/// <exception cref="System.Exception"/>
public virtual void TestDecryptWithKeyVersionNameKeyMismatch()
{
Configuration conf = new Configuration();
KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf
);
KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs
>();
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.GenerateEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.DecryptEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.All)).ThenReturn(true);
UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1");
UserGroupInformation u2 = UserGroupInformation.CreateRemoteUser("u2");
UserGroupInformation u3 = UserGroupInformation.CreateRemoteUser("u3");
UserGroupInformation sudo = UserGroupInformation.CreateRemoteUser("sudo");
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u1, KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u2, KeyAuthorizationKeyProvider.KeyOpType
.GenerateEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u3, KeyAuthorizationKeyProvider.KeyOpType
.DecryptEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", sudo, KeyAuthorizationKeyProvider.KeyOpType
.All)).ThenReturn(true);
KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension
.CreateKeyProviderCryptoExtension(kp), mock);
sudo.DoAs(new _PrivilegedExceptionAction_247(conf, kpExt));
}
public virtual void TestCreateKey()
{
Configuration conf = new Configuration();
KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf
);
KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs
>();
Org.Mockito.Mockito.When(mock.IsACLPresent("foo", KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1");
Org.Mockito.Mockito.When(mock.HasAccessToKey("foo", u1, KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension
.CreateKeyProviderCryptoExtension(kp), mock);
u1.DoAs(new _PrivilegedExceptionAction_62(kpExt, conf));
// "bar" key not configured
// Ignore
// Unauthorized User
UserGroupInformation.CreateRemoteUser("badGuy").DoAs(new _PrivilegedExceptionAction_87
(kpExt, conf));
}
public virtual void ContextInitialized(ServletContextEvent sce)
{
try
{
string confDir = Runtime.GetProperty(KMSConfiguration.KmsConfigDir);
if (confDir == null)
{
throw new RuntimeException("System property '" + KMSConfiguration.KmsConfigDir +
"' not defined");
}
kmsConf = KMSConfiguration.GetKMSConf();
InitLogging(confDir);
Log.Info("-------------------------------------------------------------");
Log.Info(" Java runtime version : {}", Runtime.GetProperty("java.runtime.version"
));
Log.Info(" KMS Hadoop Version: " + VersionInfo.GetVersion());
Log.Info("-------------------------------------------------------------");
kmsAcls = new KMSACLs();
kmsAcls.StartReloader();
metricRegistry = new MetricRegistry();
jmxReporter = JmxReporter.ForRegistry(metricRegistry).Build();
jmxReporter.Start();
generateEEKCallsMeter = metricRegistry.Register(GenerateEekMeter, new Meter());
decryptEEKCallsMeter = metricRegistry.Register(DecryptEekMeter, new Meter());
adminCallsMeter = metricRegistry.Register(AdminCallsMeter, new Meter());
keyCallsMeter = metricRegistry.Register(KeyCallsMeter, new Meter());
invalidCallsMeter = metricRegistry.Register(InvalidCallsMeter, new Meter());
unauthorizedCallsMeter = metricRegistry.Register(UnauthorizedCallsMeter, new Meter
());
unauthenticatedCallsMeter = metricRegistry.Register(UnauthenticatedCallsMeter, new
Meter());
kmsAudit = new KMSAudit(kmsConf.GetLong(KMSConfiguration.KmsAuditAggregationWindow
, KMSConfiguration.KmsAuditAggregationWindowDefault));
// this is required for the the JMXJsonServlet to work properly.
// the JMXJsonServlet is behind the authentication filter,
// thus the '*' ACL.
sce.GetServletContext().SetAttribute(HttpServer2.ConfContextAttribute, kmsConf);
sce.GetServletContext().SetAttribute(HttpServer2.AdminsAcl, new AccessControlList
(AccessControlList.WildcardAclValue));
// intializing the KeyProvider
string providerString = kmsConf.Get(KMSConfiguration.KeyProviderUri);
if (providerString == null)
{
throw new InvalidOperationException("No KeyProvider has been defined");
}
KeyProvider keyProvider = KeyProviderFactory.Get(new URI(providerString), kmsConf
);
if (kmsConf.GetBoolean(KMSConfiguration.KeyCacheEnable, KMSConfiguration.KeyCacheEnableDefault
))
{
long keyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.KeyCacheTimeoutKey, KMSConfiguration
.KeyCacheTimeoutDefault);
long currKeyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.CurrKeyCacheTimeoutKey
, KMSConfiguration.CurrKeyCacheTimeoutDefault);
keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis
);
}
Log.Info("Initialized KeyProvider " + keyProvider);
keyProviderCryptoExtension = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension
(keyProvider);
keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf
, keyProviderCryptoExtension);
if (kmsConf.GetBoolean(KMSConfiguration.KeyAuthorizationEnable, KMSConfiguration.
KeyAuthorizationEnableDefault))
{
keyProviderCryptoExtension = new KeyAuthorizationKeyProvider(keyProviderCryptoExtension
, kmsAcls);
}
Log.Info("Initialized KeyProviderCryptoExtension " + keyProviderCryptoExtension);
int defaultBitlength = kmsConf.GetInt(KeyProvider.DefaultBitlengthName, KeyProvider
.DefaultBitlength);
Log.Info("Default key bitlength is {}", defaultBitlength);
Log.Info("KMS Started");
}
catch (Exception ex)
{
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("ERROR: Hadoop KMS could not be started");
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("REASON: " + ex.ToString());
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("Stacktrace:");
System.Console.Out.WriteLine("---------------------------------------------------"
);
Runtime.PrintStackTrace(ex, System.Console.Out);
System.Console.Out.WriteLine("---------------------------------------------------"
);
System.Console.Out.WriteLine();
System.Environment.Exit(1);
}
}
