public _PrivilegedExceptionAction_478(KMSClientProvider _enclosing, Uri url, string
doAsUser)
{
this._enclosing = _enclosing;
this.url = url;
this.doAsUser = doAsUser;
}
public virtual void TestLoadBalancing()
{
Configuration conf = new Configuration();
KMSClientProvider p1 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p1.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenReturn(new KMSClientProvider.KMSKeyVersion("p1"
, "v1", new byte[0]));
KMSClientProvider p2 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p2.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenReturn(new KMSClientProvider.KMSKeyVersion("p2"
, "v2", new byte[0]));
KMSClientProvider p3 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p3.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenReturn(new KMSClientProvider.KMSKeyVersion("p3"
, "v3", new byte[0]));
KeyProvider kp = new LoadBalancingKMSClientProvider(new KMSClientProvider[] { p1,
p2, p3 }, 0, conf);
Assert.Equal("p1", kp.CreateKey("test1", new KeyProvider.Options
(conf)).GetName());
Assert.Equal("p2", kp.CreateKey("test2", new KeyProvider.Options
(conf)).GetName());
Assert.Equal("p3", kp.CreateKey("test3", new KeyProvider.Options
(conf)).GetName());
Assert.Equal("p1", kp.CreateKey("test4", new KeyProvider.Options
(conf)).GetName());
}
/// <exception cref="System.IO.IOException"/>
private KeyProvider CreateProvider(URI providerUri, Configuration conf, Uri origUrl
, int port, string hostsPart)
{
string[] hosts = hostsPart.Split(";");
if (hosts.Length == 1)
{
return(new KMSClientProvider(providerUri, conf));
}
else
{
KMSClientProvider[] providers = new KMSClientProvider[hosts.Length];
for (int i = 0; i < hosts.Length; i++)
{
try
{
providers[i] = new KMSClientProvider(new URI("kms", origUrl.Scheme, hosts[i], port
, origUrl.AbsolutePath, null, null), conf);
}
catch (URISyntaxException e)
{
throw new IOException("Could not instantiate KMSProvider..", e);
}
}
return(new LoadBalancingKMSClientProvider(providers, conf));
}
}
public virtual void TestLoadBalancingWithFailure()
{
Configuration conf = new Configuration();
KMSClientProvider p1 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p1.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenReturn(new KMSClientProvider.KMSKeyVersion("p1"
, "v1", new byte[0]));
Org.Mockito.Mockito.When(p1.GetKMSUrl()).ThenReturn("p1");
// This should not be retried
KMSClientProvider p2 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p2.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new NoSuchAlgorithmException("p2"));
Org.Mockito.Mockito.When(p2.GetKMSUrl()).ThenReturn("p2");
KMSClientProvider p3 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p3.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenReturn(new KMSClientProvider.KMSKeyVersion("p3"
, "v3", new byte[0]));
Org.Mockito.Mockito.When(p3.GetKMSUrl()).ThenReturn("p3");
// This should be retried
KMSClientProvider p4 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p4.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new IOException("p4"));
Org.Mockito.Mockito.When(p4.GetKMSUrl()).ThenReturn("p4");
KeyProvider kp = new LoadBalancingKMSClientProvider(new KMSClientProvider[] { p1,
p2, p3, p4 }, 0, conf);
Assert.Equal("p1", kp.CreateKey("test4", new KeyProvider.Options
(conf)).GetName());
// Exceptions other than IOExceptions will not be retried
try
{
kp.CreateKey("test1", new KeyProvider.Options(conf)).GetName();
NUnit.Framework.Assert.Fail("Should fail since its not an IOException");
}
catch (Exception e)
{
Assert.True(e is NoSuchAlgorithmException);
}
Assert.Equal("p3", kp.CreateKey("test2", new KeyProvider.Options
(conf)).GetName());
// IOException will trigger retry in next provider
Assert.Equal("p1", kp.CreateKey("test3", new KeyProvider.Options
(conf)).GetName());
}
/* It's possible to specify a timeout, in seconds, in the config file */
/* Number of times to retry authentication in the event of auth failure
* (normally happens due to stale authToken)
*/
/// <exception cref="System.IO.IOException"/>
public virtual void FillQueueForKey(string keyName, Queue <KeyProviderCryptoExtension.EncryptedKeyVersion
> keyQueue, int numEKVs)
{
KMSClientProvider.CheckNotNull(keyName, "keyName");
IDictionary <string, string> @params = new Dictionary <string, string>();
@params[KMSRESTConstants.EekOp] = KMSRESTConstants.EekGenerate;
@params[KMSRESTConstants.EekNumKeys] = string.Empty + numEKVs;
Uri url = this._enclosing.CreateURL(KMSRESTConstants.KeyResource, keyName, KMSRESTConstants
.EekSubResource, @params);
HttpURLConnection conn = this._enclosing.CreateConnection(url, KMSClientProvider.
HttpGet);
conn.SetRequestProperty(KMSClientProvider.ContentType, KMSClientProvider.ApplicationJsonMime
);
IList response = this._enclosing.Call <IList>(conn, null, HttpURLConnection.HttpOk
);
IList <KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs = KMSClientProvider.ParseJSONEncKeyVersion
(keyName, response);
Collections.AddAll(keyQueue, ekvs);
}
/// <exception cref="System.IO.IOException"/>
private T DoOp <T>(LoadBalancingKMSClientProvider.ProviderCallable <T> op, int currPos
)
{
IOException ex = null;
for (int i = 0; i < providers.Length; i++)
{
KMSClientProvider provider = providers[(currPos + i) % providers.Length];
try
{
return(op.Call(provider));
}
catch (IOException ioe)
{
Log.Warn("KMS provider at [{}] threw an IOException [{}]!!", provider.GetKMSUrl()
, ioe.Message);
ex = ioe;
}
catch (Exception e)
{
if (e is RuntimeException)
{
throw (RuntimeException)e;
}
else
{
throw new LoadBalancingKMSClientProvider.WrapperException(e);
}
}
}
if (ex != null)
{
Log.Warn("Aborting since the Request has failed with all KMS" + " providers in the group. !!"
);
throw ex;
}
throw new IOException("No providers configured !!");
}
public virtual void TestLoadBalancingWithAllBadNodes()
{
Configuration conf = new Configuration();
KMSClientProvider p1 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p1.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new IOException("p1"));
KMSClientProvider p2 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p2.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new IOException("p2"));
KMSClientProvider p3 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p3.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new IOException("p3"));
KMSClientProvider p4 = Org.Mockito.Mockito.Mock <KMSClientProvider>();
Org.Mockito.Mockito.When(p4.CreateKey(Org.Mockito.Mockito.AnyString(), Org.Mockito.Mockito
.Any <KeyProvider.Options>())).ThenThrow(new IOException("p4"));
Org.Mockito.Mockito.When(p1.GetKMSUrl()).ThenReturn("p1");
Org.Mockito.Mockito.When(p2.GetKMSUrl()).ThenReturn("p2");
Org.Mockito.Mockito.When(p3.GetKMSUrl()).ThenReturn("p3");
Org.Mockito.Mockito.When(p4.GetKMSUrl()).ThenReturn("p4");
KeyProvider kp = new LoadBalancingKMSClientProvider(new KMSClientProvider[] { p1,
p2, p3, p4 }, 0, conf);
try
{
kp.CreateKey("test3", new KeyProvider.Options(conf)).GetName();
NUnit.Framework.Assert.Fail("Should fail since all providers threw an IOException"
);
}
catch (Exception e)
{
Assert.True(e is IOException);
}
}
/// <exception cref="System.IO.IOException"/>
public KeyProvider.KeyVersion Call(KMSClientProvider provider)
{
return(provider.GetKeyVersion(versionName));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="NoSuchAlgorithmException"/>
public KeyProvider.KeyVersion Call(KMSClientProvider provider)
{
return(provider.RollNewVersion(name));
}
/// <exception cref="System.IO.IOException"/>
public Void Call(KMSClientProvider provider)
{
provider.DeleteKey(name);
return(null);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="NoSuchAlgorithmException"/>
public KeyProvider.KeyVersion Call(KMSClientProvider provider)
{
return(provider.CreateKey(name, options));
}
/// <exception cref="System.IO.IOException"/>
public KeyProvider.Metadata Call(KMSClientProvider provider)
{
return(provider.GetMetadata(name));
}
/// <exception cref="System.IO.IOException"/>
public KeyProvider.KeyVersion Call(KMSClientProvider provider)
{
return(provider.GetCurrentKey(name));
}
/// <exception cref="System.IO.IOException"/>
public IList <KeyProvider.KeyVersion> Call(KMSClientProvider provider)
{
return(provider.GetKeyVersions(name));
}
/// <exception cref="System.IO.IOException"/>
public KeyProvider.Metadata[] Call(KMSClientProvider provider)
{
return(provider.GetKeysMetadata(names));
}
/// <exception cref="System.IO.IOException"/>
public IList <string> Call(KMSClientProvider provider)
{
return(provider.GetKeys());
}
internal EncryptedQueueRefiller(KMSClientProvider _enclosing)
{
this._enclosing = _enclosing;
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="GeneralSecurityException"/>
public KeyProvider.KeyVersion Call(KMSClientProvider provider)
{
return(provider.DecryptEncryptedKey(encryptedKeyVersion));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="GeneralSecurityException"/>
public KeyProviderCryptoExtension.EncryptedKeyVersion Call(KMSClientProvider provider
)
{
return(provider.GenerateEncryptedKey(encryptionKeyName));
}
/// <exception cref="System.IO.IOException"/>
public Org.Apache.Hadoop.Security.Token.Token <object>[] Call(KMSClientProvider provider
)
{
return(provider.AddDelegationTokens(renewer, credentials));
}
