/// <summary>Create a new encryption zone.</summary>
/// <remarks>
/// Create a new encryption zone.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
/// <exception cref="System.IO.IOException"/>
internal virtual XAttr CreateEncryptionZone(string src, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
System.Diagnostics.Debug.Assert(dir.HasWriteLock());
INodesInPath srcIIP = dir.GetINodesInPath4Write(src, false);
if (dir.IsNonEmptyDirectory(srcIIP))
{
throw new IOException("Attempt to create an encryption zone for a non-empty directory."
);
}
if (srcIIP != null && srcIIP.GetLastINode() != null && !srcIIP.GetLastINode().IsDirectory
())
{
throw new IOException("Attempt to create an encryption zone for a file.");
}
EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(srcIIP);
if (ezi != null)
{
throw new IOException("Directory " + src + " is already in an " + "encryption zone. ("
+ GetFullPathName(ezi) + ")");
}
HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.Convert(suite, version, keyName
);
XAttr ezXAttr = XAttrHelper.BuildXAttr(HdfsServerConstants.CryptoXattrEncryptionZone
, proto.ToByteArray());
IList <XAttr> xattrs = Lists.NewArrayListWithCapacity(1);
xattrs.AddItem(ezXAttr);
// updating the xattr will call addEncryptionZone,
// done this way to handle edit log loading
FSDirXAttrOp.UnprotectedSetXAttrs(dir, src, xattrs, EnumSet.Of(XAttrSetFlag.Create
));
return(ezXAttr);
}
/// <summary>Add a new encryption zone.</summary>
/// <remarks>
/// Add a new encryption zone.
/// <p/>
/// Does not assume that the FSDirectory lock is held.
/// </remarks>
/// <param name="inodeId">of the encryption zone</param>
/// <param name="keyName">encryption zone key name</param>
internal virtual void UnprotectedAddEncryptionZone(long inodeId, CipherSuite suite
, CryptoProtocolVersion version, string keyName)
{
EncryptionZoneManager.EncryptionZoneInt ez = new EncryptionZoneManager.EncryptionZoneInt
(inodeId, suite, version, keyName);
encryptionZones[inodeId] = ez;
}
public EncryptionZone(long id, string path, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
this.id = id;
this.path = path;
this.suite = suite;
this.version = version;
this.keyName = keyName;
}
internal EncryptionZoneInt(long inodeId, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
Preconditions.CheckArgument(suite != CipherSuite.Unknown);
Preconditions.CheckArgument(version != CryptoProtocolVersion.Unknown);
this.inodeId = inodeId;
this.suite = suite;
this.version = version;
this.keyName = keyName;
}
/// <summary>Create a FileEncryptionInfo.</summary>
/// <param name="suite">CipherSuite used to encrypt the file</param>
/// <param name="edek">encrypted data encryption key (EDEK) of the file</param>
/// <param name="iv">initialization vector (IV) used to encrypt the file</param>
/// <param name="keyName">name of the key used for the encryption zone</param>
/// <param name="ezKeyVersionName">
/// name of the KeyVersion used to encrypt the
/// encrypted data encryption key.
/// </param>
public FileEncryptionInfo(CipherSuite suite, CryptoProtocolVersion version, byte[]
edek, byte[] iv, string keyName, string ezKeyVersionName)
{
Preconditions.CheckNotNull(suite);
Preconditions.CheckNotNull(version);
Preconditions.CheckNotNull(edek);
Preconditions.CheckNotNull(iv);
Preconditions.CheckNotNull(keyName);
Preconditions.CheckNotNull(ezKeyVersionName);
Preconditions.CheckArgument(iv.Length == suite.GetAlgorithmBlockSize(), "Unexpected IV length"
);
this.cipherSuite = suite;
this.version = version;
this.edek = edek;
this.iv = iv;
this.keyName = keyName;
this.ezKeyVersionName = ezKeyVersionName;
}
/// <summary>Add a new encryption zone.</summary>
/// <remarks>
/// Add a new encryption zone.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
/// <param name="inodeId">of the encryption zone</param>
/// <param name="keyName">encryption zone key name</param>
internal virtual void AddEncryptionZone(long inodeId, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
System.Diagnostics.Debug.Assert(dir.HasWriteLock());
UnprotectedAddEncryptionZone(inodeId, suite, version, keyName);
}
