예제 #1
0
        public virtual void TestDefaults()
        {
            KMSACLs acls = new KMSACLs(new Configuration(false));

            foreach (KMSACLs.Type type in KMSACLs.Type.Values())
            {
                Assert.True(acls.HasAccess(type, UserGroupInformation.CreateRemoteUser
                                               ("foo")));
            }
        }
예제 #2
0
        public virtual void TestKeyAclConfigurationLoad()
        {
            Configuration conf = new Configuration(false);

            conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_1.MANAGEMENT", "CREATE");
            conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_2.ALL", "CREATE");
            conf.Set(KeyAuthorizationKeyProvider.KeyAcl + "test_key_3.NONEXISTOPERATION", "CREATE"
                     );
            conf.Set(KMSConfiguration.DefaultKeyAclPrefix + "MANAGEMENT", "ROLLOVER");
            conf.Set(KMSConfiguration.WhitelistKeyAclPrefix + "MANAGEMENT", "DECRYPT_EEK");
            KMSACLs acls = new KMSACLs(conf);

            Assert.True("expected key ACL size is 2 but got " + acls.keyAcls
                        .Count, acls.keyAcls.Count == 2);
        }
예제 #3
0
        public virtual void TestCustom()
        {
            Configuration conf = new Configuration(false);

            foreach (KMSACLs.Type type in KMSACLs.Type.Values())
            {
                conf.Set(type.GetAclConfigKey(), type.ToString() + " ");
            }
            KMSACLs acls = new KMSACLs(conf);

            foreach (KMSACLs.Type type_1 in KMSACLs.Type.Values())
            {
                Assert.True(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser
                                               (type_1.ToString())));
                NUnit.Framework.Assert.IsFalse(acls.HasAccess(type_1, UserGroupInformation.CreateRemoteUser
                                                                  ("foo")));
            }
        }
예제 #4
0
 public virtual void ContextInitialized(ServletContextEvent sce)
 {
     try
     {
         string confDir = Runtime.GetProperty(KMSConfiguration.KmsConfigDir);
         if (confDir == null)
         {
             throw new RuntimeException("System property '" + KMSConfiguration.KmsConfigDir +
                                        "' not defined");
         }
         kmsConf = KMSConfiguration.GetKMSConf();
         InitLogging(confDir);
         Log.Info("-------------------------------------------------------------");
         Log.Info("  Java runtime version : {}", Runtime.GetProperty("java.runtime.version"
                                                                     ));
         Log.Info("  KMS Hadoop Version: " + VersionInfo.GetVersion());
         Log.Info("-------------------------------------------------------------");
         kmsAcls = new KMSACLs();
         kmsAcls.StartReloader();
         metricRegistry = new MetricRegistry();
         jmxReporter    = JmxReporter.ForRegistry(metricRegistry).Build();
         jmxReporter.Start();
         generateEEKCallsMeter  = metricRegistry.Register(GenerateEekMeter, new Meter());
         decryptEEKCallsMeter   = metricRegistry.Register(DecryptEekMeter, new Meter());
         adminCallsMeter        = metricRegistry.Register(AdminCallsMeter, new Meter());
         keyCallsMeter          = metricRegistry.Register(KeyCallsMeter, new Meter());
         invalidCallsMeter      = metricRegistry.Register(InvalidCallsMeter, new Meter());
         unauthorizedCallsMeter = metricRegistry.Register(UnauthorizedCallsMeter, new Meter
                                                              ());
         unauthenticatedCallsMeter = metricRegistry.Register(UnauthenticatedCallsMeter, new
                                                             Meter());
         kmsAudit = new KMSAudit(kmsConf.GetLong(KMSConfiguration.KmsAuditAggregationWindow
                                                 , KMSConfiguration.KmsAuditAggregationWindowDefault));
         // this is required for the the JMXJsonServlet to work properly.
         // the JMXJsonServlet is behind the authentication filter,
         // thus the '*' ACL.
         sce.GetServletContext().SetAttribute(HttpServer2.ConfContextAttribute, kmsConf);
         sce.GetServletContext().SetAttribute(HttpServer2.AdminsAcl, new AccessControlList
                                                  (AccessControlList.WildcardAclValue));
         // intializing the KeyProvider
         string providerString = kmsConf.Get(KMSConfiguration.KeyProviderUri);
         if (providerString == null)
         {
             throw new InvalidOperationException("No KeyProvider has been defined");
         }
         KeyProvider keyProvider = KeyProviderFactory.Get(new URI(providerString), kmsConf
                                                          );
         if (kmsConf.GetBoolean(KMSConfiguration.KeyCacheEnable, KMSConfiguration.KeyCacheEnableDefault
                                ))
         {
             long keyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.KeyCacheTimeoutKey, KMSConfiguration
                                                     .KeyCacheTimeoutDefault);
             long currKeyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.CurrKeyCacheTimeoutKey
                                                         , KMSConfiguration.CurrKeyCacheTimeoutDefault);
             keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis
                                                  );
         }
         Log.Info("Initialized KeyProvider " + keyProvider);
         keyProviderCryptoExtension = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension
                                          (keyProvider);
         keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf
                                                                                      , keyProviderCryptoExtension);
         if (kmsConf.GetBoolean(KMSConfiguration.KeyAuthorizationEnable, KMSConfiguration.
                                KeyAuthorizationEnableDefault))
         {
             keyProviderCryptoExtension = new KeyAuthorizationKeyProvider(keyProviderCryptoExtension
                                                                          , kmsAcls);
         }
         Log.Info("Initialized KeyProviderCryptoExtension " + keyProviderCryptoExtension);
         int defaultBitlength = kmsConf.GetInt(KeyProvider.DefaultBitlengthName, KeyProvider
                                               .DefaultBitlength);
         Log.Info("Default key bitlength is {}", defaultBitlength);
         Log.Info("KMS Started");
     }
     catch (Exception ex)
     {
         System.Console.Out.WriteLine();
         System.Console.Out.WriteLine("ERROR: Hadoop KMS could not be started");
         System.Console.Out.WriteLine();
         System.Console.Out.WriteLine("REASON: " + ex.ToString());
         System.Console.Out.WriteLine();
         System.Console.Out.WriteLine("Stacktrace:");
         System.Console.Out.WriteLine("---------------------------------------------------"
                                      );
         Runtime.PrintStackTrace(ex, System.Console.Out);
         System.Console.Out.WriteLine("---------------------------------------------------"
                                      );
         System.Console.Out.WriteLine();
         System.Environment.Exit(1);
     }
 }