protected internal virtual KeyProvider GetKeyProvider() { KeyProvider provider = null; IList <KeyProvider> providers; try { providers = KeyProviderFactory.GetProviders(this._enclosing.GetConf()); if (this._enclosing.userSuppliedProvider) { provider = providers[0]; } else { foreach (KeyProvider p in providers) { if (!p.IsTransient()) { provider = p; break; } } } } catch (IOException e) { Runtime.PrintStackTrace(e, this._enclosing.err); } return(provider); }
public virtual void TestOptions() { Configuration conf = new Configuration(); conf.Set(KeyProvider.DefaultCipherName, "myCipher"); conf.SetInt(KeyProvider.DefaultBitlengthName, 512); IDictionary <string, string> attributes = new Dictionary <string, string>(); attributes["a"] = "A"; KeyProvider.Options options = KeyProvider.Options(conf); Assert.Equal("myCipher", options.GetCipher()); Assert.Equal(512, options.GetBitLength()); options.SetCipher("yourCipher"); options.SetDescription("description"); options.SetAttributes(attributes); options.SetBitLength(128); Assert.Equal("yourCipher", options.GetCipher()); Assert.Equal(128, options.GetBitLength()); Assert.Equal("description", options.GetDescription()); Assert.Equal(attributes, options.GetAttributes()); options = KeyProvider.Options(new Configuration()); Assert.Equal(KeyProvider.DefaultCipher, options.GetCipher()); Assert.Equal(KeyProvider.DefaultBitlength, options.GetBitLength ()); }
/// <exception cref="System.IO.IOException"/> public static IList <KeyProvider> GetProviders(Configuration conf) { IList <KeyProvider> result = new AList <KeyProvider>(); foreach (string path in conf.GetStringCollection(KeyProviderPath)) { try { URI uri = new URI(path); KeyProvider kp = Get(uri, conf); if (kp != null) { result.AddItem(kp); } else { throw new IOException("No KeyProviderFactory for " + uri + " in " + KeyProviderPath ); } } catch (URISyntaxException error) { throw new IOException("Bad configuration of " + KeyProviderPath + " at " + path, error); } } return(result); }
public virtual void TestKeyVersion() { KeyProvider.KeyVersion mockKey = Org.Mockito.Mockito.Mock <KeyProvider.KeyVersion> (); KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>(); Org.Mockito.Mockito.When(mockProv.GetKeyVersion(Org.Mockito.Mockito.Eq("k1@0"))). ThenReturn(mockKey); Org.Mockito.Mockito.When(mockProv.GetKeyVersion(Org.Mockito.Mockito.Eq("k2@0"))). ThenReturn(null); Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); // asserting caching Assert.Equal(mockKey, cache.GetKeyVersion("k1@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetKeyVersion( Org.Mockito.Mockito.Eq("k1@0")); Assert.Equal(mockKey, cache.GetKeyVersion("k1@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetKeyVersion( Org.Mockito.Mockito.Eq("k1@0")); Thread.Sleep(200); Assert.Equal(mockKey, cache.GetKeyVersion("k1@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetKeyVersion( Org.Mockito.Mockito.Eq("k1@0")); // asserting no caching when key is not known cache = new CachingKeyProvider(mockProv, 100, 100); Assert.Equal(null, cache.GetKeyVersion("k2@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetKeyVersion( Org.Mockito.Mockito.Eq("k2@0")); Assert.Equal(null, cache.GetKeyVersion("k2@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetKeyVersion( Org.Mockito.Mockito.Eq("k2@0")); }
public virtual void TestMetadata() { KeyProvider.Metadata mockMeta = Org.Mockito.Mockito.Mock <KeyProvider.Metadata>(); KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>(); Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k1"))).ThenReturn (mockMeta); Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k2"))).ThenReturn (null); Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); // asserting caching Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); Thread.Sleep(200); Assert.Equal(mockMeta, cache.GetMetadata("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito .Eq("k1")); // asserting no caching when key is not known cache = new CachingKeyProvider(mockProv, 100, 100); Assert.Equal(null, cache.GetMetadata("k2")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetMetadata(Org.Mockito.Mockito .Eq("k2")); Assert.Equal(null, cache.GetMetadata("k2")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetMetadata(Org.Mockito.Mockito .Eq("k2")); }
public virtual void TestBuildVersionName() { Assert.Equal("/a/b@3", KeyProvider.BuildVersionName("/a/b", 3) ); Assert.Equal("/aaa@12", KeyProvider.BuildVersionName("/aaa", 12 )); }
public virtual void TestDeleteKey() { KeyProvider.KeyVersion mockKey = Org.Mockito.Mockito.Mock <KeyProvider.KeyVersion> (); KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>(); Org.Mockito.Mockito.When(mockProv.GetCurrentKey(Org.Mockito.Mockito.Eq("k1"))).ThenReturn (mockKey); Org.Mockito.Mockito.When(mockProv.GetKeyVersion(Org.Mockito.Mockito.Eq("k1@0"))). ThenReturn(mockKey); Org.Mockito.Mockito.When(mockProv.GetMetadata(Org.Mockito.Mockito.Eq("k1"))).ThenReturn (new KMSClientProvider.KMSMetadata("c", 0, "l", null, new DateTime(), 1)); Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); Assert.Equal(mockKey, cache.GetCurrentKey("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetCurrentKey( Org.Mockito.Mockito.Eq("k1")); Assert.Equal(mockKey, cache.GetKeyVersion("k1@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetKeyVersion( Org.Mockito.Mockito.Eq("k1@0")); cache.DeleteKey("k1"); // asserting the cache is purged Assert.Equal(mockKey, cache.GetCurrentKey("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetCurrentKey( Org.Mockito.Mockito.Eq("k1")); Assert.Equal(mockKey, cache.GetKeyVersion("k1@0")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetKeyVersion( Org.Mockito.Mockito.Eq("k1@0")); }
/// <exception cref="System.Exception"/> public virtual void CheckPermissionRetention(Configuration conf, string ourUrl, Path path) { KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; // let's add a new key and flush and check that permissions are still set to 777 byte[] key = new byte[16]; for (int i = 0; i < key.Length; ++i) { key[i] = unchecked ((byte)i); } // create a new key try { provider.CreateKey("key5", key, KeyProvider.Options(conf)); } catch (Exception e) { Runtime.PrintStackTrace(e); throw; } provider.Flush(); // get a new instance of the provider to ensure it was saved correctly provider = KeyProviderFactory.GetProviders(conf)[0]; Assert.AssertArrayEquals(key, provider.GetCurrentKey("key5").GetMaterial()); FileSystem fs = path.GetFileSystem(conf); FileStatus s = fs.GetFileStatus(path); Assert.True("Permissions should have been retained from the preexisting keystore." , s.GetPermission().ToString().Equals("rwxrwxrwx")); }
/// <summary> /// Creates a <code>KeyProviderDelegationTokenExtension</code> using a given /// <see cref="KeyProvider"/> /// . /// <p/> /// If the given <code>KeyProvider</code> implements the /// <see cref="DelegationTokenExtension"/> /// interface the <code>KeyProvider</code> /// itself will provide the extension functionality, otherwise a default /// extension implementation will be used. /// </summary> /// <param name="keyProvider"> /// <code>KeyProvider</code> to use to create the /// <code>KeyProviderDelegationTokenExtension</code> extension. /// </param> /// <returns> /// a <code>KeyProviderDelegationTokenExtension</code> instance /// using the given <code>KeyProvider</code>. /// </returns> public static KeyProviderDelegationTokenExtension CreateKeyProviderDelegationTokenExtension (KeyProvider keyProvider) { KeyProviderDelegationTokenExtension.DelegationTokenExtension delTokExtension = (keyProvider is KeyProviderDelegationTokenExtension.DelegationTokenExtension) ? (KeyProviderDelegationTokenExtension.DelegationTokenExtension )keyProvider : DefaultExtension; return(new KeyProviderDelegationTokenExtension(keyProvider, delTokExtension)); }
/// <exception cref="System.IO.IOException"/> private void VerifyAfterReload(FilePath file, KeyProvider provider) { IList <string> existingKeys = provider.GetKeys(); Assert.True(existingKeys.Contains("key4")); Assert.True(existingKeys.Contains("key3")); Assert.True(file.Exists()); }
/// <summary> /// Creates a <code>KeyProviderCryptoExtension</code> using a given /// <see cref="KeyProvider"/> /// . /// <p/> /// If the given <code>KeyProvider</code> implements the /// <see cref="CryptoExtension"/> /// interface the <code>KeyProvider</code> itself /// will provide the extension functionality, otherwise a default extension /// implementation will be used. /// </summary> /// <param name="keyProvider"> /// <code>KeyProvider</code> to use to create the /// <code>KeyProviderCryptoExtension</code> extension. /// </param> /// <returns> /// a <code>KeyProviderCryptoExtension</code> instance using the /// given <code>KeyProvider</code>. /// </returns> public static KeyProviderCryptoExtension CreateKeyProviderCryptoExtension(KeyProvider keyProvider) { KeyProviderCryptoExtension.CryptoExtension cryptoExtension = (keyProvider is KeyProviderCryptoExtension.CryptoExtension ) ? (KeyProviderCryptoExtension.CryptoExtension)keyProvider : new KeyProviderCryptoExtension.DefaultCryptoExtension (keyProvider); return(new KeyProviderCryptoExtension(keyProvider, cryptoExtension)); }
public virtual void TestJksProviderPasswordViaConfig() { Configuration conf = new Configuration(); Path jksPath = new Path(testRootDir.ToString(), "test.jks"); string ourUrl = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri(); FilePath file = new FilePath(testRootDir, "test.jks"); file.Delete(); try { conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl); conf.Set(JavaKeyStoreProvider.KeystorePasswordFileKey, "javakeystoreprovider.password" ); KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; provider.CreateKey("key3", new byte[16], KeyProvider.Options(conf)); provider.Flush(); } catch (Exception) { NUnit.Framework.Assert.Fail("could not create keystore with password file"); } KeyProvider provider_1 = KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.IsNotNull(provider_1.GetCurrentKey("key3")); try { conf.Set(JavaKeyStoreProvider.KeystorePasswordFileKey, "bar"); KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.Fail("using non existing password file, it should fail"); } catch (IOException) { } //NOP try { conf.Set(JavaKeyStoreProvider.KeystorePasswordFileKey, "core-site.xml"); KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.Fail("using different password file, it should fail"); } catch (IOException) { } //NOP try { conf.Unset(JavaKeyStoreProvider.KeystorePasswordFileKey); KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.Fail("No password file property, env not set, it should fail" ); } catch (IOException) { } }
internal CacheExtension(KeyProvider prov, long keyTimeoutMillis, long currKeyTimeoutMillis ) { this.provider = prov; keyVersionCache = CacheBuilder.NewBuilder().ExpireAfterAccess(keyTimeoutMillis, TimeUnit .Milliseconds).Build(new _CacheLoader_49(this)); keyMetadataCache = CacheBuilder.NewBuilder().ExpireAfterAccess(keyTimeoutMillis, TimeUnit.Milliseconds).Build(new _CacheLoader_62(this)); currentKeyCache = CacheBuilder.NewBuilder().ExpireAfterWrite(currKeyTimeoutMillis , TimeUnit.Milliseconds).Build(new _CacheLoader_75(this)); }
public static void Setup() { conf = new Configuration(); kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf); kpExt = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.SetCipher(Cipher); options.SetBitLength(128); encryptionKey = kp.CreateKey(EncryptionKeyName, SecureRandom.GetSeed(16), options ); }
public virtual void TestGetProviderViaURI() { Configuration conf = new Configuration(false); Path jksPath = new Path(testRootDir.ToString(), "test.jks"); URI uri = new URI(JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri()); KeyProvider kp = KeyProviderFactory.Get(uri, conf); NUnit.Framework.Assert.IsNotNull(kp); Assert.Equal(typeof(JavaKeyStoreProvider), kp.GetType()); uri = new URI("foo://bar"); kp = KeyProviderFactory.Get(uri, conf); NUnit.Framework.Assert.IsNull(kp); }
/// <summary>Create a KeyProvider based on a provided URI.</summary> /// <param name="uri">key provider URI</param> /// <param name="conf">configuration to initialize the key provider</param> /// <returns> /// the key provider for the specified URI, or <code>NULL</code> if /// a provider for the specified URI scheme could not be found. /// </returns> /// <exception cref="System.IO.IOException">thrown if the provider failed to initialize. /// </exception> public static KeyProvider Get(URI uri, Configuration conf) { KeyProvider kp = null; foreach (KeyProviderFactory factory in serviceLoader) { kp = factory.CreateProvider(uri, conf); if (kp != null) { break; } } return(kp); }
public virtual void TestParseVersionName() { Assert.Equal("/a/b", KeyProvider.GetBaseName("/a/b@3")); Assert.Equal("/aaa", KeyProvider.GetBaseName("/aaa@112")); try { KeyProvider.GetBaseName("no-slashes"); Assert.True("should have thrown", false); } catch (IOException) { Assert.True(true); } }
public virtual void TestJksProviderWithKeytoolKeys() { Configuration conf = new Configuration(); string keystoreDirAbsolutePath = conf.GetResource("hdfs7067.keystore").AbsolutePath; string ourUrl = JavaKeyStoreProvider.SchemeName + "://file@/" + keystoreDirAbsolutePath; conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl); KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; // Sanity check that we are using the right keystore KeyProvider.KeyVersion keyVersion = provider.GetKeyVersion("testkey5@0"); try { KeyProvider.KeyVersion keyVersionWrongKeyNameFormat = provider.GetKeyVersion("testkey2" ); NUnit.Framework.Assert.Fail("should have thrown an exception"); } catch (IOException e) { // No version in key path testkey2/ GenericTestUtils.AssertExceptionContains("No version in key path", e); } try { KeyProvider.KeyVersion keyVersionCurrentKeyNotWrongKeyNameFormat = provider.GetCurrentKey ("testkey5@0"); NUnit.Framework.Assert.Fail("should have thrown an exception getting testkey5@0"); } catch (IOException e) { // javax.crypto.spec.SecretKeySpec cannot be cast to // org.apache.hadoop.crypto.key.JavaKeyStoreProvider$KeyMetadata GenericTestUtils.AssertExceptionContains("other non-Hadoop method", e); } try { KeyProvider.KeyVersion keyVersionCurrentKeyNotReally = provider.GetCurrentKey("testkey2" ); NUnit.Framework.Assert.Fail("should have thrown an exception getting testkey2"); } catch (IOException e) { // javax.crypto.spec.SecretKeySpec cannot be cast to // org.apache.hadoop.crypto.key.JavaKeyStoreProvider$KeyMetadata GenericTestUtils.AssertExceptionContains("other non-Hadoop method", e); } }
public virtual void TestRollNewVersion() { KeyProvider.KeyVersion mockKey = Org.Mockito.Mockito.Mock <KeyProvider.KeyVersion> (); KeyProvider mockProv = Org.Mockito.Mockito.Mock <KeyProvider>(); Org.Mockito.Mockito.When(mockProv.GetCurrentKey(Org.Mockito.Mockito.Eq("k1"))).ThenReturn (mockKey); Org.Mockito.Mockito.When(mockProv.GetConf()).ThenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); Assert.Equal(mockKey, cache.GetCurrentKey("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(1)).GetCurrentKey( Org.Mockito.Mockito.Eq("k1")); cache.RollNewVersion("k1"); // asserting the cache is purged Assert.Equal(mockKey, cache.GetCurrentKey("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(2)).GetCurrentKey( Org.Mockito.Mockito.Eq("k1")); cache.RollNewVersion("k1", new byte[0]); Assert.Equal(mockKey, cache.GetCurrentKey("k1")); Org.Mockito.Mockito.Verify(mockProv, Org.Mockito.Mockito.Times(3)).GetCurrentKey( Org.Mockito.Mockito.Eq("k1")); }
/// <exception cref="System.Exception"/> internal static void CheckSpecificProvider(Configuration conf, string ourUrl) { KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; byte[] key1 = new byte[16]; byte[] key2 = new byte[16]; byte[] key3 = new byte[16]; for (int i = 0; i < key1.Length; ++i) { key1[i] = unchecked ((byte)i); key2[i] = unchecked ((byte)(i * 2)); key3[i] = unchecked ((byte)(i * 3)); } // ensure that we get nulls when the key isn't there Assert.Equal(null, provider.GetKeyVersion("no-such-key")); Assert.Equal(null, provider.GetMetadata("key")); // create a new key try { provider.CreateKey("key3", key3, KeyProvider.Options(conf)); } catch (Exception e) { Runtime.PrintStackTrace(e); throw; } // check the metadata for key3 KeyProvider.Metadata meta = provider.GetMetadata("key3"); Assert.Equal(KeyProvider.DefaultCipher, meta.GetCipher()); Assert.Equal(KeyProvider.DefaultBitlength, meta.GetBitLength() ); Assert.Equal(1, meta.GetVersions()); // make sure we get back the right key Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial()); Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName ()); // try recreating key3 try { provider.CreateKey("key3", key3, KeyProvider.Options(conf)); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key key3 already exists in " + ourUrl, e.Message ); } provider.DeleteKey("key3"); try { provider.DeleteKey("key3"); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key key3 does not exist in " + ourUrl, e.Message ); } provider.CreateKey("key3", key3, KeyProvider.Options(conf)); try { provider.CreateKey("key4", key3, KeyProvider.Options(conf).SetBitLength(8)); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Wrong key length. Required 8, but got 128", e.Message ); } provider.CreateKey("key4", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength (8)); provider.RollNewVersion("key4", new byte[] { 2 }); meta = provider.GetMetadata("key4"); Assert.Equal(2, meta.GetVersions()); Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial ()); Assert.AssertArrayEquals(new byte[] { 1 }, provider.GetKeyVersion("key4@0").GetMaterial ()); Assert.Equal("key4@1", provider.GetCurrentKey("key4").GetVersionName ()); try { provider.RollNewVersion("key4", key1); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Wrong key length. Required 8, but got 128", e.Message ); } try { provider.RollNewVersion("no-such-key", key1); Assert.True("should throw", false); } catch (IOException e) { Assert.Equal("Key no-such-key not found", e.Message); } provider.Flush(); // get a new instance of the provider to ensure it was saved correctly provider = KeyProviderFactory.GetProviders(conf)[0]; Assert.AssertArrayEquals(new byte[] { 2 }, provider.GetCurrentKey("key4").GetMaterial ()); Assert.AssertArrayEquals(key3, provider.GetCurrentKey("key3").GetMaterial()); Assert.Equal("key3@0", provider.GetCurrentKey("key3").GetVersionName ()); IList <string> keys = provider.GetKeys(); Assert.True("Keys should have been returned.", keys.Count == 2); Assert.True("Returned Keys should have included key3.", keys.Contains ("key3")); Assert.True("Returned Keys should have included key4.", keys.Contains ("key4")); IList <KeyProvider.KeyVersion> kvl = provider.GetKeyVersions("key3"); Assert.True("KeyVersions should have been returned for key3.", kvl.Count == 1); Assert.True("KeyVersions should have included key3@0.", kvl[0]. GetVersionName().Equals("key3@0")); Assert.AssertArrayEquals(key3, kvl[0].GetMaterial()); }
private DefaultCryptoExtension(KeyProvider keyProvider) { this.keyProvider = keyProvider; }
public KeyProviderExtension(KeyProvider keyProvider, E extensions) : base(keyProvider.GetConf()) { this.keyProvider = keyProvider; this.extension = extensions; }
/// <summary> /// This constructor is to be used by sub classes that provide /// delegating/proxying functionality to the /// <see cref="KeyProviderCryptoExtension"/> /// </summary> /// <param name="keyProvider"/> /// <param name="extension"/> protected internal KeyProviderCryptoExtension(KeyProvider keyProvider, KeyProviderCryptoExtension.CryptoExtension extension) : base(keyProvider, extension) { }
public CachingKeyProvider(KeyProvider keyProvider, long keyTimeoutMillis, long currKeyTimeoutMillis ) : base(keyProvider, new CachingKeyProvider.CacheExtension(keyProvider, keyTimeoutMillis , currKeyTimeoutMillis)) { }
/// <summary> /// Parse the command line arguments and initialize the data /// <pre> /// % hadoop key create keyName [-size size] [-cipher algorithm] /// [-provider providerPath] /// % hadoop key roll keyName [-provider providerPath] /// % hadoop key list [-provider providerPath] /// % hadoop key delete keyName [-provider providerPath] [-i] /// </pre> /// </summary> /// <param name="args">Command line arguments.</param> /// <returns>0 on success, 1 on failure.</returns> /// <exception cref="System.IO.IOException"/> private int Init(string[] args) { KeyProvider.Options options = KeyProvider.Options(GetConf()); IDictionary <string, string> attributes = new Dictionary <string, string>(); for (int i = 0; i < args.Length; i++) { // parse command line bool moreTokens = (i < args.Length - 1); if (args[i].Equals("create")) { string keyName = "-help"; if (moreTokens) { keyName = args[++i]; } command = new KeyShell.CreateCommand(this, keyName, options); if ("-help".Equals(keyName)) { PrintKeyShellUsage(); return(1); } } else { if (args[i].Equals("delete")) { string keyName = "-help"; if (moreTokens) { keyName = args[++i]; } command = new KeyShell.DeleteCommand(this, keyName); if ("-help".Equals(keyName)) { PrintKeyShellUsage(); return(1); } } else { if (args[i].Equals("roll")) { string keyName = "-help"; if (moreTokens) { keyName = args[++i]; } command = new KeyShell.RollCommand(this, keyName); if ("-help".Equals(keyName)) { PrintKeyShellUsage(); return(1); } } else { if ("list".Equals(args[i])) { command = new KeyShell.ListCommand(this); } else { if ("-size".Equals(args[i]) && moreTokens) { options.SetBitLength(System.Convert.ToInt32(args[++i])); } else { if ("-cipher".Equals(args[i]) && moreTokens) { options.SetCipher(args[++i]); } else { if ("-description".Equals(args[i]) && moreTokens) { options.SetDescription(args[++i]); } else { if ("-attr".Equals(args[i]) && moreTokens) { string[] attrval = args[++i].Split("=", 2); string attr = attrval[0].Trim(); string val = attrval[1].Trim(); if (attr.IsEmpty() || val.IsEmpty()) { @out.WriteLine("\nAttributes must be in attribute=value form, " + "or quoted\nlike \"attribute = value\"\n" ); PrintKeyShellUsage(); return(1); } if (attributes.Contains(attr)) { @out.WriteLine("\nEach attribute must correspond to only one value:\n" + "atttribute \"" + attr + "\" was repeated\n"); PrintKeyShellUsage(); return(1); } attributes[attr] = val; } else { if ("-provider".Equals(args[i]) && moreTokens) { userSuppliedProvider = true; GetConf().Set(KeyProviderFactory.KeyProviderPath, args[++i]); } else { if ("-metadata".Equals(args[i])) { GetConf().SetBoolean(ListMetadata, true); } else { if ("-f".Equals(args[i]) || ("-force".Equals(args[i]))) { interactive = false; } else { if ("-help".Equals(args[i])) { PrintKeyShellUsage(); return(1); } else { PrintKeyShellUsage(); ToolRunner.PrintGenericCommandUsage(System.Console.Error); return(1); } } } } } } } } } } } } } if (command == null) { PrintKeyShellUsage(); return(1); } if (!attributes.IsEmpty()) { options.SetAttributes(attributes); } return(0); }
public virtual void TestJksProvider() { Configuration conf = new Configuration(); Path jksPath = new Path(testRootDir.ToString(), "test.jks"); string ourUrl = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri(); FilePath file = new FilePath(testRootDir, "test.jks"); file.Delete(); conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl); CheckSpecificProvider(conf, ourUrl); // START : Test flush error by failure injection conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl.Replace(JavaKeyStoreProvider. SchemeName, FailureInjectingJavaKeyStoreProvider.SchemeName)); // get a new instance of the provider to ensure it was saved correctly KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0]; // inject failure during keystore write FailureInjectingJavaKeyStoreProvider fProvider = (FailureInjectingJavaKeyStoreProvider )provider; fProvider.SetWriteFail(true); provider.CreateKey("key5", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength (8)); NUnit.Framework.Assert.IsNotNull(provider.GetCurrentKey("key5")); try { provider.Flush(); NUnit.Framework.Assert.Fail("Should not succeed"); } catch (Exception) { } // Ignore // SHould be reset to pre-flush state NUnit.Framework.Assert.IsNull(provider.GetCurrentKey("key5")); // Un-inject last failure and // inject failure during keystore backup fProvider.SetWriteFail(false); fProvider.SetBackupFail(true); provider.CreateKey("key6", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength (8)); NUnit.Framework.Assert.IsNotNull(provider.GetCurrentKey("key6")); try { provider.Flush(); NUnit.Framework.Assert.Fail("Should not succeed"); } catch (Exception) { } // Ignore // SHould be reset to pre-flush state NUnit.Framework.Assert.IsNull(provider.GetCurrentKey("key6")); // END : Test flush error by failure injection conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl.Replace(FailureInjectingJavaKeyStoreProvider .SchemeName, JavaKeyStoreProvider.SchemeName)); Path path = ProviderUtils.UnnestUri(new URI(ourUrl)); FileSystem fs = path.GetFileSystem(conf); FileStatus s = fs.GetFileStatus(path); Assert.True(s.GetPermission().ToString().Equals("rwx------")); Assert.True(file + " should exist", file.IsFile()); // Corrupt file and Check if JKS can reload from _OLD file FilePath oldFile = new FilePath(file.GetPath() + "_OLD"); file.RenameTo(oldFile); file.Delete(); file.CreateNewFile(); Assert.True(oldFile.Exists()); provider = KeyProviderFactory.GetProviders(conf)[0]; Assert.True(file.Exists()); Assert.True(oldFile + "should be deleted", !oldFile.Exists()); VerifyAfterReload(file, provider); Assert.True(!oldFile.Exists()); // _NEW and current file should not exist together FilePath newFile = new FilePath(file.GetPath() + "_NEW"); newFile.CreateNewFile(); try { provider = KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.Fail("_NEW and current file should not exist together !!"); } catch (Exception) { } finally { // Ignore if (newFile.Exists()) { newFile.Delete(); } } // Load from _NEW file file.RenameTo(newFile); file.Delete(); try { provider = KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.IsFalse(newFile.Exists()); NUnit.Framework.Assert.IsFalse(oldFile.Exists()); } catch (Exception) { NUnit.Framework.Assert.Fail("JKS should load from _NEW file !!"); } // Ignore VerifyAfterReload(file, provider); // _NEW exists but corrupt.. must load from _OLD newFile.CreateNewFile(); file.RenameTo(oldFile); file.Delete(); try { provider = KeyProviderFactory.GetProviders(conf)[0]; NUnit.Framework.Assert.IsFalse(newFile.Exists()); NUnit.Framework.Assert.IsFalse(oldFile.Exists()); } catch (Exception) { NUnit.Framework.Assert.Fail("JKS should load from _OLD file !!"); } finally { // Ignore if (newFile.Exists()) { newFile.Delete(); } } VerifyAfterReload(file, provider); // check permission retention after explicit change fs.SetPermission(path, new FsPermission("777")); CheckPermissionRetention(conf, ourUrl, path); // Check that an uppercase keyname results in an error provider = KeyProviderFactory.GetProviders(conf)[0]; try { provider.CreateKey("UPPERCASE", KeyProvider.Options(conf)); NUnit.Framework.Assert.Fail("Expected failure on creating key name with uppercase " + "characters"); } catch (ArgumentException e) { GenericTestUtils.AssertExceptionContains("Uppercase key names", e); } }
private KeyProviderDelegationTokenExtension(KeyProvider keyProvider, KeyProviderDelegationTokenExtension.DelegationTokenExtension extensions) : base(keyProvider, extensions) { }