Package org.apache.hadoop.hbase.security
Class EncryptionUtil
java.lang.Object
org.apache.hadoop.hbase.security.EncryptionUtil
Some static utility methods for encryption uses in hbase-client.
-
Field Summary
-
Constructor Summary
ModifierConstructorDescriptionprivate
Private constructor to keep this class from being instantiated. -
Method Summary
Modifier and TypeMethodDescriptionstatic CryptoAES
createCryptoAES
(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta, org.apache.hadoop.conf.Configuration conf) Helper to create an instance of CryptoAES.static Encryption.Context
createEncryptionContext
(org.apache.hadoop.conf.Configuration conf, ColumnFamilyDescriptor family) Helper to create an encyption context.private static Key
getUnwrapKey
(org.apache.hadoop.conf.Configuration conf, String subject, org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey, Cipher cipher) static Key
unwrapKey
(org.apache.hadoop.conf.Configuration conf, byte[] keyBytes) Helper forunwrapKey(Configuration, String, byte[])
which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with.static Key
Unwrap a key by decrypting it with the secret key of the given subject.static Key
unwrapWALKey
(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value) Unwrap a wal key by decrypting it with the secret key of the given subject.static byte[]
Protect a key by encrypting it with the secret key of the given subject.static byte[]
Protect a key by encrypting it with the secret key of the given subject.
-
Field Details
-
LOG
-
-
Constructor Details
-
EncryptionUtil
private EncryptionUtil()Private constructor to keep this class from being instantiated.
-
-
Method Details
-
wrapKey
public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf, byte[] key, String algorithm) throws IOException Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.- Parameters:
conf
- configurationkey
- the raw key bytesalgorithm
- the algorithm to use with this key material- Returns:
- the encrypted key bytes
- Throws:
IOException
-
wrapKey
public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf, String subject, Key key) throws IOException Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.- Parameters:
conf
- configurationsubject
- subject key aliaskey
- the key- Returns:
- the encrypted key bytes
- Throws:
IOException
-
unwrapKey
public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value) throws IOException, KeyException Unwrap a key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.- Parameters:
conf
- configurationsubject
- subject key aliasvalue
- the encrypted key bytes- Returns:
- the raw key bytes
- Throws:
IOException
KeyException
-
getUnwrapKey
private static Key getUnwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey, Cipher cipher) throws IOException, KeyException - Throws:
IOException
KeyException
-
unwrapWALKey
public static Key unwrapWALKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value) throws IOException, KeyException Unwrap a wal key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.- Parameters:
conf
- configurationsubject
- subject key aliasvalue
- the encrypted key bytes- Returns:
- the raw key bytes
- Throws:
IOException
- if key is not found for the subject, or if some I/O error occursKeyException
- if fail to unwrap the key
-
createEncryptionContext
public static Encryption.Context createEncryptionContext(org.apache.hadoop.conf.Configuration conf, ColumnFamilyDescriptor family) throws IOException Helper to create an encyption context.- Parameters:
conf
- The current configuration.family
- The current column descriptor.- Returns:
- The created encryption context.
- Throws:
IOException
- if an encryption key for the column cannot be unwrappedIllegalStateException
- in case of encryption related configuration errors
-
unwrapKey
public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf, byte[] keyBytes) throws IOException Helper forunwrapKey(Configuration, String, byte[])
which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with. The configuration must be set up correctly for key alias resolution.- Parameters:
conf
- the current configurationkeyBytes
- the key encrypted by master (or alternative) to unwrap- Returns:
- the key bytes, decrypted
- Throws:
IOException
- if the key cannot be unwrapped
-
createCryptoAES
public static CryptoAES createCryptoAES(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta, org.apache.hadoop.conf.Configuration conf) throws IOException Helper to create an instance of CryptoAES.- Parameters:
conf
- The current configuration.cryptoCipherMeta
- The metadata for create CryptoAES.- Returns:
- The instance of CryptoAES.
- Throws:
IOException
- if create CryptoAES failed
-