Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto;
019
020import java.security.Key;
021import org.apache.commons.codec.binary.Hex;
022import org.apache.hadoop.conf.Configurable;
023import org.apache.hadoop.conf.Configuration;
024import org.apache.hadoop.hbase.HBaseConfiguration;
025import org.apache.yetus.audience.InterfaceAudience;
026
027import org.apache.hbase.thirdparty.com.google.common.base.Preconditions;
028
029/**
030 * Crypto context. Encapsulates an encryption algorithm and its key material.
031 */
032@InterfaceAudience.Public
033public class Context implements Configurable {
034  private Configuration conf;
035  private Cipher cipher;
036  private Key key;
037  private ManagedKeyData kekData;
038  private String keyNamespace;
039  private String keyHash;
040
041  Context(Configuration conf) {
042    this.conf = conf;
043  }
044
045  Context() {
046    this(HBaseConfiguration.create());
047  }
048
049  @Override
050  public Configuration getConf() {
051    return conf;
052  }
053
054  @Override
055  public void setConf(Configuration conf) {
056    this.conf = conf;
057  }
058
059  @Override
060  public String toString() {
061    return "cipher=" + (cipher != null ? cipher.getName() : "NONE") + " keyHash="
062      + (keyHash != null ? keyHash.substring(0, 8) + "..." : "NONE");
063  }
064
065  public Cipher getCipher() {
066    return cipher;
067  }
068
069  public Context setCipher(Cipher cipher) {
070    this.cipher = cipher;
071    return this;
072  }
073
074  public byte[] getKeyBytes() {
075    return key.getEncoded();
076  }
077
078  public String getKeyBytesHash() {
079    return keyHash;
080  }
081
082  public String getKeyFormat() {
083    return key.getFormat();
084  }
085
086  public Key getKey() {
087    return key;
088  }
089
090  public Context setKey(Key key) {
091    Preconditions.checkNotNull(cipher, "Context does not have a cipher");
092    // validate the key length
093    byte[] encoded = key.getEncoded();
094    if (encoded.length != cipher.getKeyLength()) {
095      throw new RuntimeException(
096        "Illegal key length, have=" + encoded.length + ", want=" + cipher.getKeyLength());
097    }
098    this.key = key;
099    this.keyHash = new String(Hex.encodeHex(Encryption.computeCryptoKeyHash(conf, encoded)));
100    return this;
101  }
102
103  public Context setKeyNamespace(String keyNamespace) {
104    this.keyNamespace = keyNamespace;
105    return this;
106  }
107
108  public String getKeyNamespace() {
109    return keyNamespace;
110  }
111
112  public Context setKEKData(ManagedKeyData kekData) {
113    this.kekData = kekData;
114    return this;
115  }
116
117  public ManagedKeyData getKEKData() {
118    return kekData;
119  }
120}