Hadoop Common
  1. Hadoop Common
  2. HADOOP-10429

KeyStores should have methods to generate the materials themselves, KeyShell should use them

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently, the KeyProvider API expects the caller to provide the key materials. And, the KeyShell generates key materials.

      For security reasons, KeyProvider implementations may want to generate and hide (from the user generating the key) the key materials.

      1. HADOOP-10429.patch
        10 kB
        Alejandro Abdelnur

        Issue Links

          Activity

          Hide
          Alejandro Abdelnur added a comment -

          Patch that adds 2 new methods to the KeyProvider class:

          • public KeyVersion createKey(String name, Options options)
          • public KeyVersion rollNewVersion(String name)

          These methods are implemented in the KeyProvider class, they generate the key material and delegate to the corresponding version of the method that takes the key material.

          KeyProvider implementations that want to generate the key material on their own must override these methods. Also, they could implement the ones receiving the key materials as throwing UnsupportedException if the want take exclusive rights in generating key materials.

          The KeyShell has been modified to use the new methods.

          Show
          Alejandro Abdelnur added a comment - Patch that adds 2 new methods to the KeyProvider class: public KeyVersion createKey(String name, Options options) public KeyVersion rollNewVersion(String name) These methods are implemented in the KeyProvider class, they generate the key material and delegate to the corresponding version of the method that takes the key material. KeyProvider implementations that want to generate the key material on their own must override these methods. Also, they could implement the ones receiving the key materials as throwing UnsupportedException if the want take exclusive rights in generating key materials. The KeyShell has been modified to use the new methods.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console This message is automatically generated.
          Hide
          Larry McCay added a comment -

          Alejandro Abdelnur] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not.

          I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination.

          What do you think?

          Show
          Larry McCay added a comment - Alejandro Abdelnur ] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not. I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination. What do you think?
          Hide
          Alejandro Abdelnur added a comment -

          Larry McCay, agree 100%. The patch adds new methods, but it does not remove the old ones, both work, and the default impl of the new signature uses the old one. This means that if you have a custom provider already, it will work just fine and it will have the new functionality.

          Show
          Alejandro Abdelnur added a comment - Larry McCay , agree 100%. The patch adds new methods, but it does not remove the old ones, both work, and the default impl of the new signature uses the old one. This means that if you have a custom provider already, it will work just fine and it will have the new functionality.
          Hide
          Larry McCay added a comment -

          Great. I was trying to read it without applying it.
          Sorry for the off base comments.

          I will have more time to apply and review in a few days.

          On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA)

          Show
          Larry McCay added a comment - Great. I was trying to read it without applying it. Sorry for the off base comments. I will have more time to apply and review in a few days. On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA)
          Hide
          Aaron T. Myers added a comment -

          +1, the latest patch looks good to me.

          Thanks, Tucu.

          Show
          Aaron T. Myers added a comment - +1, the latest patch looks good to me. Thanks, Tucu.
          Hide
          Alejandro Abdelnur added a comment -

          Larry McCay, any further comments or we are good to go?

          Show
          Alejandro Abdelnur added a comment - Larry McCay , any further comments or we are good to go?
          Hide
          Benoy Antony added a comment -

          reviewed, +1.

          Show
          Benoy Antony added a comment - reviewed, +1.
          Hide
          Larry McCay added a comment -

          +1 Alejandro Abdelnur] - thanks!

          Show
          Larry McCay added a comment - +1 Alejandro Abdelnur ] - thanks!
          Hide
          Alejandro Abdelnur added a comment -

          committed to trunk

          Show
          Alejandro Abdelnur added a comment - committed to trunk
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5481/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          Hudson added a comment - SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5481/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/535/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/535/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/)
          HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/ ) HADOOP-10429 . KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java

            People

            • Assignee:
              Alejandro Abdelnur
              Reporter:
              Alejandro Abdelnur
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development