Package org.apache.hadoop.hdfs

Class HdfsKMSUtil

java.lang.Object

org.apache.hadoop.hdfs.HdfsKMSUtil

@Private
@Unstable
public final class HdfsKMSUtil
extends Object

Utility class for key provider related methods in hdfs client package.

Method Summary

Modifier and Type	Method	Description
static org.apache.hadoop.crypto.key.KeyProvider	createKeyProvider(org.apache.hadoop.conf.Configuration conf)	Creates a new KeyProvider from the given Configuration.
static org.apache.hadoop.crypto.CryptoInputStream	createWrappedInputStream(InputStream is, org.apache.hadoop.crypto.key.KeyProvider keyProvider, org.apache.hadoop.fs.FileEncryptionInfo fileEncryptionInfo, org.apache.hadoop.conf.Configuration conf)
static org.apache.hadoop.crypto.CryptoCodec	getCryptoCodec(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.fs.FileEncryptionInfo feInfo)	Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo and the available CryptoCodecs configured in the Configuration.
static org.apache.hadoop.crypto.CryptoProtocolVersion	getCryptoProtocolVersion(org.apache.hadoop.fs.FileEncryptionInfo feInfo)	Obtain the crypto protocol version from the provided FileEncryptionInfo, checking to see if this version is supported by.
static org.apache.hadoop.crypto.key.KeyProvider	getKeyProvider(org.apache.hadoop.crypto.key.KeyProviderTokenIssuer issuer, org.apache.hadoop.conf.Configuration conf)
static org.apache.hadoop.io.Text	getKeyProviderMapKey(URI namenodeUri)	Returns a key to map namenode uri to key provider uri.
static URI	getKeyProviderUri(org.apache.hadoop.security.UserGroupInformation ugi, URI namenodeUri, String keyProviderUriStr, org.apache.hadoop.conf.Configuration conf)	The key provider uri is searched in the following order. 1.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

createKeyProvider

public static org.apache.hadoop.crypto.key.KeyProvider createKeyProvider(org.apache.hadoop.conf.Configuration conf)
                                                                  throws IOException

Creates a new KeyProvider from the given Configuration.

Parameters:

conf - Configuration

Returns:

new KeyProvider, or null if no provider was found.

Throws:

IOException - if the KeyProvider is improperly specified in the Configuration

getCryptoProtocolVersion

public static org.apache.hadoop.crypto.CryptoProtocolVersion getCryptoProtocolVersion(org.apache.hadoop.fs.FileEncryptionInfo feInfo)
                                                                               throws IOException

Obtain the crypto protocol version from the provided FileEncryptionInfo, checking to see if this version is supported by.

Parameters:

feInfo - FileEncryptionInfo

Returns:

CryptoProtocolVersion from the feInfo

Throws:

IOException - if the protocol version is unsupported.

getCryptoCodec

public static org.apache.hadoop.crypto.CryptoCodec getCryptoCodec(org.apache.hadoop.conf.Configuration conf,
 org.apache.hadoop.fs.FileEncryptionInfo feInfo)
                                                           throws IOException

Obtain a CryptoCodec based on the CipherSuite set in a FileEncryptionInfo and the available CryptoCodecs configured in the Configuration.

Parameters:

conf - Configuration

feInfo - FileEncryptionInfo

Returns:

CryptoCodec

Throws:

IOException - if no suitable CryptoCodec for the CipherSuite is available.

getKeyProviderUri

public static URI getKeyProviderUri(org.apache.hadoop.security.UserGroupInformation ugi,
 URI namenodeUri,
 String keyProviderUriStr,
 org.apache.hadoop.conf.Configuration conf)
                             throws IOException

The key provider uri is searched in the following order. 1. If there is a mapping in Credential's secrets map for namenode uri. 2. From namenode getServerDefaults call. 3. Finally fallback to local conf.

Returns:

keyProviderUri if found from either of above 3 cases, null otherwise

Throws:

IOException

getKeyProvider

public static org.apache.hadoop.crypto.key.KeyProvider getKeyProvider(org.apache.hadoop.crypto.key.KeyProviderTokenIssuer issuer,
 org.apache.hadoop.conf.Configuration conf)
                                                               throws IOException

Throws:

IOException

getKeyProviderMapKey

public static org.apache.hadoop.io.Text getKeyProviderMapKey(URI namenodeUri)

Returns a key to map namenode uri to key provider uri. Tasks will lookup this key to find key Provider.

createWrappedInputStream

public static org.apache.hadoop.crypto.CryptoInputStream createWrappedInputStream(InputStream is,
 org.apache.hadoop.crypto.key.KeyProvider keyProvider,
 org.apache.hadoop.fs.FileEncryptionInfo fileEncryptionInfo,
 org.apache.hadoop.conf.Configuration conf)
                                                                           throws IOException

Throws:

IOException