Package org.apache.hadoop.hbase.io.crypto

Class KeyStoreKeyProvider

java.lang.Object

org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider

All Implemented Interfaces:

org.apache.hadoop.hbase.io.crypto.KeyProvider

@Public
@Evolving
public class KeyStoreKeyProvider
extends Object
implements org.apache.hadoop.hbase.io.crypto.KeyProvider

A basic KeyProvider that can resolve keys from a protected KeyStore file on the local filesystem. It is configured with a URI passed in as a String to init(). The URI should have the form:

     scheme://path?option1=value1&option2=value2
 

scheme can be either "jks" or "jceks", specifying the file based providers shipped with every JRE. The latter is the certificate store for the SunJCE cryptography extension, or PKCS #12, and is capable of storing SecretKeys.

path is the location of the keystore in the filesystem namespace.

Options can be specified as query parameters.

If the store was created with a password, the password can be specified using the option 'password'.

For example:

     jceks:///var/tmp/example.ks?password=foobar
 

It is assumed that all keys in the store are protected with the same password.

Alternatively, a properties file can be specified containing passwords for keys in the keystore.

     jceks:///var/tmp/example.ks?passwordFile=/var/tmp/example.pw
 

Subclasses for supporting KeyStores that are not file based can extend the protected methods of this class to specify the appropriate LoadStoreParameters.

Field Summary

Fields

Modifier and Type	Field	Description
protected char[]	password
protected Properties	passwordFile
protected KeyStore	store

Fields inherited from interface org.apache.hadoop.hbase.io.crypto.KeyProvider

PASSWORD, PASSWORDFILE

Constructor Summary

Constructors

Constructor	Description
KeyStoreKeyProvider()

Method Summary

Modifier and Type	Method	Description
protected char[]	getAliasPassword(String alias)
Key	getKey(String alias)	Retrieve the key for a given key aliase
Key[]	getKeys(String[] aliases)	Retrieve keys for a given set of key aliases
void	init(String params)	Initialize the key provider
protected void	load(URI uri)
protected void	processParameter(String name, String value)
protected void	processParameters(URI uri)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

store

protected KeyStore store

password

protected char[] password

passwordFile

protected Properties passwordFile

Constructor Details

KeyStoreKeyProvider

public KeyStoreKeyProvider()

Method Details

processParameter

protected void processParameter(String name,
 String value)
                         throws IOException

Throws:

IOException

processParameters

protected void processParameters(URI uri)
                          throws IOException

Throws:

IOException

load

protected void load(URI uri)
             throws IOException

Throws:

IOException

init

public void init(String params)

Description copied from interface: org.apache.hadoop.hbase.io.crypto.KeyProvider

Initialize the key provider

Specified by:

init in interface org.apache.hadoop.hbase.io.crypto.KeyProvider

getAliasPassword

protected char[] getAliasPassword(String alias)

getKey

public Key getKey(String alias)

Description copied from interface: org.apache.hadoop.hbase.io.crypto.KeyProvider

Retrieve the key for a given key aliase

Specified by:

getKey in interface org.apache.hadoop.hbase.io.crypto.KeyProvider

Returns:

the keys corresponding to the supplied alias, or null if a key is not found

getKeys

public Key[] getKeys(String[] aliases)

Description copied from interface: org.apache.hadoop.hbase.io.crypto.KeyProvider

Retrieve keys for a given set of key aliases

Specified by:

getKeys in interface org.apache.hadoop.hbase.io.crypto.KeyProvider

Parameters:

aliases - an array of aliases

Returns:

an array of keys corresponding to the supplied aliases, an entry will be null if a key is not found