/// <exception cref="NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> private KeyProvider.KeyVersion CreateKeyInternal(string name, byte[] material, KeyProvider.Options options) { CheckNotEmpty(name, "name"); CheckNotNull(options, "options"); IDictionary <string, object> jsonKey = new Dictionary <string, object>(); jsonKey[KMSRESTConstants.NameField] = name; jsonKey[KMSRESTConstants.CipherField] = options.GetCipher(); jsonKey[KMSRESTConstants.LengthField] = options.GetBitLength(); if (material != null) { jsonKey[KMSRESTConstants.MaterialField] = Base64.EncodeBase64String(material); } if (options.GetDescription() != null) { jsonKey[KMSRESTConstants.DescriptionField] = options.GetDescription(); } if (options.GetAttributes() != null && !options.GetAttributes().IsEmpty()) { jsonKey[KMSRESTConstants.AttributesField] = options.GetAttributes(); } Uri url = CreateURL(KMSRESTConstants.KeysResource, null, null, null); HttpURLConnection conn = CreateConnection(url, HttpPost); conn.SetRequestProperty(ContentType, ApplicationJsonMime); IDictionary response = Call <IDictionary>(conn, jsonKey, HttpURLConnection.HttpCreated ); return(ParseJSONKeyVersion(response)); }
// This method first checks if "key.acl.name" attribute is present as an // attribute in the provider Options. If yes, use the aclName for any // subsequent access checks, else use the keyName as the aclName and set it // as the value of the "key.acl.name" in the key's metadata. /// <exception cref="System.IO.IOException"/> private void AuthorizeCreateKey(string keyName, KeyProvider.Options options, UserGroupInformation ugi) { Preconditions.CheckNotNull(ugi, "UserGroupInformation cannot be null"); IDictionary <string, string> attributes = options.GetAttributes(); string aclName = attributes[KeyAclName]; bool success = false; if (Strings.IsNullOrEmpty(aclName)) { if (acls.IsACLPresent(keyName, KeyAuthorizationKeyProvider.KeyOpType.Management)) { options.SetAttributes(ImmutableMap.Builder <string, string>().PutAll(attributes).Put (KeyAclName, keyName).Build()); success = acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType .Management) || acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType .All); } else { success = false; } } else { success = acls.IsACLPresent(aclName, KeyAuthorizationKeyProvider.KeyOpType.Management ) && (acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.Management ) || acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.All )); } if (!success) { throw new AuthorizationException(string.Format("User [%s] is not" + " authorized to create key !!" , ugi.GetShortUserName())); } }