Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10429

KeyStores should have methods to generate the materials themselves, KeyShell should use them

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-alpha1
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently, the KeyProvider API expects the caller to provide the key materials. And, the KeyShell generates key materials.

      For security reasons, KeyProvider implementations may want to generate and hide (from the user generating the key) the key materials.

      1. HADOOP-10429.patch
        10 kB
        Alejandro Abdelnur

        Issue Links

          Activity

          Hide
          tucu00 Alejandro Abdelnur added a comment -

          Patch that adds 2 new methods to the KeyProvider class:

          • public KeyVersion createKey(String name, Options options)
          • public KeyVersion rollNewVersion(String name)

          These methods are implemented in the KeyProvider class, they generate the key material and delegate to the corresponding version of the method that takes the key material.

          KeyProvider implementations that want to generate the key material on their own must override these methods. Also, they could implement the ones receiving the key materials as throwing UnsupportedException if the want take exclusive rights in generating key materials.

          The KeyShell has been modified to use the new methods.

          Show
          tucu00 Alejandro Abdelnur added a comment - Patch that adds 2 new methods to the KeyProvider class: public KeyVersion createKey(String name, Options options) public KeyVersion rollNewVersion(String name) These methods are implemented in the KeyProvider class, they generate the key material and delegate to the corresponding version of the method that takes the key material. KeyProvider implementations that want to generate the key material on their own must override these methods. Also, they could implement the ones receiving the key materials as throwing UnsupportedException if the want take exclusive rights in generating key materials. The KeyShell has been modified to use the new methods.
          Hide
          hadoopqa Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console

          This message is automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console This message is automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Alejandro Abdelnur] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not.

          I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination.

          What do you think?

          Show
          lmccay Larry McCay added a comment - Alejandro Abdelnur ] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not. I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination. What do you think?
          Hide
          tucu00 Alejandro Abdelnur added a comment -

          Larry McCay, agree 100%. The patch adds new methods, but it does not remove the old ones, both work, and the default impl of the new signature uses the old one. This means that if you have a custom provider already, it will work just fine and it will have the new functionality.

          Show
          tucu00 Alejandro Abdelnur added a comment - Larry McCay , agree 100%. The patch adds new methods, but it does not remove the old ones, both work, and the default impl of the new signature uses the old one. This means that if you have a custom provider already, it will work just fine and it will have the new functionality.
          Hide
          lmccay Larry McCay added a comment -

          Great. I was trying to read it without applying it.
          Sorry for the off base comments.

          I will have more time to apply and review in a few days.

          On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA)

          Show
          lmccay Larry McCay added a comment - Great. I was trying to read it without applying it. Sorry for the off base comments. I will have more time to apply and review in a few days. On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA)
          Hide
          atm Aaron T. Myers added a comment -

          +1, the latest patch looks good to me.

          Thanks, Tucu.

          Show
          atm Aaron T. Myers added a comment - +1, the latest patch looks good to me. Thanks, Tucu.
          Hide
          tucu00 Alejandro Abdelnur added a comment -

          Larry McCay, any further comments or we are good to go?

          Show
          tucu00 Alejandro Abdelnur added a comment - Larry McCay , any further comments or we are good to go?
          Hide
          benoyantony Benoy Antony added a comment -

          reviewed, +1.

          Show
          benoyantony Benoy Antony added a comment - reviewed, +1.
          Hide
          lmccay Larry McCay added a comment -

          +1 Alejandro Abdelnur] - thanks!

          Show
          lmccay Larry McCay added a comment - +1 Alejandro Abdelnur ] - thanks!
          Hide
          tucu00 Alejandro Abdelnur added a comment -

          committed to trunk

          Show
          tucu00 Alejandro Abdelnur added a comment - committed to trunk
          Hide
          hudson Hudson added a comment -

          SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5481/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          hudson Hudson added a comment - SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5481/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/535/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/535/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java

            People

            • Assignee:
              tucu00 Alejandro Abdelnur
              Reporter:
              tucu00 Alejandro Abdelnur
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development