/** * Checks if an address is already trusted and then sends client SASL * negotiation if required. * * @param addr connection address * @param underlyingOut connection output stream * @param underlyingIn connection input stream * @param encryptionKeyFactory for creation of an encryption key * @param accessToken connection block access token * @param datanodeId ID of destination DataNode * @return new pair of streams, wrapped after SASL negotiation * @throws IOException for any error */ private IOStreamPair checkTrustAndSend(InetAddress addr, OutputStream underlyingOut, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId) throws IOException { if (!trustedChannelResolver.isTrusted() && !trustedChannelResolver.isTrusted(addr)) { // The encryption key factory only returns a key if encryption is enabled. DataEncryptionKey encryptionKey = encryptionKeyFactory.newDataEncryptionKey(); return send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken, datanodeId); } else { LOG.debug( "SASL client skipping handshake on trusted connection for addr = {}, " + "datanodeId = {}", addr, datanodeId); return null; } }
/** * Sends client SASL negotiation for specialized encrypted handshake. * * @param underlyingOut connection output stream * @param underlyingIn connection input stream * @param encryptionKey for an encrypted SASL handshake * @return new pair of streams, wrapped after SASL negotiation * @throws IOException for any error */ private IOStreamPair getEncryptedStreams(OutputStream underlyingOut, InputStream underlyingIn, DataEncryptionKey encryptionKey) throws IOException { Map<String, String> saslProps = createSaslPropertiesForEncryption( encryptionKey.encryptionAlgorithm); LOG.debug("Client using encryption algorithm {}", encryptionKey.encryptionAlgorithm); String userName = getUserNameFromEncryptionKey(encryptionKey); char[] password = encryptionKeyToPassword(encryptionKey.encryptionKey); CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName, password); return doSaslHandshake(underlyingOut, underlyingIn, userName, saslProps, callbackHandler); }
@Override public GetDataEncryptionKeyResponseProto getDataEncryptionKey( RpcController controller, GetDataEncryptionKeyRequestProto request) throws ServiceException { try { GetDataEncryptionKeyResponseProto.Builder builder = GetDataEncryptionKeyResponseProto.newBuilder(); DataEncryptionKey encryptionKey = server.getDataEncryptionKey(); if (encryptionKey != null) { builder.setDataEncryptionKey(PBHelper.convert(encryptionKey)); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@Override public GetDataEncryptionKeyResponseProto getDataEncryptionKey( RpcController controller, GetDataEncryptionKeyRequestProto request) throws ServiceException { try { GetDataEncryptionKeyResponseProto.Builder builder = GetDataEncryptionKeyResponseProto.newBuilder(); DataEncryptionKey encryptionKey = server.getDataEncryptionKey(); if (encryptionKey != null) { builder.setDataEncryptionKey(PBHelperClient.convert(encryptionKey)); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@InterfaceAudience.Private public DataEncryptionKey getDataEncryptionKey() throws IOException { if (shouldEncryptData()) { synchronized (this) { if (encryptionKey == null || encryptionKey.expiryDate < Time.now()) { LOG.debug("Getting new encryption token from NN"); encryptionKey = namenode.getDataEncryptionKey(); } return encryptionKey; } } else { return null; } }
public static Peer peerFromSocketAndKey(Socket s, DataEncryptionKey key) throws IOException { Peer peer = null; boolean success = false; try { peer = peerFromSocket(s); if (key != null) { peer = new EncryptedPeer(peer, key); } success = true; return peer; } finally { if (!success) { IOUtils.cleanup(null, peer); } } }
@InterfaceAudience.Private public DataEncryptionKey getDataEncryptionKey() throws IOException { if (shouldEncryptData() && !this.trustedChannelResolver.isTrusted()) { synchronized (this) { if (encryptionKey == null || encryptionKey.expiryDate < Time.now()) { LOG.debug("Getting new encryption token from NN"); encryptionKey = namenode.getDataEncryptionKey(); } return encryptionKey; } } else { return null; } }
@Override public DataEncryptionKey newDataEncryptionKey() throws IOException { if (shouldEncryptData()) { synchronized (this) { if (encryptionKey == null || encryptionKey.expiryDate < Time.now()) { LOG.debug("Getting new encryption token from NN"); encryptionKey = namenode.getDataEncryptionKey(); } return encryptionKey; } } else { return null; } }
@Override public DataEncryptionKey newDataEncryptionKey() { if (encryptDataTransfer) { synchronized (this) { if (encryptionKey == null) { encryptionKey = blockTokenSecretManager.generateDataEncryptionKey(); } return encryptionKey; } } else { return null; } }
public DataEncryptionKey generateDataEncryptionKey() { if (isBlockTokenEnabled() && encryptDataTransfer) { return blockTokenSecretManager.generateDataEncryptionKey(); } else { return null; } }
/** * Returns a new DataEncryptionKeyFactory that generates a key from the * BlockPoolTokenSecretManager, using the block pool ID of the given block. * * @param block for which the factory needs to create a key * @return DataEncryptionKeyFactory for block's block pool ID */ DataEncryptionKeyFactory getDataEncryptionKeyFactoryForBlock( final ExtendedBlock block) { return new DataEncryptionKeyFactory() { @Override public DataEncryptionKey newDataEncryptionKey() { return dnConf.encryptDataTransfer ? blockPoolTokenSecretManager.generateDataEncryptionKey( block.getBlockPoolId()) : null; } }; }
public static DataEncryptionKey convert(DataEncryptionKeyProto bet) { String encryptionAlgorithm = bet.getEncryptionAlgorithm(); return new DataEncryptionKey(bet.getKeyId(), bet.getBlockPoolId(), bet.getNonce().toByteArray(), bet.getEncryptionKey().toByteArray(), bet.getExpiryDate(), encryptionAlgorithm.isEmpty() ? null : encryptionAlgorithm); }
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) { DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder() .setKeyId(bet.keyId) .setBlockPoolId(bet.blockPoolId) .setNonce(ByteString.copyFrom(bet.nonce)) .setEncryptionKey(ByteString.copyFrom(bet.encryptionKey)) .setExpiryDate(bet.expiryDate); if (bet.encryptionAlgorithm != null) { b.setEncryptionAlgorithm(bet.encryptionAlgorithm); } return b.build(); }
@Override public DataEncryptionKey getDataEncryptionKey() throws IOException { try { GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey( null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST); return rsp.hasDataEncryptionKey() ? PBHelper.convert(rsp.getDataEncryptionKey()) : null; } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
public static DataEncryptionKeyProto convert(DataEncryptionKey bet) { DataEncryptionKeyProto.Builder b = DataEncryptionKeyProto.newBuilder() .setKeyId(bet.keyId) .setBlockPoolId(bet.blockPoolId) .setNonce(getByteString(bet.nonce)) .setEncryptionKey(getByteString(bet.encryptionKey)) .setExpiryDate(bet.expiryDate); if (bet.encryptionAlgorithm != null) { b.setEncryptionAlgorithm(bet.encryptionAlgorithm); } return b.build(); }
@Override public DataEncryptionKey getDataEncryptionKey() throws IOException { try { GetDataEncryptionKeyResponseProto rsp = rpcProxy.getDataEncryptionKey( null, VOID_GET_DATA_ENCRYPTIONKEY_REQUEST); return rsp.hasDataEncryptionKey() ? PBHelperClient.convert(rsp.getDataEncryptionKey()) : null; } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }