 /// <param name="encryptionKeyFactory">for creation of an encryption key</param>
 /// <param name="accessToken">connection block access token</param>
 /// <param name="datanodeId">ID of destination DataNode</param>
 /// <returns>new pair of streams, wrapped after SASL negotiation</returns>
 /// <exception cref="System.IO.IOException">for any error</exception>
 private IOStreamPair CheckTrustAndSend(IPAddress addr, OutputStream underlyingOut
                                        , InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
                                        <BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
 {
     if (!trustedChannelResolver.IsTrusted() && !trustedChannelResolver.IsTrusted(addr
                                                                                  ))
     {
         // The encryption key factory only returns a key if encryption is enabled.
         DataEncryptionKey encryptionKey = encryptionKeyFactory.NewDataEncryptionKey();
         return(Send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken, datanodeId
                     ));
     }
     else
     {
         Log.Debug("SASL client skipping handshake on trusted connection for addr = {}, "
                   + "datanodeId = {}", addr, datanodeId);
         return(null);
     }
 }
Ejemplo n.º 12
0
 /// <summary>
 /// The SASL username for an encrypted handshake consists of the keyId,
 /// blockPoolId, and nonce with the first two encoded as Strings, and the third
 /// encoded using Base64.
 /// </summary>
 /// <remarks>
 /// The SASL username for an encrypted handshake consists of the keyId,
 /// blockPoolId, and nonce with the first two encoded as Strings, and the third
 /// encoded using Base64. The fields are each separated by a single space.
 /// </remarks>
 /// <param name="encryptionKey">the encryption key to encode as a SASL username.</param>
 /// <returns>encoded username containing keyId, blockPoolId, and nonce</returns>
 private static string GetUserNameFromEncryptionKey(DataEncryptionKey encryptionKey
                                                    )
 {
     return(encryptionKey.keyId + NameDelimiter + encryptionKey.blockPoolId + NameDelimiter
            + new string(Base64.EncodeBase64(encryptionKey.nonce, false), Charsets.Utf8));
 }