@InterfaceAudience.Private public class BlockTokenSecretManager extends SecretManager<BlockTokenIdentifier>
Modifier and Type | Class and Description |
---|---|
static class |
BlockTokenSecretManager.AccessMode |
SecretManager.InvalidToken
Modifier and Type | Field and Description |
---|---|
static Token<BlockTokenIdentifier> |
DUMMY_TOKEN |
static org.apache.commons.logging.Log |
LOG |
Constructor and Description |
---|
BlockTokenSecretManager(long keyUpdateInterval,
long tokenLifetime,
int nnIndex,
String blockPoolId,
String encryptionAlgorithm)
Constructor for masters.
|
BlockTokenSecretManager(long keyUpdateInterval,
long tokenLifetime,
String blockPoolId,
String encryptionAlgorithm)
Constructor for slaves.
|
Modifier and Type | Method and Description |
---|---|
void |
addKeys(ExportedBlockKeys exportedKeys)
Set block keys, only to be used in slave mode
|
void |
checkAccess(BlockTokenIdentifier id,
String userId,
ExtendedBlock block,
BlockTokenSecretManager.AccessMode mode)
Check if access should be allowed.
|
void |
checkAccess(Token<BlockTokenIdentifier> token,
String userId,
ExtendedBlock block,
BlockTokenSecretManager.AccessMode mode)
Check if access should be allowed.
|
void |
clearAllKeysForTesting() |
BlockTokenIdentifier |
createIdentifier()
Create an empty block token identifier
|
protected byte[] |
createPassword(BlockTokenIdentifier identifier)
Create a new password/secret for the given block token identifier.
|
ExportedBlockKeys |
exportKeys()
Export block keys, only to be used in master mode
|
DataEncryptionKey |
generateDataEncryptionKey()
Generate a data encryption key for this block pool, using the current
BlockKey.
|
Token<BlockTokenIdentifier> |
generateToken(ExtendedBlock block,
EnumSet<BlockTokenSecretManager.AccessMode> modes)
Generate an block token for current user
|
Token<BlockTokenIdentifier> |
generateToken(String userId,
ExtendedBlock block,
EnumSet<BlockTokenSecretManager.AccessMode> modes)
Generate a block token for a specified user
|
int |
getSerialNoForTesting() |
byte[] |
retrieveDataEncryptionKey(int keyId,
byte[] nonce)
Recreate an encryption key based on the given key id and nonce.
|
byte[] |
retrievePassword(BlockTokenIdentifier identifier)
Look up the token password/secret for the given block token identifier.
|
void |
setBlockPoolId(String blockPoolId) |
void |
setKeyUpdateIntervalForTesting(long millis) |
void |
setSerialNo(int serialNo) |
void |
setTokenLifetime(long tokenLifetime)
set token lifetime.
|
boolean |
updateKeys(long updateTime)
Update block keys if update time > update interval.
|
checkAvailableForRead, createPassword, createSecretKey, generateSecret
public static final org.apache.commons.logging.Log LOG
public static final Token<BlockTokenIdentifier> DUMMY_TOKEN
public BlockTokenSecretManager(long keyUpdateInterval, long tokenLifetime, String blockPoolId, String encryptionAlgorithm)
keyUpdateInterval
- how often a new key will be generatedtokenLifetime
- how long an individual token is validpublic BlockTokenSecretManager(long keyUpdateInterval, long tokenLifetime, int nnIndex, String blockPoolId, String encryptionAlgorithm)
keyUpdateInterval
- how often a new key will be generatedtokenLifetime
- how long an individual token is validisHaEnabled
- whether or not HA is enabledthisNnId
- the NN ID of this NN in an HA setupotherNnId
- the NN ID of the other NN in an HA setuppublic void setSerialNo(int serialNo)
public void setBlockPoolId(String blockPoolId)
public ExportedBlockKeys exportKeys()
public void addKeys(ExportedBlockKeys exportedKeys) throws IOException
IOException
public boolean updateKeys(long updateTime) throws IOException
IOException
public Token<BlockTokenIdentifier> generateToken(ExtendedBlock block, EnumSet<BlockTokenSecretManager.AccessMode> modes) throws IOException
IOException
public Token<BlockTokenIdentifier> generateToken(String userId, ExtendedBlock block, EnumSet<BlockTokenSecretManager.AccessMode> modes) throws IOException
IOException
public void checkAccess(BlockTokenIdentifier id, String userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) throws SecretManager.InvalidToken
SecretManager.InvalidToken
public void checkAccess(Token<BlockTokenIdentifier> token, String userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) throws SecretManager.InvalidToken
SecretManager.InvalidToken
public void setTokenLifetime(long tokenLifetime)
public BlockTokenIdentifier createIdentifier()
createIdentifier
in class SecretManager<BlockTokenIdentifier>
protected byte[] createPassword(BlockTokenIdentifier identifier)
createPassword
in class SecretManager<BlockTokenIdentifier>
identifier
- the block token identifierpublic byte[] retrievePassword(BlockTokenIdentifier identifier) throws SecretManager.InvalidToken
retrievePassword
in class SecretManager<BlockTokenIdentifier>
identifier
- the block token identifier to look upInvalidToken
SecretManager.InvalidToken
public DataEncryptionKey generateDataEncryptionKey()
public byte[] retrieveDataEncryptionKey(int keyId, byte[] nonce) throws InvalidEncryptionKeyException
keyId
- identifier of the secret key used to generate the encryption key.nonce
- random value used to create the encryption keyInvalidToken
InvalidEncryptionKeyException
public void setKeyUpdateIntervalForTesting(long millis)
public void clearAllKeysForTesting()
public int getSerialNoForTesting()
Copyright © 2013 Apache Software Foundation. All rights reserved.