Package org.apache.hadoop.crypto.key

Class UserProvider

java.lang.Object

org.apache.hadoop.crypto.key.KeyProvider

org.apache.hadoop.crypto.key.UserProvider

All Implemented Interfaces:

Closeable, AutoCloseable

@Private
public class UserProvider
extends KeyProvider

A KeyProvider factory for UGIs. It uses the credentials object associated with the current user to find keys. This provider is created using a URI of "user:///".

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	UserProvider.Factory

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProvider

KeyProvider.KeyVersion, KeyProvider.Metadata, KeyProvider.Options

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SCHEME_NAME

Fields inherited from class org.apache.hadoop.crypto.key.KeyProvider

DEFAULT_BITLENGTH, DEFAULT_BITLENGTH_NAME, DEFAULT_CIPHER, DEFAULT_CIPHER_NAME, JCEKS_KEY_SERIAL_FILTER, JCEKS_KEY_SERIALFILTER_DEFAULT

Method Summary

Modifier and Type	Method	Description
KeyProvider.KeyVersion	createKey(String name, byte[] material, KeyProvider.Options options)	Create a new key.
void	deleteKey(String name)	Delete the given key.
void	flush()	Ensures that any changes to the keys are written to persistent store.
List<String>	getKeys()	Get the key names for all keys.
KeyProvider.KeyVersion	getKeyVersion(String versionName)	Get the key material for a specific version of the key.
List<KeyProvider.KeyVersion>	getKeyVersions(String name)	Get the key material for all versions of a specific key name.
KeyProvider.Metadata	getMetadata(String name)	Get metadata about the key.
boolean	isTransient()	Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is.
KeyProvider.KeyVersion	rollNewVersion(String name, byte[] material)	Roll a new version of the given key.
String	toString()

Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider

buildVersionName, close, createKey, findProvider, generateKey, getBaseName, getConf, getCurrentKey, getKeysMetadata, invalidateCache, needsPassword, noPasswordError, noPasswordWarning, options, rollNewVersion

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

SCHEME_NAME

public static final String SCHEME_NAME

See Also:

• Constant Field Values

Method Details

isTransient

public boolean isTransient()

Description copied from class: KeyProvider

Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is. These providers are generally used to provide access to keying material rather than for long term storage.

Overrides:

isTransient in class KeyProvider

Returns:

true if transient, false otherwise

getKeyVersion

public KeyProvider.KeyVersion getKeyVersion(String versionName)
                                     throws IOException

Description copied from class: KeyProvider

Get the key material for a specific version of the key. This method is used when decrypting data.

Specified by:

getKeyVersion in class KeyProvider

Parameters:

versionName - the name of a specific version of the key

Returns:

the key material

Throws:

IOException - raised on errors performing I/O.

getMetadata

public KeyProvider.Metadata getMetadata(String name)
                                 throws IOException

Description copied from class: KeyProvider

Get metadata about the key.

Specified by:

getMetadata in class KeyProvider

Parameters:

name - the basename of the key

Returns:

the key's metadata or null if the key doesn't exist

Throws:

IOException - raised on errors performing I/O.

createKey

public KeyProvider.KeyVersion createKey(String name,
 byte[] material,
 KeyProvider.Options options)
                                 throws IOException

Description copied from class: KeyProvider

Create a new key. The given key must not already exist.

Specified by:

createKey in class KeyProvider

Parameters:

name - the base name of the key

material - the key material for the first version of the key.

options - the options for the new key.

Returns:

the version name of the first version of the key.

Throws:

IOException - raised on errors performing I/O.

deleteKey

public void deleteKey(String name)
               throws IOException

Description copied from class: KeyProvider

Delete the given key.

Specified by:

deleteKey in class KeyProvider

Parameters:

name - the name of the key to delete

Throws:

IOException - raised on errors performing I/O.

rollNewVersion

public KeyProvider.KeyVersion rollNewVersion(String name,
 byte[] material)
                                      throws IOException

Description copied from class: KeyProvider

Roll a new version of the given key.

Specified by:

rollNewVersion in class KeyProvider

Parameters:

name - the basename of the key

material - the new key material

Returns:

the name of the new version of the key

Throws:

IOException - raised on errors performing I/O.

toString

public String toString()

Overrides:

toString in class Object

flush

public void flush()

Description copied from class: KeyProvider

Ensures that any changes to the keys are written to persistent store.

Specified by:

flush in class KeyProvider

getKeys

public List<String> getKeys()
                     throws IOException

Description copied from class: KeyProvider

Get the key names for all keys.

Specified by:

getKeys in class KeyProvider

Returns:

the list of key names

Throws:

IOException - raised on errors performing I/O.

getKeyVersions

public List<KeyProvider.KeyVersion> getKeyVersions(String name)
                                            throws IOException

Description copied from class: KeyProvider

Get the key material for all versions of a specific key name.

Specified by:

getKeyVersions in class KeyProvider

Parameters:

name - the base name of the key.

Returns:

the list of key material

Throws:

IOException - raised on errors performing I/O.