public class InMemoryKeystore extends Object implements KeyProvider
KeyProvider.
The primary use of this class is for when the user doesn't have a
Hadoop KMS running and wishes to use encryption. It is also useful for
testing.
The local keys for this class are encrypted/decrypted using the cipher
in CBC/NoPadding mode and a constant IV. Since the key is random, the
constant IV is not a problem.
This class is not thread safe.KeyProvider.Factory| Modifier and Type | Field and Description |
|---|---|
static boolean |
SUPPORTS_AES_256
Support AES 256 ?
|
| Constructor and Description |
|---|
InMemoryKeystore()
Create a new InMemoryKeystore.
|
InMemoryKeystore(Random random)
Create an InMemoryKeystore with the given random generator.
|
| Modifier and Type | Method and Description |
|---|---|
InMemoryKeystore |
addKey(String keyName,
EncryptionAlgorithm algorithm,
byte[] masterKey)
Function that takes care of adding a new key.
A new key can be added only if: This is a new key and no prior key version exist. If the key exists (has versions), then the new version to be added should be greater than the version that already exists. |
InMemoryKeystore |
addKey(String keyName,
int version,
EncryptionAlgorithm algorithm,
byte[] masterKey)
Function that takes care of adding a new key.
A new key can be added only if: This is a new key and no prior key version exist. If the key exists (has versions), then the new version to be added should be greater than the version that already exists. |
LocalKey |
createLocalKey(HadoopShims.KeyMetadata key)
Create a local key for the given key version.
|
Key |
decryptLocalKey(HadoopShims.KeyMetadata key,
byte[] encryptedKey)
Create a local key for the given key version and initialization vector.
|
HadoopShims.KeyMetadata |
getCurrentKeyVersion(String keyName)
Get the current metadata for a given key.
|
List<String> |
getKeyNames()
Get the list of key names from the key provider.
|
HadoopShims.KeyProviderKind |
getKind() |
public InMemoryKeystore()
public InMemoryKeystore(Random random)
public List<String> getKeyNames()
getKeyNames in interface KeyProviderpublic HadoopShims.KeyMetadata getCurrentKeyVersion(String keyName)
getCurrentKeyVersion in interface KeyProviderkeyName - the name of a keypublic LocalKey createLocalKey(HadoopShims.KeyMetadata key)
createLocalKey in interface KeyProviderkey - the master key versionpublic Key decryptLocalKey(HadoopShims.KeyMetadata key, byte[] encryptedKey)
This uses KeyProviderCryptoExtension.decryptEncryptedKey with a fixed key of the appropriate length.
decryptLocalKey in interface KeyProviderkey - the master key versionencryptedKey - the unique initialization vectorpublic HadoopShims.KeyProviderKind getKind()
getKind in interface KeyProviderpublic InMemoryKeystore addKey(String keyName, EncryptionAlgorithm algorithm, byte[] masterKey) throws IOException
keyName - Name of the key to be addedalgorithm - Algorithm usedmasterKey - Master keyIOExceptionpublic InMemoryKeystore addKey(String keyName, int version, EncryptionAlgorithm algorithm, byte[] masterKey) throws IOException
keyName - Name of the key to be addedversion - Key Versionalgorithm - Algorithm usedmasterKey - Master keyIOExceptionCopyright © 2013–2021 The Apache Software Foundation. All rights reserved.