Package org.apache.hadoop.crypto.key

Class KeyProviderExtension<E extends KeyProviderExtension.Extension>

java.lang.Object

org.apache.hadoop.crypto.key.KeyProvider

org.apache.hadoop.crypto.key.KeyProviderExtension<E>

All Implemented Interfaces:

Closeable, AutoCloseable

Direct Known Subclasses:

CachingKeyProvider, KeyProviderCryptoExtension, KeyProviderDelegationTokenExtension

public abstract class KeyProviderExtension<E extends KeyProviderExtension.Extension>
extends KeyProvider

This is a utility class used to extend the functionality of KeyProvider, that takes a KeyProvider and an Extension. It implements all the required methods of the KeyProvider by delegating it to the provided KeyProvider.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	KeyProviderExtension.Extension	A marker interface for the KeyProviderExtension subclass implement.

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProvider

KeyProvider.KeyVersion, KeyProvider.Metadata, KeyProvider.Options

Field Summary

Fields inherited from class org.apache.hadoop.crypto.key.KeyProvider

DEFAULT_BITLENGTH, DEFAULT_BITLENGTH_NAME, DEFAULT_CIPHER, DEFAULT_CIPHER_NAME, JCEKS_KEY_SERIAL_FILTER, JCEKS_KEY_SERIALFILTER_DEFAULT

Constructor Summary

Constructors

Constructor	Description
KeyProviderExtension(KeyProvider keyProvider, E extensions)

Method Summary

Modifier and Type	Method	Description
KeyProvider.KeyVersion	createKey(String name, byte[] material, KeyProvider.Options options)	Create a new key.
KeyProvider.KeyVersion	createKey(String name, KeyProvider.Options options)	Create a new key generating the material for it.
void	deleteKey(String name)	Delete the given key.
void	flush()	Ensures that any changes to the keys are written to persistent store.
KeyProvider.KeyVersion	getCurrentKey(String name)	Get the current version of the key, which should be used for encrypting new data.
protected E	getExtension()
protected KeyProvider	getKeyProvider()
List<String>	getKeys()	Get the key names for all keys.
KeyProvider.Metadata[]	getKeysMetadata(String... names)	Get key metadata in bulk.
KeyProvider.KeyVersion	getKeyVersion(String versionName)	Get the key material for a specific version of the key.
List<KeyProvider.KeyVersion>	getKeyVersions(String name)	Get the key material for all versions of a specific key name.
KeyProvider.Metadata	getMetadata(String name)	Get metadata about the key.
void	invalidateCache(String name)	Can be used by implementing classes to invalidate the caches.
boolean	isTransient()	Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is.
KeyProvider.KeyVersion	rollNewVersion(String name)	Roll a new version of the given key generating the material for it.
KeyProvider.KeyVersion	rollNewVersion(String name, byte[] material)	Roll a new version of the given key.
String	toString()

Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider

buildVersionName, close, findProvider, generateKey, getBaseName, getConf, needsPassword, noPasswordError, noPasswordWarning, options

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

KeyProviderExtension

public KeyProviderExtension(KeyProvider keyProvider,
 E extensions)

Method Details

getExtension

protected E getExtension()

getKeyProvider

protected KeyProvider getKeyProvider()

isTransient

public boolean isTransient()

Description copied from class: KeyProvider

Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is. These providers are generally used to provide access to keying material rather than for long term storage.

Overrides:

isTransient in class KeyProvider

Returns:

true if transient, false otherwise

getKeysMetadata

public KeyProvider.Metadata[] getKeysMetadata(String... names)
                                       throws IOException

Description copied from class: KeyProvider

Get key metadata in bulk.

Overrides:

getKeysMetadata in class KeyProvider

Parameters:

names - the names of the keys to get

Returns:

Metadata Array.

Throws:

IOException - raised on errors performing I/O.

getCurrentKey

public KeyProvider.KeyVersion getCurrentKey(String name)
                                     throws IOException

Description copied from class: KeyProvider

Get the current version of the key, which should be used for encrypting new data.

Overrides:

getCurrentKey in class KeyProvider

Parameters:

name - the base name of the key

Returns:

the version name of the current version of the key or null if the key version doesn't exist

Throws:

IOException - raised on errors performing I/O.

createKey

public KeyProvider.KeyVersion createKey(String name,
 KeyProvider.Options options)
                                 throws NoSuchAlgorithmException,
IOException

Description copied from class: KeyProvider

Create a new key generating the material for it. The given key must not already exist.

This implementation generates the key material and calls the KeyProvider.createKey(String, byte[], Options) method.

Overrides:

createKey in class KeyProvider

Parameters:

name - the base name of the key

options - the options for the new key.

Returns:

the version name of the first version of the key.

Throws:

NoSuchAlgorithmException - no such algorithm exception.

IOException - raised on errors performing I/O.

rollNewVersion

public KeyProvider.KeyVersion rollNewVersion(String name)
                                      throws NoSuchAlgorithmException,
IOException

Description copied from class: KeyProvider

Roll a new version of the given key generating the material for it.

This implementation generates the key material and calls the KeyProvider.rollNewVersion(String, byte[]) method.

Overrides:

rollNewVersion in class KeyProvider

Parameters:

name - the basename of the key

Returns:

the name of the new version of the key

Throws:

NoSuchAlgorithmException - This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.

IOException - raised on errors performing I/O.

getKeyVersion

public KeyProvider.KeyVersion getKeyVersion(String versionName)
                                     throws IOException

Description copied from class: KeyProvider

Get the key material for a specific version of the key. This method is used when decrypting data.

Specified by:

getKeyVersion in class KeyProvider

Parameters:

versionName - the name of a specific version of the key

Returns:

the key material

Throws:

IOException - raised on errors performing I/O.

getKeys

public List<String> getKeys()
                     throws IOException

Description copied from class: KeyProvider

Get the key names for all keys.

Specified by:

getKeys in class KeyProvider

Returns:

the list of key names

Throws:

IOException - raised on errors performing I/O.

getKeyVersions

public List<KeyProvider.KeyVersion> getKeyVersions(String name)
                                            throws IOException

Description copied from class: KeyProvider

Get the key material for all versions of a specific key name.

Specified by:

getKeyVersions in class KeyProvider

Parameters:

name - the base name of the key.

Returns:

the list of key material

Throws:

IOException - raised on errors performing I/O.

getMetadata

public KeyProvider.Metadata getMetadata(String name)
                                 throws IOException

Description copied from class: KeyProvider

Get metadata about the key.

Specified by:

getMetadata in class KeyProvider

Parameters:

name - the basename of the key

Returns:

the key's metadata or null if the key doesn't exist

Throws:

IOException - raised on errors performing I/O.

createKey

public KeyProvider.KeyVersion createKey(String name,
 byte[] material,
 KeyProvider.Options options)
                                 throws IOException

Description copied from class: KeyProvider

Create a new key. The given key must not already exist.

Specified by:

createKey in class KeyProvider

Parameters:

name - the base name of the key

material - the key material for the first version of the key.

options - the options for the new key.

Returns:

the version name of the first version of the key.

Throws:

IOException - raised on errors performing I/O.

deleteKey

public void deleteKey(String name)
               throws IOException

Description copied from class: KeyProvider

Delete the given key.

Specified by:

deleteKey in class KeyProvider

Parameters:

name - the name of the key to delete

Throws:

IOException - raised on errors performing I/O.

rollNewVersion

public KeyProvider.KeyVersion rollNewVersion(String name,
 byte[] material)
                                      throws IOException

Description copied from class: KeyProvider

Roll a new version of the given key.

Specified by:

rollNewVersion in class KeyProvider

Parameters:

name - the basename of the key

material - the new key material

Returns:

the name of the new version of the key

Throws:

IOException - raised on errors performing I/O.

invalidateCache

public void invalidateCache(String name)
                     throws IOException

Description copied from class: KeyProvider

Can be used by implementing classes to invalidate the caches. This could be used after rollNewVersion to provide a strong guarantee to return the new version of the given key.

Overrides:

invalidateCache in class KeyProvider

Parameters:

name - the basename of the key

Throws:

IOException - raised on errors performing I/O.

flush

public void flush()
           throws IOException

Description copied from class: KeyProvider

Ensures that any changes to the keys are written to persistent store.

Specified by:

flush in class KeyProvider

Throws:

IOException - raised on errors performing I/O.

toString

public String toString()

Overrides:

toString in class Object