Package org.apache.hadoop.crypto.key

Class CachingKeyProvider

java.lang.Object
org.apache.hadoop.crypto.key.KeyProvider
org.apache.hadoop.crypto.key.KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
org.apache.hadoop.crypto.key.CachingKeyProvider
All Implemented Interfaces:
Closeable, AutoCloseable
public class CachingKeyProvider extends KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
A KeyProviderExtension implementation providing a short lived cache for KeyVersions and Metadatato avoid burst of requests to hit the underlying KeyProvider.

  • Constructor Details

    • CachingKeyProvider

      public CachingKeyProvider(KeyProvider keyProvider, long keyTimeoutMillis, long currKeyTimeoutMillis)

  • Method Details

    • getCurrentKey

      public KeyProvider.KeyVersion getCurrentKey(String name) throws IOException
      Description copied from class: KeyProvider
      Get the current version of the key, which should be used for encrypting new data.
      Overrides:
      getCurrentKey in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the base name of the key
      Returns:
      the version name of the current version of the key or null if the key version doesn't exist
      Throws:
      IOException - raised on errors performing I/O.

    • getKeyVersion

      public KeyProvider.KeyVersion getKeyVersion(String versionName) throws IOException
      Description copied from class: KeyProvider
      Get the key material for a specific version of the key. This method is used when decrypting data.
      Overrides:
      getKeyVersion in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      versionName - the name of a specific version of the key
      Returns:
      the key material
      Throws:
      IOException - raised on errors performing I/O.

    • deleteKey

      public void deleteKey(String name) throws IOException
      Description copied from class: KeyProvider
      Delete the given key.
      Overrides:
      deleteKey in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the name of the key to delete
      Throws:
      IOException - raised on errors performing I/O.

    • rollNewVersion

      public KeyProvider.KeyVersion rollNewVersion(String name, byte[] material) throws IOException
      Description copied from class: KeyProvider
      Roll a new version of the given key.
      Overrides:
      rollNewVersion in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the basename of the key
      material - the new key material
      Returns:
      the name of the new version of the key
      Throws:
      IOException - raised on errors performing I/O.

    • rollNewVersion

      public KeyProvider.KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException
      Description copied from class: KeyProvider
      Roll a new version of the given key generating the material for it.

      This implementation generates the key material and calls the KeyProvider.rollNewVersion(String, byte[]) method.

      Overrides:
      rollNewVersion in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the basename of the key
      Returns:
      the name of the new version of the key
      Throws:
      NoSuchAlgorithmException - This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.
      IOException - raised on errors performing I/O.

    • invalidateCache

      public void invalidateCache(String name) throws IOException
      Description copied from class: KeyProvider
      Can be used by implementing classes to invalidate the caches. This could be used after rollNewVersion to provide a strong guarantee to return the new version of the given key.
      Overrides:
      invalidateCache in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the basename of the key
      Throws:
      IOException - raised on errors performing I/O.

    • getMetadata

      public KeyProvider.Metadata getMetadata(String name) throws IOException
      Description copied from class: KeyProvider
      Get metadata about the key.
      Overrides:
      getMetadata in class KeyProviderExtension<org.apache.hadoop.crypto.key.CachingKeyProvider.CacheExtension>
      Parameters:
      name - the basename of the key
      Returns:
      the key's metadata or null if the key doesn't exist
      Throws:
      IOException - raised on errors performing I/O.