Package org.apache.hadoop.hbase.security

Class EncryptionUtil

java.lang.Object
org.apache.hadoop.hbase.security.EncryptionUtil
@Private @Evolving public final class EncryptionUtil extends Object
Some static utility methods for encryption uses in hbase-client.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private static final org.slf4j.Logger
    LOG
     

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    EncryptionUtil()
    Private constructor to keep this class from being instantiated.

  • Method Summary

    Modifier and Type
    Method
    Description
    static CryptoAES
    createCryptoAES(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta, org.apache.hadoop.conf.Configuration conf)
    Helper to create an instance of CryptoAES.
    static Encryption.Context
    createEncryptionContext(org.apache.hadoop.conf.Configuration conf, ColumnFamilyDescriptor family)
    Helper to create an encyption context.
    private static Key
    getUnwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey, Cipher cipher)
     
    static Key
    unwrapKey(org.apache.hadoop.conf.Configuration conf, byte[] keyBytes)
    Helper for unwrapKey(Configuration, String, byte[]) which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with.
    static Key
    unwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value)
    Unwrap a key by decrypting it with the secret key of the given subject.
    static Key
    unwrapWALKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value)
    Unwrap a wal key by decrypting it with the secret key of the given subject.
    static byte[]
    wrapKey(org.apache.hadoop.conf.Configuration conf, byte[] key, String algorithm)
    Protect a key by encrypting it with the secret key of the given subject.
    static byte[]
    wrapKey(org.apache.hadoop.conf.Configuration conf, String subject, Key key)
    Protect a key by encrypting it with the secret key of the given subject.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • LOG

      private static final org.slf4j.Logger LOG

  • Constructor Details

    • EncryptionUtil

      private EncryptionUtil()
      Private constructor to keep this class from being instantiated.

  • Method Details

    • wrapKey

      public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf, byte[] key, String algorithm) throws IOException
      Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.
      Parameters:
      conf - configuration
      key - the raw key bytes
      algorithm - the algorithm to use with this key material
      Returns:
      the encrypted key bytes
      Throws:
      IOException

    • wrapKey

      public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf, String subject, Key key) throws IOException
      Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.
      Parameters:
      conf - configuration
      subject - subject key alias
      key - the key
      Returns:
      the encrypted key bytes
      Throws:
      IOException

    • unwrapKey

      public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value) throws IOException, KeyException
      Unwrap a key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.
      Parameters:
      conf - configuration
      subject - subject key alias
      value - the encrypted key bytes
      Returns:
      the raw key bytes
      Throws:
      IOException
      KeyException

    • getUnwrapKey

      private static Key getUnwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey, Cipher cipher) throws IOException, KeyException
      Throws:
      IOException
      KeyException

    • unwrapWALKey

      public static Key unwrapWALKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value) throws IOException, KeyException
      Unwrap a wal key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.
      Parameters:
      conf - configuration
      subject - subject key alias
      value - the encrypted key bytes
      Returns:
      the raw key bytes
      Throws:
      IOException - if key is not found for the subject, or if some I/O error occurs
      KeyException - if fail to unwrap the key

    • createEncryptionContext

      public static Encryption.Context createEncryptionContext(org.apache.hadoop.conf.Configuration conf, ColumnFamilyDescriptor family) throws IOException
      Helper to create an encyption context.
      Parameters:
      conf - The current configuration.
      family - The current column descriptor.
      Returns:
      The created encryption context.
      Throws:
      IOException - if an encryption key for the column cannot be unwrapped
      IllegalStateException - in case of encryption related configuration errors

    • unwrapKey

      public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf, byte[] keyBytes) throws IOException
      Helper for unwrapKey(Configuration, String, byte[]) which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with. The configuration must be set up correctly for key alias resolution.
      Parameters:
      conf - the current configuration
      keyBytes - the key encrypted by master (or alternative) to unwrap
      Returns:
      the key bytes, decrypted
      Throws:
      IOException - if the key cannot be unwrapped

    • createCryptoAES

      public static CryptoAES createCryptoAES(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta, org.apache.hadoop.conf.Configuration conf) throws IOException
      Helper to create an instance of CryptoAES.
      Parameters:
      conf - The current configuration.
      cryptoCipherMeta - The metadata for create CryptoAES.
      Returns:
      The instance of CryptoAES.
      Throws:
      IOException - if create CryptoAES failed