@InterfaceAudience.Public @InterfaceStability.Unstable public abstract class KeyProvider extends Object implements Closeable
KeyProvider
implementations must be thread safe.
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_BITLENGTH |
static String |
DEFAULT_BITLENGTH_NAME |
static String |
DEFAULT_CIPHER |
static String |
DEFAULT_CIPHER_NAME |
static String |
JCEKS_KEY_SERIAL_FILTER |
static String |
JCEKS_KEY_SERIALFILTER_DEFAULT |
Constructor and Description |
---|
KeyProvider(Configuration conf)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected static String |
buildVersionName(String name,
int version)
Build a version string from a basename and version number.
|
void |
close()
Can be used by implementing classes to close any resources
that require closing
|
abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
createKey(String name,
byte[] material,
org.apache.hadoop.crypto.key.KeyProvider.Options options)
Create a new key.
|
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
createKey(String name,
org.apache.hadoop.crypto.key.KeyProvider.Options options)
Create a new key generating the material for it.
|
abstract void |
deleteKey(String name)
Delete the given key.
|
static KeyProvider |
findProvider(List<KeyProvider> providerList,
String keyName)
Find the provider with the given key.
|
abstract void |
flush()
Ensures that any changes to the keys are written to persistent store.
|
protected byte[] |
generateKey(int size,
String algorithm)
Generates a key material.
|
static String |
getBaseName(String versionName)
Split the versionName in to a base name.
|
Configuration |
getConf()
Return the provider configuration.
|
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
getCurrentKey(String name)
Get the current version of the key, which should be used for encrypting new
data.
|
abstract List<String> |
getKeys()
Get the key names for all keys.
|
org.apache.hadoop.crypto.key.KeyProvider.Metadata[] |
getKeysMetadata(String... names)
Get key metadata in bulk.
|
abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
getKeyVersion(String versionName)
Get the key material for a specific version of the key.
|
abstract List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion> |
getKeyVersions(String name)
Get the key material for all versions of a specific key name.
|
abstract org.apache.hadoop.crypto.key.KeyProvider.Metadata |
getMetadata(String name)
Get metadata about the key.
|
void |
invalidateCache(String name)
Can be used by implementing classes to invalidate the caches.
|
boolean |
isTransient()
Indicates whether this provider represents a store
that is intended for transient use - such as the UserProvider
is.
|
boolean |
needsPassword()
Does this provider require a password? This means that a password is
required for normal operation, and it has not been found through normal
means.
|
String |
noPasswordError()
If a password for the provider is needed, but is not provided, this will
return an error message and instructions for supplying said password to
the provider.
|
String |
noPasswordWarning()
If a password for the provider is needed, but is not provided, this will
return a warning and instructions for supplying said password to the
provider.
|
static org.apache.hadoop.crypto.key.KeyProvider.Options |
options(Configuration conf)
A helper function to create an options object.
|
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
rollNewVersion(String name)
Roll a new version of the given key generating the material for it.
|
abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
rollNewVersion(String name,
byte[] material)
Roll a new version of the given key.
|
public static final String DEFAULT_CIPHER_NAME
public static final String DEFAULT_CIPHER
public static final String DEFAULT_BITLENGTH_NAME
public static final int DEFAULT_BITLENGTH
public static final String JCEKS_KEY_SERIALFILTER_DEFAULT
public static final String JCEKS_KEY_SERIAL_FILTER
public KeyProvider(Configuration conf)
conf
- configuration for the providerpublic Configuration getConf()
public static org.apache.hadoop.crypto.key.KeyProvider.Options options(Configuration conf)
conf
- the configuration to usepublic boolean isTransient()
public abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getKeyVersion(String versionName) throws IOException
versionName
- the name of a specific version of the keyIOException
public abstract List<String> getKeys() throws IOException
IOException
public org.apache.hadoop.crypto.key.KeyProvider.Metadata[] getKeysMetadata(String... names) throws IOException
names
- the names of the keys to getIOException
public abstract List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion> getKeyVersions(String name) throws IOException
IOException
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getCurrentKey(String name) throws IOException
name
- the base name of the keyIOException
public abstract org.apache.hadoop.crypto.key.KeyProvider.Metadata getMetadata(String name) throws IOException
name
- the basename of the keyIOException
public abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name, byte[] material, org.apache.hadoop.crypto.key.KeyProvider.Options options) throws IOException
name
- the base name of the keymaterial
- the key material for the first version of the key.options
- the options for the new key.IOException
protected byte[] generateKey(int size, String algorithm) throws NoSuchAlgorithmException
size
- length of the key.algorithm
- algorithm to use for generating the key.NoSuchAlgorithmException
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(String name, org.apache.hadoop.crypto.key.KeyProvider.Options options) throws NoSuchAlgorithmException, IOException
This implementation generates the key material and calls the
createKey(String, byte[], Options)
method.
name
- the base name of the keyoptions
- the options for the new key.IOException
NoSuchAlgorithmException
public abstract void deleteKey(String name) throws IOException
name
- the name of the key to deleteIOException
public abstract org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name, byte[] material) throws IOException
name
- the basename of the keymaterial
- the new key materialIOException
public void close() throws IOException
close
in interface Closeable
close
in interface AutoCloseable
IOException
public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException
This implementation generates the key material and calls the
rollNewVersion(String, byte[])
method.
name
- the basename of the keyIOException
NoSuchAlgorithmException
public void invalidateCache(String name) throws IOException
name
- the basename of the keyIOException
public abstract void flush() throws IOException
IOException
public static String getBaseName(String versionName) throws IOException
versionName
- the version name to splitIOException
protected static String buildVersionName(String name, int version)
name
- the basename of the keyversion
- the version of the keypublic static KeyProvider findProvider(List<KeyProvider> providerList, String keyName) throws IOException
providerList
- the list of providerskeyName
- the key name we are looking forIOException
public boolean needsPassword() throws IOException
IOException
public String noPasswordWarning()
public String noPasswordError()
Copyright © 2019 Apache Software Foundation. All rights reserved.