getEncryptedStreams
public static IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
InputStream underlyingIn,
BlockPoolTokenSecretManager blockPoolTokenSecretManager,
String encryptionAlgorithm)
throws IOException
Factory method for DNs, where the nonce, keyId, and encryption key are not
yet known. The nonce and keyId will be sent by the client, and the DN
will then use those pieces of info and the secret key shared with the NN
to determine the encryptionKey used for the SASL handshake/encryption.
Establishes a secure connection assuming that the party on the other end
has the same shared secret. This does a SASL connection handshake, but not
a general-purpose one. It's specific to the MD5-DIGEST SASL mechanism with
auth-conf enabled. In particular, it doesn't support an arbitrary number of
challenge/response rounds, and we know that the client will never have an
initial response, so we don't check for one.
- Parameters:
underlyingOut
- output stream to write to the other partyunderlyingIn
- input stream to read from the other partyblockPoolTokenSecretManager
- secret manager capable of constructing
encryption key based on keyId, blockPoolId, and nonce
- Returns:
- a pair of streams which wrap the given streams and encrypt/decrypt
all data read/written
- Throws:
IOException
- in the event of error