KeyAuthorizationKeyProvider (Apache Hadoop KMS 3.4.1.300-dep-1001 API)

java.lang.Object
- org.apache.hadoop.crypto.key.KeyProvider
- - org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
  - - org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
    - - org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider

All Implemented Interfaces:

java.io.Closeable, java.lang.AutoCloseable
```
public class KeyAuthorizationKeyProvider
extends org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
```
A KeyProvider proxy that checks whether the current user derived via UserGroupInformation, is authorized to perform the following type of operations on a Key :
1. MANAGEMENT operations : createKey, rollNewVersion, deleteKey
2. GENERATE_EEK operations : generateEncryptedKey, warmUpEncryptedKeys
3. DECRYPT_EEK operation : decryptEncryptedKey
4. READ operations : getKeyVersion, getKeyVersions, getMetadata, getKeysMetadata, getCurrentKey
The read operations (getCurrentKeyVersion / getMetadata) etc are not checked.

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static interface`	`KeyAuthorizationKeyProvider.KeyACLs`	Interface that needs to be implemented by a client of the `KeyAuthorizationKeyProvider`.
`static class`	`KeyAuthorizationKeyProvider.KeyOpType`

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension, org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProviderExtension
org.apache.hadoop.crypto.key.KeyProviderExtension.Extension

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProvider
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion, org.apache.hadoop.crypto.key.KeyProvider.Metadata, org.apache.hadoop.crypto.key.KeyProvider.Options

Field Summary

Fields
Modifier and Type Field Description

static java.lang.String KEY_ACL
- Fields inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
  EEK, EK
- Fields inherited from class org.apache.hadoop.crypto.key.KeyProvider
  DEFAULT_BITLENGTH, DEFAULT_BITLENGTH_NAME, DEFAULT_CIPHER, DEFAULT_CIPHER_NAME, JCEKS_KEY_SERIAL_FILTER, JCEKS_KEY_SERIALFILTER_DEFAULT

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`KEY_ACL`

Constructor Summary

Constructors
Constructor	Description
`KeyAuthorizationKeyProvider(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension keyProvider, KeyAuthorizationKeyProvider.KeyACLs acls)`	The constructor takes a `KeyProviderCryptoExtension` and an implementation of `KeyACLs`.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`createKey(java.lang.String name, byte[] material, org.apache.hadoop.crypto.key.KeyProvider.Options options)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`createKey(java.lang.String name, org.apache.hadoop.crypto.key.KeyProvider.Options options)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)`
`void`	`deleteKey(java.lang.String name)`
`void`	`flush()`
`org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion`	`generateEncryptedKey(java.lang.String encryptionKeyName)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`getCurrentKey(java.lang.String name)`
`protected org.apache.hadoop.crypto.key.KeyProvider`	`getKeyProvider()`
`java.util.List<java.lang.String>`	`getKeys()`
`org.apache.hadoop.crypto.key.KeyProvider.Metadata[]`	`getKeysMetadata(java.lang.String... names)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`getKeyVersion(java.lang.String versionName)`
`java.util.List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion>`	`getKeyVersions(java.lang.String name)`
`org.apache.hadoop.crypto.key.KeyProvider.Metadata`	`getMetadata(java.lang.String name)`
`void`	`invalidateCache(java.lang.String name)`
`boolean`	`isTransient()`
`org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion`	`reencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv)`
`void`	`reencryptEncryptedKeys(java.util.List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`rollNewVersion(java.lang.String name)`
`org.apache.hadoop.crypto.key.KeyProvider.KeyVersion`	`rollNewVersion(java.lang.String name, byte[] material)`
`java.lang.String`	`toString()`
`void`	`warmUpEncryptedKeys(java.lang.String... names)`

Methods inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
close, createKeyProviderCryptoExtension, drain

Methods inherited from class org.apache.hadoop.crypto.key.KeyProviderExtension
getExtension

Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider
buildVersionName, findProvider, generateKey, getBaseName, getConf, needsPassword, noPasswordError, noPasswordWarning, options

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail
- KEY_ACL
```
public static final java.lang.String KEY_ACL
```
  See Also:
  
  Constant Field Values

Constructor Detail
- KeyAuthorizationKeyProvider
```
public KeyAuthorizationKeyProvider(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension keyProvider,
                                   KeyAuthorizationKeyProvider.KeyACLs acls)
```
  The constructor takes a KeyProviderCryptoExtension and an implementation of KeyACLs. All calls are delegated to the provider keyProvider after authorization check (if required)
  
  Parameters:
  
  keyProvider - the key provider
  
  acls - the Key ACLs

Method Detail

createKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(java.lang.String name,
                                                                     org.apache.hadoop.crypto.key.KeyProvider.Options options)
                                                              throws java.security.NoSuchAlgorithmException,
                                                                     java.io.IOException

Overrides:: createKey in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.security.NoSuchAlgorithmException; java.io.IOException

createKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion createKey(java.lang.String name,
                                                                     byte[] material,
                                                                     org.apache.hadoop.crypto.key.KeyProvider.Options options)
                                                              throws java.io.IOException

Overrides:: createKey in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

rollNewVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(java.lang.String name)
                                                                   throws java.security.NoSuchAlgorithmException,
                                                                          java.io.IOException

Overrides:: rollNewVersion in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.security.NoSuchAlgorithmException; java.io.IOException

deleteKey
```
public void deleteKey(java.lang.String name)
               throws java.io.IOException
```
Overrides:

deleteKey in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Throws:

java.io.IOException

rollNewVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(java.lang.String name,
                                                                          byte[] material)
                                                                   throws java.io.IOException

Overrides:: rollNewVersion in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

invalidateCache
```
public void invalidateCache(java.lang.String name)
                     throws java.io.IOException
```
Overrides:

invalidateCache in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Throws:

java.io.IOException

warmUpEncryptedKeys
```
public void warmUpEncryptedKeys(java.lang.String... names)
                         throws java.io.IOException
```
Overrides:

warmUpEncryptedKeys in class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

Throws:

java.io.IOException

generateEncryptedKey

public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(java.lang.String encryptionKeyName)
                                                                                                 throws java.io.IOException,
                                                                                                        java.security.GeneralSecurityException

Overrides:: generateEncryptedKey in class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
Throws:: java.io.IOException; java.security.GeneralSecurityException

decryptEncryptedKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
                                                                        throws java.io.IOException,
                                                                               java.security.GeneralSecurityException

Overrides:: decryptEncryptedKey in class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
Throws:: java.io.IOException; java.security.GeneralSecurityException

reencryptEncryptedKey

public org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion reencryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion ekv)
                                                                                                  throws java.io.IOException,
                                                                                                         java.security.GeneralSecurityException

Overrides:: reencryptEncryptedKey in class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
Throws:: java.io.IOException; java.security.GeneralSecurityException

reencryptEncryptedKeys

public void reencryptEncryptedKeys(java.util.List<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)
                            throws java.io.IOException,
                                   java.security.GeneralSecurityException

Overrides:: reencryptEncryptedKeys in class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
Throws:: java.io.IOException; java.security.GeneralSecurityException

getKeyVersion

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getKeyVersion(java.lang.String versionName)
                                                                  throws java.io.IOException

Overrides:: getKeyVersion in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

getKeys
```
public java.util.List<java.lang.String> getKeys()
                                         throws java.io.IOException
```
Overrides:

getKeys in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Throws:

java.io.IOException

getKeyVersions

public java.util.List<org.apache.hadoop.crypto.key.KeyProvider.KeyVersion> getKeyVersions(java.lang.String name)
                                                                                   throws java.io.IOException

Overrides:: getKeyVersions in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

getMetadata
```
public org.apache.hadoop.crypto.key.KeyProvider.Metadata getMetadata(java.lang.String name)
                                                              throws java.io.IOException
```
Overrides:

getMetadata in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Throws:

java.io.IOException

getKeysMetadata

public org.apache.hadoop.crypto.key.KeyProvider.Metadata[] getKeysMetadata(java.lang.String... names)
                                                                    throws java.io.IOException

Overrides:: getKeysMetadata in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

getCurrentKey

public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion getCurrentKey(java.lang.String name)
                                                                  throws java.io.IOException

Overrides:: getCurrentKey in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>
Throws:: java.io.IOException

flush
```
public void flush()
           throws java.io.IOException
```
Overrides:

flush in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Throws:

java.io.IOException

isTransient
```
public boolean isTransient()
```
Overrides:

isTransient in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

getKeyProvider
```
protected org.apache.hadoop.crypto.key.KeyProvider getKeyProvider()
```
Overrides:

getKeyProvider in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

toString
```
public java.lang.String toString()
```
Overrides:

toString in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>

Class KeyAuthorizationKeyProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProviderExtension

Nested classes/interfaces inherited from class org.apache.hadoop.crypto.key.KeyProvider

Field Summary

Fields inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

Fields inherited from class org.apache.hadoop.crypto.key.KeyProvider

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

Methods inherited from class org.apache.hadoop.crypto.key.KeyProviderExtension

Methods inherited from class org.apache.hadoop.crypto.key.KeyProvider

Methods inherited from class java.lang.Object

Field Detail

KEY_ACL

Constructor Detail

KeyAuthorizationKeyProvider

Method Detail

createKey

createKey

rollNewVersion

deleteKey

rollNewVersion

invalidateCache

warmUpEncryptedKeys

generateEncryptedKey

decryptEncryptedKey

reencryptEncryptedKey

reencryptEncryptedKeys

getKeyVersion

getKeys

getKeyVersions

getMetadata

getKeysMetadata

getCurrentKey

flush

isTransient

getKeyProvider

toString