public class InMemoryKeystore extends Object implements KeyProvider
KeyProvider
.
The primary use of this class is for when the user doesn't have a Hadoop KMS running and wishes to use encryption. It is also useful for testing.
The local keys for this class are encrypted/decrypted using the cipher in CBC/NoPadding mode and a constant IV. Since the key is random, the constant IV is not a problem.
This class is not thread safe.
KeyProvider.Factory
Modifier and Type | Field and Description |
---|---|
static boolean |
SUPPORTS_AES_256
Support AES 256 ?
|
Constructor and Description |
---|
InMemoryKeystore()
Create a new InMemoryKeystore.
|
InMemoryKeystore(Random random)
Create an InMemoryKeystore with the given random generator.
|
Modifier and Type | Method and Description |
---|---|
InMemoryKeystore |
addKey(String keyName,
EncryptionAlgorithm algorithm,
byte[] masterKey)
Function that takes care of adding a new key.
A new key can be added only if: This is a new key and no prior key version exist. If the key exists (has versions), then the new version to be added should be greater than the version that already exists. |
InMemoryKeystore |
addKey(String keyName,
int version,
EncryptionAlgorithm algorithm,
byte[] masterKey)
Function that takes care of adding a new key.
A new key can be added only if: This is a new key and no prior key version exist. If the key exists (has versions), then the new version to be added should be greater than the version that already exists. |
LocalKey |
createLocalKey(HadoopShims.KeyMetadata key)
Create a local key for the given key version.
|
Key |
decryptLocalKey(HadoopShims.KeyMetadata key,
byte[] encryptedKey)
Create a local key for the given key version and initialization vector.
|
HadoopShims.KeyMetadata |
getCurrentKeyVersion(String keyName)
Get the current metadata for a given key.
|
List<String> |
getKeyNames()
Get the list of key names from the key provider.
|
HadoopShims.KeyProviderKind |
getKind() |
public InMemoryKeystore()
public InMemoryKeystore(Random random)
public List<String> getKeyNames()
getKeyNames
in interface KeyProvider
public HadoopShims.KeyMetadata getCurrentKeyVersion(String keyName)
getCurrentKeyVersion
in interface KeyProvider
keyName
- the name of a keypublic LocalKey createLocalKey(HadoopShims.KeyMetadata key)
createLocalKey
in interface KeyProvider
key
- the master key versionpublic Key decryptLocalKey(HadoopShims.KeyMetadata key, byte[] encryptedKey)
This uses KeyProviderCryptoExtension.decryptEncryptedKey with a fixed key of the appropriate length.
decryptLocalKey
in interface KeyProvider
key
- the master key versionencryptedKey
- the unique initialization vectorpublic HadoopShims.KeyProviderKind getKind()
getKind
in interface KeyProvider
public InMemoryKeystore addKey(String keyName, EncryptionAlgorithm algorithm, byte[] masterKey) throws IOException
keyName
- Name of the key to be addedalgorithm
- Algorithm usedmasterKey
- Master keyIOException
public InMemoryKeystore addKey(String keyName, int version, EncryptionAlgorithm algorithm, byte[] masterKey) throws IOException
keyName
- Name of the key to be addedversion
- Key Versionalgorithm
- Algorithm usedmasterKey
- Master keyIOException
Copyright © 2013–2023 The Apache Software Foundation. All rights reserved.