@InterfaceAudience.Private
public class EagerKeyGeneratorKeyProviderCryptoExtension
extends org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
KeyProviderCryptoExtension that pre-generates and caches encrypted
keys.org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion| Modifier and Type | Field and Description |
|---|---|
static int |
KMS_KEY_CACHE_EXPIRY_DEFAULT |
static String |
KMS_KEY_CACHE_EXPIRY_MS |
static String |
KMS_KEY_CACHE_LOW_WATERMARK |
static float |
KMS_KEY_CACHE_LOW_WATERMARK_DEFAULT |
static String |
KMS_KEY_CACHE_NUM_REFILL_THREADS |
static int |
KMS_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT |
static String |
KMS_KEY_CACHE_SIZE |
static int |
KMS_KEY_CACHE_SIZE_DEFAULT |
| Constructor and Description |
|---|
EagerKeyGeneratorKeyProviderCryptoExtension(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension keyProviderCryptoExtension)
This class is a proxy for a
KeyProviderCryptoExtension that
decorates the underlying CryptoExtension with one that eagerly
caches pre-generated Encrypted Keys using a ValueQueue |
| Modifier and Type | Method and Description |
|---|---|
void |
invalidateCache(String name) |
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
rollNewVersion(String name)
Roll a new version of the given key generating the material for it.
|
org.apache.hadoop.crypto.key.KeyProvider.KeyVersion |
rollNewVersion(String name,
byte[] material) |
close, createKeyProviderCryptoExtension, decryptEncryptedKey, drain, generateEncryptedKey, reencryptEncryptedKey, reencryptEncryptedKeys, warmUpEncryptedKeyscreateKey, createKey, deleteKey, flush, getCurrentKey, getExtension, getKeyProvider, getKeys, getKeysMetadata, getKeyVersion, getKeyVersions, getMetadata, isTransient, toStringpublic static final String KMS_KEY_CACHE_SIZE
public static final int KMS_KEY_CACHE_SIZE_DEFAULT
public static final String KMS_KEY_CACHE_LOW_WATERMARK
public static final float KMS_KEY_CACHE_LOW_WATERMARK_DEFAULT
public static final String KMS_KEY_CACHE_EXPIRY_MS
public static final int KMS_KEY_CACHE_EXPIRY_DEFAULT
public static final String KMS_KEY_CACHE_NUM_REFILL_THREADS
public static final int KMS_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT
public EagerKeyGeneratorKeyProviderCryptoExtension(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension keyProviderCryptoExtension)
KeyProviderCryptoExtension that
decorates the underlying CryptoExtension with one that eagerly
caches pre-generated Encrypted Keys using a ValueQueueconf - Configuration object to load parameters fromkeyProviderCryptoExtension - KeyProviderCryptoExtension
to delegate calls to.public org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException
Due to the caching on the ValueQueue, even after a rollNewVersion call,
KeyProviderCryptoExtension.generateEncryptedKey(String) may still return an old key - even
when we drain the queue here, the async thread may later fill in old keys.
This is acceptable since old version keys are still able to decrypt, and
client shall make no assumptions that it will get a new versioned key
after rollNewVersion.
rollNewVersion in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>NoSuchAlgorithmExceptionIOExceptionpublic org.apache.hadoop.crypto.key.KeyProvider.KeyVersion rollNewVersion(String name, byte[] material) throws IOException
rollNewVersion in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>IOExceptionpublic void invalidateCache(String name) throws IOException
invalidateCache in class org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension>IOExceptionCopyright © 2008–2020 Apache Software Foundation. All rights reserved.