/// <summary>Add a new encryption zone.</summary>
/// <remarks>
/// Add a new encryption zone.
/// <p/>
/// Does not assume that the FSDirectory lock is held.
/// </remarks>
/// <param name="inodeId">of the encryption zone</param>
/// <param name="keyName">encryption zone key name</param>
internal virtual void UnprotectedAddEncryptionZone(long inodeId, CipherSuite suite
, CryptoProtocolVersion version, string keyName)
{
EncryptionZoneManager.EncryptionZoneInt ez = new EncryptionZoneManager.EncryptionZoneInt
(inodeId, suite, version, keyName);
encryptionZones[inodeId] = ez;
}
/// <summary>Create a new encryption zone.</summary>
/// <remarks>
/// Create a new encryption zone.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
/// <exception cref="System.IO.IOException"/>
internal virtual XAttr CreateEncryptionZone(string src, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
System.Diagnostics.Debug.Assert(dir.HasWriteLock());
INodesInPath srcIIP = dir.GetINodesInPath4Write(src, false);
if (dir.IsNonEmptyDirectory(srcIIP))
{
throw new IOException("Attempt to create an encryption zone for a non-empty directory."
);
}
if (srcIIP != null && srcIIP.GetLastINode() != null && !srcIIP.GetLastINode().IsDirectory
())
{
throw new IOException("Attempt to create an encryption zone for a file.");
}
EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(srcIIP);
if (ezi != null)
{
throw new IOException("Directory " + src + " is already in an " + "encryption zone. ("
+ GetFullPathName(ezi) + ")");
}
HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.Convert(suite, version, keyName
);
XAttr ezXAttr = XAttrHelper.BuildXAttr(HdfsServerConstants.CryptoXattrEncryptionZone
, proto.ToByteArray());
IList <XAttr> xattrs = Lists.NewArrayListWithCapacity(1);
xattrs.AddItem(ezXAttr);
// updating the xattr will call addEncryptionZone,
// done this way to handle edit log loading
FSDirXAttrOp.UnprotectedSetXAttrs(dir, src, xattrs, EnumSet.Of(XAttrSetFlag.Create
));
return(ezXAttr);
}
/// <summary>Get the key name for an encryption zone.</summary>
/// <remarks>
/// Get the key name for an encryption zone. Returns null if <tt>iip</tt> is
/// not within an encryption zone.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
internal virtual string GetKeyName(INodesInPath iip)
{
System.Diagnostics.Debug.Assert(dir.HasReadLock());
EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(iip);
if (ezi == null)
{
return(null);
}
return(ezi.GetKeyName());
}
/// <summary>Returns an EncryptionZone representing the ez for a given path.</summary>
/// <remarks>
/// Returns an EncryptionZone representing the ez for a given path.
/// Returns an empty marker EncryptionZone if path is not in an ez.
/// </remarks>
/// <param name="iip">The INodesInPath of the path to check</param>
/// <returns>the EncryptionZone representing the ez for the path.</returns>
internal virtual EncryptionZone GetEZINodeForPath(INodesInPath iip)
{
EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(iip);
if (ezi == null)
{
return(null);
}
else
{
return(new EncryptionZone(ezi.GetINodeId(), GetFullPathName(ezi), ezi.GetSuite(),
ezi.GetVersion(), ezi.GetKeyName()));
}
}
/// <summary>
/// Throws an exception if the provided path cannot be renamed into the
/// destination because of differing encryption zones.
/// </summary>
/// <remarks>
/// Throws an exception if the provided path cannot be renamed into the
/// destination because of differing encryption zones.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
/// <param name="srcIIP">source IIP</param>
/// <param name="dstIIP">destination IIP</param>
/// <param name="src">source path, used for debugging</param>
/// <exception cref="System.IO.IOException">if the src cannot be renamed to the dst</exception>
internal virtual void CheckMoveValidity(INodesInPath srcIIP, INodesInPath dstIIP,
string src)
{
System.Diagnostics.Debug.Assert(dir.HasReadLock());
EncryptionZoneManager.EncryptionZoneInt srcEZI = GetEncryptionZoneForPath(srcIIP);
EncryptionZoneManager.EncryptionZoneInt dstEZI = GetEncryptionZoneForPath(dstIIP);
bool srcInEZ = (srcEZI != null);
bool dstInEZ = (dstEZI != null);
if (srcInEZ)
{
if (!dstInEZ)
{
if (srcEZI.GetINodeId() == srcIIP.GetLastINode().GetId())
{
// src is ez root and dest is not in an ez. Allow the rename.
return;
}
throw new IOException(src + " can't be moved from an encryption zone.");
}
}
else
{
if (dstInEZ)
{
throw new IOException(src + " can't be moved into an encryption zone.");
}
}
if (srcInEZ)
{
if (srcEZI != dstEZI)
{
string srcEZPath = GetFullPathName(srcEZI);
string dstEZPath = GetFullPathName(dstEZI);
StringBuilder sb = new StringBuilder(src);
sb.Append(" can't be moved from encryption zone ");
sb.Append(srcEZPath);
sb.Append(" to encryption zone ");
sb.Append(dstEZPath);
sb.Append(".");
throw new IOException(sb.ToString());
}
}
}
/// <summary>Looks up the EncryptionZoneInt for a path within an encryption zone.</summary>
/// <remarks>
/// Looks up the EncryptionZoneInt for a path within an encryption zone.
/// Returns null if path is not within an EZ.
/// <p/>
/// Must be called while holding the manager lock.
/// </remarks>
private EncryptionZoneManager.EncryptionZoneInt GetEncryptionZoneForPath(INodesInPath
iip)
{
System.Diagnostics.Debug.Assert(dir.HasReadLock());
Preconditions.CheckNotNull(iip);
IList <INode> inodes = iip.GetReadOnlyINodes();
for (int i = inodes.Count - 1; i >= 0; i--)
{
INode inode = inodes[i];
if (inode != null)
{
EncryptionZoneManager.EncryptionZoneInt ezi = encryptionZones[inode.GetId()];
if (ezi != null)
{
return(ezi);
}
}
}
return(null);
}
/// <summary>Returns the path of the EncryptionZoneInt.</summary>
/// <remarks>
/// Returns the path of the EncryptionZoneInt.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
private string GetFullPathName(EncryptionZoneManager.EncryptionZoneInt ezi)
{
System.Diagnostics.Debug.Assert(dir.HasReadLock());
return(dir.GetInode(ezi.GetINodeId()).GetFullPathName());
}
