/// <exception cref="System.IO.IOException"/>
public override IList <KeyProvider.KeyVersion> GetKeyVersions(string name)
{
readLock.Lock();
try
{
IList <KeyProvider.KeyVersion> list = new AList <KeyProvider.KeyVersion>();
KeyProvider.Metadata km = GetMetadata(name);
if (km != null)
{
int latestVersion = km.GetVersions();
KeyProvider.KeyVersion v = null;
string versionName = null;
for (int i = 0; i < latestVersion; i++)
{
versionName = BuildVersionName(name, i);
v = GetKeyVersion(versionName);
if (v != null)
{
list.AddItem(v);
}
}
}
return(list);
}
finally
{
readLock.Unlock();
}
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options
options)
{
lock (this)
{
Text nameT = new Text(name);
if (credentials.GetSecretKey(nameT) != null)
{
throw new IOException("Key " + name + " already exists in " + this);
}
if (options.GetBitLength() != 8 * material.Length)
{
throw new IOException("Wrong key length. Required " + options.GetBitLength() + ", but got "
+ (8 * material.Length));
}
KeyProvider.Metadata meta = new KeyProvider.Metadata(options.GetCipher(), options
.GetBitLength(), options.GetDescription(), options.GetAttributes(), new DateTime
(), 1);
cache[name] = meta;
string versionName = BuildVersionName(name, 0);
credentials.AddSecretKey(nameT, meta.Serialize());
credentials.AddSecretKey(new Text(versionName), material);
return(new KeyProvider.KeyVersion(name, versionName, material));
}
}
public virtual void TestMetadata()
{
KeyProvider.Metadata mockMeta = Org.Mockito.Mockito.Mock <KeyProvider.Metadata>();
KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>();
Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k1"))).ThenReturn
(mockMeta);
Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k2"))).ThenReturn
(null);
Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration());
KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100);
// asserting caching
Assert.Equal(mockMeta, cache.GetMetadata("k1"));
Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito
.Eq("k1"));
Assert.Equal(mockMeta, cache.GetMetadata("k1"));
Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito
.Eq("k1"));
Thread.Sleep(200);
Assert.Equal(mockMeta, cache.GetMetadata("k1"));
Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito
.Eq("k1"));
// asserting no caching when key is not known
cache = new CachingKeyProvider(mockProv, 100, 100);
Assert.Equal(null, cache.GetMetadata("k2"));
Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito
.Eq("k2"));
Assert.Equal(null, cache.GetMetadata("k2"));
Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito
.Eq("k2"));
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.KeyVersion RollNewVersion(string name, byte[] material
)
{
writeLock.Lock();
try
{
KeyProvider.Metadata meta = GetMetadata(name);
if (meta == null)
{
throw new IOException("Key " + name + " not found");
}
if (meta.GetBitLength() != 8 * material.Length)
{
throw new IOException("Wrong key length. Required " + meta.GetBitLength() + ", but got "
+ (8 * material.Length));
}
int nextVersion = meta.AddVersion();
string versionName = BuildVersionName(name, nextVersion);
return(InnerSetKeyVersion(name, versionName, material, meta.GetCipher()));
}
finally
{
writeLock.Unlock();
}
}
/// <summary>Get key metadata in bulk.</summary>
/// <param name="names">the names of the keys to get</param>
/// <exception cref="System.IO.IOException"/>
public virtual KeyProvider.Metadata[] GetKeysMetadata(params string[] names)
{
KeyProvider.Metadata[] result = new KeyProvider.Metadata[names.Length];
for (int i = 0; i < names.Length; ++i)
{
result[i] = GetMetadata(names[i]);
}
return(result);
}
/// <summary>
/// Get the current version of the key, which should be used for encrypting new
/// data.
/// </summary>
/// <param name="name">the base name of the key</param>
/// <returns>
/// the version name of the current version of the key or null if the
/// key version doesn't exist
/// </returns>
/// <exception cref="System.IO.IOException"/>
public virtual KeyProvider.KeyVersion GetCurrentKey(string name)
{
KeyProvider.Metadata meta = GetMetadata(name);
if (meta == null)
{
return(null);
}
return(GetKeyVersion(BuildVersionName(name, meta.GetVersions() - 1)));
}
public virtual void TestMetadata()
{
//Metadata without description
DateFormat format = new SimpleDateFormat("y/m/d");
DateTime date = format.Parse("2013/12/25");
KeyProvider.Metadata meta = new KeyProvider.Metadata("myCipher", 100, null, null,
date, 123);
Assert.Equal("myCipher", meta.GetCipher());
Assert.Equal(100, meta.GetBitLength());
NUnit.Framework.Assert.IsNull(meta.GetDescription());
Assert.Equal(date, meta.GetCreated());
Assert.Equal(123, meta.GetVersions());
KeyProvider.Metadata second = new KeyProvider.Metadata(meta.Serialize());
Assert.Equal(meta.GetCipher(), second.GetCipher());
Assert.Equal(meta.GetBitLength(), second.GetBitLength());
NUnit.Framework.Assert.IsNull(second.GetDescription());
Assert.True(second.GetAttributes().IsEmpty());
Assert.Equal(meta.GetCreated(), second.GetCreated());
Assert.Equal(meta.GetVersions(), second.GetVersions());
int newVersion = second.AddVersion();
Assert.Equal(123, newVersion);
Assert.Equal(124, second.GetVersions());
Assert.Equal(123, meta.GetVersions());
//Metadata with description
format = new SimpleDateFormat("y/m/d");
date = format.Parse("2013/12/25");
IDictionary <string, string> attributes = new Dictionary <string, string>();
attributes["a"] = "A";
meta = new KeyProvider.Metadata("myCipher", 100, "description", attributes, date,
123);
Assert.Equal("myCipher", meta.GetCipher());
Assert.Equal(100, meta.GetBitLength());
Assert.Equal("description", meta.GetDescription());
Assert.Equal(attributes, meta.GetAttributes());
Assert.Equal(date, meta.GetCreated());
Assert.Equal(123, meta.GetVersions());
second = new KeyProvider.Metadata(meta.Serialize());
Assert.Equal(meta.GetCipher(), second.GetCipher());
Assert.Equal(meta.GetBitLength(), second.GetBitLength());
Assert.Equal(meta.GetDescription(), second.GetDescription());
Assert.Equal(meta.GetAttributes(), second.GetAttributes());
Assert.Equal(meta.GetCreated(), second.GetCreated());
Assert.Equal(meta.GetVersions(), second.GetVersions());
newVersion = second.AddVersion();
Assert.Equal(123, newVersion);
Assert.Equal(124, second.GetVersions());
Assert.Equal(123, meta.GetVersions());
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.Metadata GetMetadata(string name)
{
readLock.Lock();
try
{
if (cache.Contains(name))
{
return(cache[name]);
}
try
{
if (!keyStore.ContainsAlias(name))
{
return(null);
}
KeyProvider.Metadata meta = ((JavaKeyStoreProvider.KeyMetadata)keyStore.GetKey(name
, password)).metadata;
cache[name] = meta;
return(meta);
}
catch (InvalidCastException e)
{
throw new IOException("Can't cast key for " + name + " in keystore " + path + " to a KeyMetadata. Key may have been added using "
+ " keytool or some other non-Hadoop method.", e);
}
catch (KeyStoreException e)
{
throw new IOException("Can't get metadata for " + name + " from keystore " + path
, e);
}
catch (NoSuchAlgorithmException e)
{
throw new IOException("Can't get algorithm for " + name + " from keystore " + path
, e);
}
catch (UnrecoverableKeyException e)
{
throw new IOException("Can't recover key for " + name + " from keystore " + path,
e);
}
}
finally
{
readLock.Unlock();
}
}
/// <exception cref="System.IO.IOException"/>
public override void DeleteKey(string name)
{
lock (this)
{
KeyProvider.Metadata meta = GetMetadata(name);
if (meta == null)
{
throw new IOException("Key " + name + " does not exist in " + this);
}
for (int v = 0; v < meta.GetVersions(); ++v)
{
credentials.RemoveSecretKey(new Text(BuildVersionName(name, v)));
}
credentials.RemoveSecretKey(new Text(name));
Collections.Remove(cache, name);
}
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.Metadata GetMetadata(string name)
{
lock (this)
{
if (cache.Contains(name))
{
return(cache[name]);
}
byte[] serialized = credentials.GetSecretKey(new Text(name));
if (serialized == null)
{
return(null);
}
KeyProvider.Metadata result = new KeyProvider.Metadata(serialized);
cache[name] = result;
return(result);
}
}
/// <exception cref="System.IO.IOException"/>
public override void DeleteKey(string name)
{
writeLock.Lock();
try
{
KeyProvider.Metadata meta = GetMetadata(name);
if (meta == null)
{
throw new IOException("Key " + name + " does not exist in " + this);
}
for (int v = 0; v < meta.GetVersions(); ++v)
{
string versionName = BuildVersionName(name, v);
try
{
if (keyStore.ContainsAlias(versionName))
{
keyStore.DeleteEntry(versionName);
}
}
catch (KeyStoreException e)
{
throw new IOException("Problem removing " + versionName + " from " + this, e);
}
}
try
{
if (keyStore.ContainsAlias(name))
{
keyStore.DeleteEntry(name);
}
}
catch (KeyStoreException e)
{
throw new IOException("Problem removing " + name + " from " + this, e);
}
Collections.Remove(cache, name);
changed = true;
}
finally
{
writeLock.Unlock();
}
}
/// <exception cref="System.IO.IOException"/>
public override IList <KeyProvider.KeyVersion> GetKeyVersions(string name)
{
lock (this)
{
IList <KeyProvider.KeyVersion> list = new AList <KeyProvider.KeyVersion>();
KeyProvider.Metadata km = GetMetadata(name);
if (km != null)
{
int latestVersion = km.GetVersions();
for (int i = 0; i < latestVersion; i++)
{
KeyProvider.KeyVersion v = GetKeyVersion(BuildVersionName(name, i));
if (v != null)
{
list.AddItem(v);
}
}
}
return(list);
}
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.KeyVersion RollNewVersion(string name, byte[] material
)
{
lock (this)
{
KeyProvider.Metadata meta = GetMetadata(name);
if (meta == null)
{
throw new IOException("Key " + name + " not found");
}
if (meta.GetBitLength() != 8 * material.Length)
{
throw new IOException("Wrong key length. Required " + meta.GetBitLength() + ", but got "
+ (8 * material.Length));
}
int nextVersion = meta.AddVersion();
credentials.AddSecretKey(new Text(name), meta.Serialize());
string versionName = BuildVersionName(name, nextVersion);
credentials.AddSecretKey(new Text(versionName), material);
return(new KeyProvider.KeyVersion(name, versionName, material));
}
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options
options)
{
Preconditions.CheckArgument(name.Equals(StringUtils.ToLowerCase(name)), "Uppercase key names are unsupported: %s"
, name);
writeLock.Lock();
try
{
try
{
if (keyStore.ContainsAlias(name) || cache.Contains(name))
{
throw new IOException("Key " + name + " already exists in " + this);
}
}
catch (KeyStoreException e)
{
throw new IOException("Problem looking up key " + name + " in " + this, e);
}
KeyProvider.Metadata meta = new KeyProvider.Metadata(options.GetCipher(), options
.GetBitLength(), options.GetDescription(), options.GetAttributes(), new DateTime
(), 1);
if (options.GetBitLength() != 8 * material.Length)
{
throw new IOException("Wrong key length. Required " + options.GetBitLength() + ", but got "
+ (8 * material.Length));
}
cache[name] = meta;
string versionName = BuildVersionName(name, 0);
return(InnerSetKeyVersion(name, versionName, material, meta.GetCipher()));
}
finally
{
writeLock.Unlock();
}
}
/// <exception cref="System.Exception"/>
internal static void CheckSpecificProvider(Configuration conf, string ourUrl)
{
KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0];
byte[] key1 = new byte[16];
byte[] key2 = new byte[16];
byte[] key3 = new byte[16];
for (int i = 0; i < key1.Length; ++i)
{
key1[i] = unchecked ((byte)i);
key2[i] = unchecked ((byte)(i * 2));
key3[i] = unchecked ((byte)(i * 3));
}
// ensure that we get nulls when the key isn't there
Assert.Equal(null, provider.GetKeyVersion("no-such-key"));
Assert.Equal(null, provider.GetMetadata("key"));
// create a new key
try
{
provider.CreateKey("key3", key3, KeyProvider.Options(conf));
}
catch (Exception e)
{
Runtime.PrintStackTrace(e);
throw;
}
// check the metadata for key3
KeyProvider.Metadata meta = provider.GetMetadata("key3");
Assert.Equal(KeyProvider.DefaultCipher, meta.GetCipher());
Assert.Equal(KeyProvider.DefaultBitlength, meta.GetBitLength()
);
Assert.Equal(1, meta.GetVersions());
// make sure we get back the right key
Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial());
Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName
());
// try recreating key3
try
{
provider.CreateKey("key3", key3, KeyProvider.Options(conf));
Assert.True("should throw", false);
}
catch (IOException e)
{
Assert.Equal("Key key3 already exists in " + ourUrl, e.Message
);
}
provider.DeleteKey("key3");
try
{
provider.DeleteKey("key3");
Assert.True("should throw", false);
}
catch (IOException e)
{
Assert.Equal("Key key3 does not exist in " + ourUrl, e.Message
);
}
provider.CreateKey("key3", key3, KeyProvider.Options(conf));
try
{
provider.CreateKey("key4", key3, KeyProvider.Options(conf).SetBitLength(8));
Assert.True("should throw", false);
}
catch (IOException e)
{
Assert.Equal("Wrong key length. Required 8, but got 128", e.Message
);
}
provider.CreateKey("key4", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength
(8));
provider.RollNewVersion("key4", new byte[] { 2 });
meta = provider.GetMetadata("key4");
Assert.Equal(2, meta.GetVersions());
Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial
());
Assert.AssertArrayEquals(new byte[] { 1 }, provider.GetKeyVersion("key4@0").GetMaterial
());
Assert.Equal("key4@1", provider.GetCurrentKey("key4").GetVersionName
());
try
{
provider.RollNewVersion("key4", key1);
Assert.True("should throw", false);
}
catch (IOException e)
{
Assert.Equal("Wrong key length. Required 8, but got 128", e.Message
);
}
try
{
provider.RollNewVersion("no-such-key", key1);
Assert.True("should throw", false);
}
catch (IOException e)
{
Assert.Equal("Key no-such-key not found", e.Message);
}
provider.Flush();
// get a new instance of the provider to ensure it was saved correctly
provider = KeyProviderFactory.GetProviders(conf)[0];
Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial
());
Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial());
Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName
());
IList <string> keys = provider.GetKeys();
Assert.True("Keys should have been returned.", keys.Count == 2);
Assert.True("Returned Keys should have included key3.", keys.Contains
("key3"));
Assert.True("Returned Keys should have included key4.", keys.Contains
("key4"));
IList <KeyProvider.KeyVersion> kvl = provider.GetKeyVersions("key3");
Assert.True("KeyVersions should have been returned for key3.",
kvl.Count == 1);
Assert.True("KeyVersions should have included key3@0.", kvl[0].
GetVersionName().Equals("key3@0"));
Assert.AssertArrayEquals(key3, kvl[0].GetMaterial());
}
// NOP
/// <summary>Roll a new version of the given key generating the material for it.</summary>
/// <remarks>
/// Roll a new version of the given key generating the material for it.
/// <p/>
/// This implementation generates the key material and calls the
/// <see cref="RollNewVersion(string, byte[])"/>
/// method.
/// </remarks>
/// <param name="name">the basename of the key</param>
/// <returns>the name of the new version of the key</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="NoSuchAlgorithmException"/>
public virtual KeyProvider.KeyVersion RollNewVersion(string name)
{
KeyProvider.Metadata meta = GetMetadata(name);
byte[] material = GenerateKey(meta.GetBitLength(), meta.GetCipher());
return(RollNewVersion(name, material));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.TypeLoadException"/>
private void ReadObject(ObjectInputStream @in)
{
byte[] buf = new byte[@in.ReadInt()];
@in.ReadFully(buf);
metadata = new KeyProvider.Metadata(buf);
}
private KeyMetadata(KeyProvider.Metadata meta)
{
this.metadata = meta;
}
