/// <exception cref="System.IO.IOException"/> public override IList <KeyProvider.KeyVersion> GetKeyVersions(string name) { readLock.Lock(); try { IList <KeyProvider.KeyVersion> list = new AList <KeyProvider.KeyVersion>(); KeyProvider.Metadata km = GetMetadata(name); if (km != null) { int latestVersion = km.GetVersions(); KeyProvider.KeyVersion v = null; string versionName = null; for (int i = 0; i < latestVersion; i++) { versionName = BuildVersionName(name, i); v = GetKeyVersion(versionName); if (v != null) { list.AddItem(v); } } } return(list); } finally { readLock.Unlock(); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options options) { lock (this) { Text nameT = new Text(name); if (credentials.GetSecretKey(nameT) != null) { throw new IOException("Key " + name + " already exists in " + this); } if (options.GetBitLength() != 8 * material.Length) { throw new IOException("Wrong key length. Required " + options.GetBitLength() + ", but got " + (8 * material.Length)); } KeyProvider.Metadata meta = new KeyProvider.Metadata(options.GetCipher(), options .GetBitLength(), options.GetDescription(), options.GetAttributes(), new DateTime (), 1); cache[name] = meta; string versionName = BuildVersionName(name, 0); credentials.AddSecretKey(nameT, meta.Serialize()); credentials.AddSecretKey(new Text(versionName), material); return(new KeyProvider.KeyVersion(name, versionName, material)); } }
public virtual void TestMetadata() { KeyProvider.Metadata mockMeta = Org.Mockito.Mockito.Mock <KeyProvider.Metadata>(); KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>(); Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k1"))).ThenReturn (mockMeta); Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k2"))).ThenReturn (null); Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); // asserting caching Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); Thread.Sleep(200); Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); // asserting no caching when key is not known cache = new CachingKeyProvider(mockProv, 100, 100); Assert.Equal(null, cache.GetMetadata("k2")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k2")); Assert.Equal(null, cache.GetMetadata("k2")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito .Eq("k2")); }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion RollNewVersion(string name, byte[] material ) { writeLock.Lock(); try { KeyProvider.Metadata meta = GetMetadata(name); if (meta == null) { throw new IOException("Key " + name + " not found"); } if (meta.GetBitLength() != 8 * material.Length) { throw new IOException("Wrong key length. Required " + meta.GetBitLength() + ", but got " + (8 * material.Length)); } int nextVersion = meta.AddVersion(); string versionName = BuildVersionName(name, nextVersion); return(InnerSetKeyVersion(name, versionName, material, meta.GetCipher())); } finally { writeLock.Unlock(); } }
/// <summary>Get key metadata in bulk.</summary> /// <param name="names">the names of the keys to get</param> /// <exception cref="System.IO.IOException"/> public virtual KeyProvider.Metadata[] GetKeysMetadata(params string[] names) { KeyProvider.Metadata[] result = new KeyProvider.Metadata[names.Length]; for (int i = 0; i < names.Length; ++i) { result[i] = GetMetadata(names[i]); } return(result); }
/// <summary> /// Get the current version of the key, which should be used for encrypting new /// data. /// </summary> /// <param name="name">the base name of the key</param> /// <returns> /// the version name of the current version of the key or null if the /// key version doesn't exist /// </returns> /// <exception cref="System.IO.IOException"/> public virtual KeyProvider.KeyVersion GetCurrentKey(string name) { KeyProvider.Metadata meta = GetMetadata(name); if (meta == null) { return(null); } return(GetKeyVersion(BuildVersionName(name, meta.GetVersions() - 1))); }
public virtual void TestMetadata() { //Metadata without description DateFormat format = new SimpleDateFormat("y/m/d"); DateTime date = format.Parse("2013/12/25"); KeyProvider.Metadata meta = new KeyProvider.Metadata("myCipher", 100, null, null, date, 123); Assert.Equal("myCipher", meta.GetCipher()); Assert.Equal(100, meta.GetBitLength()); NUnit.Framework.Assert.IsNull(meta.GetDescription()); Assert.Equal(date, meta.GetCreated()); Assert.Equal(123, meta.GetVersions()); KeyProvider.Metadata second = new KeyProvider.Metadata(meta.Serialize()); Assert.Equal(meta.GetCipher(), second.GetCipher()); Assert.Equal(meta.GetBitLength(), second.GetBitLength()); NUnit.Framework.Assert.IsNull(second.GetDescription()); Assert.True(second.GetAttributes().IsEmpty()); Assert.Equal(meta.GetCreated(), second.GetCreated()); Assert.Equal(meta.GetVersions(), second.GetVersions()); int newVersion = second.AddVersion(); Assert.Equal(123, newVersion); Assert.Equal(124, second.GetVersions()); Assert.Equal(123, meta.GetVersions()); //Metadata with description format = new SimpleDateFormat("y/m/d"); date = format.Parse("2013/12/25"); IDictionary <string, string> attributes = new Dictionary <string, string>(); attributes["a"] = "A"; meta = new KeyProvider.Metadata("myCipher", 100, "description", attributes, date, 123); Assert.Equal("myCipher", meta.GetCipher()); Assert.Equal(100, meta.GetBitLength()); Assert.Equal("description", meta.GetDescription()); Assert.Equal(attributes, meta.GetAttributes()); Assert.Equal(date, meta.GetCreated()); Assert.Equal(123, meta.GetVersions()); second = new KeyProvider.Metadata(meta.Serialize()); Assert.Equal(meta.GetCipher(), second.GetCipher()); Assert.Equal(meta.GetBitLength(), second.GetBitLength()); Assert.Equal(meta.GetDescription(), second.GetDescription()); Assert.Equal(meta.GetAttributes(), second.GetAttributes()); Assert.Equal(meta.GetCreated(), second.GetCreated()); Assert.Equal(meta.GetVersions(), second.GetVersions()); newVersion = second.AddVersion(); Assert.Equal(123, newVersion); Assert.Equal(124, second.GetVersions()); Assert.Equal(123, meta.GetVersions()); }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.Metadata GetMetadata(string name) { readLock.Lock(); try { if (cache.Contains(name)) { return(cache[name]); } try { if (!keyStore.ContainsAlias(name)) { return(null); } KeyProvider.Metadata meta = ((JavaKeyStoreProvider.KeyMetadata)keyStore.GetKey(name , password)).metadata; cache[name] = meta; return(meta); } catch (InvalidCastException e) { throw new IOException("Can't cast key for " + name + " in keystore " + path + " to a KeyMetadata. Key may have been added using " + " keytool or some other non-Hadoop method.", e); } catch (KeyStoreException e) { throw new IOException("Can't get metadata for " + name + " from keystore " + path , e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for " + name + " from keystore " + path , e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key for " + name + " from keystore " + path, e); } } finally { readLock.Unlock(); } }
/// <exception cref="System.IO.IOException"/> public override void DeleteKey(string name) { lock (this) { KeyProvider.Metadata meta = GetMetadata(name); if (meta == null) { throw new IOException("Key " + name + " does not exist in " + this); } for (int v = 0; v < meta.GetVersions(); ++v) { credentials.RemoveSecretKey(new Text(BuildVersionName(name, v))); } credentials.RemoveSecretKey(new Text(name)); Collections.Remove(cache, name); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.Metadata GetMetadata(string name) { lock (this) { if (cache.Contains(name)) { return(cache[name]); } byte[] serialized = credentials.GetSecretKey(new Text(name)); if (serialized == null) { return(null); } KeyProvider.Metadata result = new KeyProvider.Metadata(serialized); cache[name] = result; return(result); } }
/// <exception cref="System.IO.IOException"/> public override void DeleteKey(string name) { writeLock.Lock(); try { KeyProvider.Metadata meta = GetMetadata(name); if (meta == null) { throw new IOException("Key " + name + " does not exist in " + this); } for (int v = 0; v < meta.GetVersions(); ++v) { string versionName = BuildVersionName(name, v); try { if (keyStore.ContainsAlias(versionName)) { keyStore.DeleteEntry(versionName); } } catch (KeyStoreException e) { throw new IOException("Problem removing " + versionName + " from " + this, e); } } try { if (keyStore.ContainsAlias(name)) { keyStore.DeleteEntry(name); } } catch (KeyStoreException e) { throw new IOException("Problem removing " + name + " from " + this, e); } Collections.Remove(cache, name); changed = true; } finally { writeLock.Unlock(); } }
/// <exception cref="System.IO.IOException"/> public override IList <KeyProvider.KeyVersion> GetKeyVersions(string name) { lock (this) { IList <KeyProvider.KeyVersion> list = new AList <KeyProvider.KeyVersion>(); KeyProvider.Metadata km = GetMetadata(name); if (km != null) { int latestVersion = km.GetVersions(); for (int i = 0; i < latestVersion; i++) { KeyProvider.KeyVersion v = GetKeyVersion(BuildVersionName(name, i)); if (v != null) { list.AddItem(v); } } } return(list); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion RollNewVersion(string name, byte[] material ) { lock (this) { KeyProvider.Metadata meta = GetMetadata(name); if (meta == null) { throw new IOException("Key " + name + " not found"); } if (meta.GetBitLength() != 8 * material.Length) { throw new IOException("Wrong key length. Required " + meta.GetBitLength() + ", but got " + (8 * material.Length)); } int nextVersion = meta.AddVersion(); credentials.AddSecretKey(new Text(name), meta.Serialize()); string versionName = BuildVersionName(name, nextVersion); credentials.AddSecretKey(new Text(versionName), material); return(new KeyProvider.KeyVersion(name, versionName, material)); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options options) { Preconditions.CheckArgument(name.Equals(StringUtils.ToLowerCase(name)), "Uppercase key names are unsupported: %s" , name); writeLock.Lock(); try { try { if (keyStore.ContainsAlias(name) || cache.Contains(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } KeyProvider.Metadata meta = new KeyProvider.Metadata(options.GetCipher(), options .GetBitLength(), options.GetDescription(), options.GetAttributes(), new DateTime (), 1); if (options.GetBitLength() != 8 * material.Length) { throw new IOException("Wrong key length. Required " + options.GetBitLength() + ", but got " + (8 * material.Length)); } cache[name] = meta; string versionName = BuildVersionName(name, 0); return(InnerSetKeyVersion(name, versionName, material, meta.GetCipher())); } finally { writeLock.Unlock(); } }
/// <exception cref="System.Exception"/> internal static void CheckSpecificProvider(Configuration conf, string ourUrl) { KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; byte[] key1 = new byte[16]; byte[] key2 = new byte[16]; byte[] key3 = new byte[16]; for (int i = 0; i < key1.Length; ++i) { key1[i] = unchecked ((byte)i); key2[i] = unchecked ((byte)(i * 2)); key3[i] = unchecked ((byte)(i * 3)); } // ensure that we get nulls when the key isn't there Assert.Equal(null, provider.GetKeyVersion("no-such-key")); Assert.Equal(null, provider.GetMetadata("key")); // create a new key try { provider.CreateKey("key3", key3, KeyProvider.Options(conf)); } catch (Exception e) { Runtime.PrintStackTrace(e); throw; } // check the metadata for key3 KeyProvider.Metadata meta = provider.GetMetadata("key3"); Assert.Equal(KeyProvider.DefaultCipher, meta.GetCipher()); Assert.Equal(KeyProvider.DefaultBitlength, meta.GetBitLength() ); Assert.Equal(1, meta.GetVersions()); // make sure we get back the right key Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial()); Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName ()); // try recreating key3 try { provider.CreateKey("key3", key3, KeyProvider.Options(conf)); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key key3 already exists in " + ourUrl, e.Message ); } provider.DeleteKey("key3"); try { provider.DeleteKey("key3"); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key key3 does not exist in " + ourUrl, e.Message ); } provider.CreateKey("key3", key3, KeyProvider.Options(conf)); try { provider.CreateKey("key4", key3, KeyProvider.Options(conf).SetBitLength(8)); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Wrong key length. Required 8, but got 128", e.Message ); } provider.CreateKey("key4", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength (8)); provider.RollNewVersion("key4", new byte[] { 2 }); meta = provider.GetMetadata("key4"); Assert.Equal(2, meta.GetVersions()); Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial ()); Assert.AssertArrayEquals(new byte[] { 1 }, provider.GetKeyVersion("key4@0").GetMaterial ()); Assert.Equal("key4@1", provider.GetCurrentKey("key4").GetVersionName ()); try { provider.RollNewVersion("key4", key1); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Wrong key length. Required 8, but got 128", e.Message ); } try { provider.RollNewVersion("no-such-key", key1); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key no-such-key not found", e.Message); } provider.Flush(); // get a new instance of the provider to ensure it was saved correctly provider = KeyProviderFactory.GetProviders(conf)[0]; Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial ()); Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial()); Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName ()); IList <string> keys = provider.GetKeys(); Assert.True("Keys should have been returned.", keys.Count == 2); Assert.True("Returned Keys should have included key3.", keys.Contains ("key3")); Assert.True("Returned Keys should have included key4.", keys.Contains ("key4")); IList <KeyProvider.KeyVersion> kvl = provider.GetKeyVersions("key3"); Assert.True("KeyVersions should have been returned for key3.", kvl.Count == 1); Assert.True("KeyVersions should have included key3@0.", kvl[0]. GetVersionName().Equals("key3@0")); Assert.AssertArrayEquals(key3, kvl[0].GetMaterial()); }
// NOP /// <summary>Roll a new version of the given key generating the material for it.</summary> /// <remarks> /// Roll a new version of the given key generating the material for it. /// <p/> /// This implementation generates the key material and calls the /// <see cref="RollNewVersion(string, byte[])"/> /// method. /// </remarks> /// <param name="name">the basename of the key</param> /// <returns>the name of the new version of the key</returns> /// <exception cref="System.IO.IOException"/> /// <exception cref="NoSuchAlgorithmException"/> public virtual KeyProvider.KeyVersion RollNewVersion(string name) { KeyProvider.Metadata meta = GetMetadata(name); byte[] material = GenerateKey(meta.GetBitLength(), meta.GetCipher()); return(RollNewVersion(name, material)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.TypeLoadException"/> private void ReadObject(ObjectInputStream @in) { byte[] buf = new byte[@in.ReadInt()]; @in.ReadFully(buf); metadata = new KeyProvider.Metadata(buf); }
private KeyMetadata(KeyProvider.Metadata meta) { this.metadata = meta; }