diff --git a/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java b/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java index a2e0abd..ae6f542 100644 --- a/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java +++ b/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.crypto.CipherSuite; import org.apache.hadoop.crypto.key.KeyProvider; import org.apache.hadoop.crypto.key.KeyProvider.Options; import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension; @@ -1241,6 +1242,14 @@ public boolean arePathsOnSameEncryptionZone(Path path1, Path path2, ((HdfsEncryptionShim)encryptionShim2).hdfsAdmin.getEncryptionZoneForPath(path2)); } + /** + * Compares two encryption key strengths. + * + * @param path1 First path to compare + * @param path2 Second path to compare + * @return 1 if path1 is stronger; 0 if paths are equals; -1 if path1 is weaker. + * @throws IOException If an error occurred attempting to get key metadata + */ @Override public int comparePathKeyStrength(Path path1, Path path2) throws IOException { EncryptionZone zone1, zone2; @@ -1256,7 +1265,7 @@ public int comparePathKeyStrength(Path path1, Path path2) throws IOException { return 1; } - return compareKeyStrength(zone1.getKeyName(), zone2.getKeyName()); + return compareKeyStrength(zone1, zone2); } @Override @@ -1308,28 +1317,28 @@ private void checkKeyProvider() throws IOException { /** * Compares two encryption key strengths. * - * @param keyname1 Keyname to compare - * @param keyname2 Keyname to compare - * @return 1 if path1 is stronger; 0 if paths are equals; -1 if path1 is weaker. + * @param zone1 First EncryptionZone to compare + * @param zone2 Second EncryptionZone to compare + * @return 1 if zone1 is stronger; 0 if zones are equal; -1 if zone1 is weaker. * @throws IOException If an error occurred attempting to get key metadata */ - private int compareKeyStrength(String keyname1, String keyname2) throws IOException { - KeyProvider.Metadata meta1, meta2; + private int compareKeyStrength(EncryptionZone zone1, EncryptionZone zone2) throws IOException { - if (keyProvider == null) { - throw new IOException("HDFS security key provider is not configured on your server."); - } + // zone1, zone2 should already have been checked for nulls. + assert zone1 != null && zone2 != null : "Neither EncryptionZone under comparison can be null."; - meta1 = keyProvider.getMetadata(keyname1); - meta2 = keyProvider.getMetadata(keyname2); + CipherSuite suite1 = zone1.getSuite(); + CipherSuite suite2 = zone2.getSuite(); - if (meta1.getBitLength() < meta2.getBitLength()) { - return -1; - } else if (meta1.getBitLength() == meta2.getBitLength()) { + if (suite1 == null && suite2 == null) { return 0; - } else { + } else if (suite1 == null) { + return -1; + } else if (suite2 == null) { return 1; } + + return Integer.compare(suite1.getAlgorithmBlockSize(), suite2.getAlgorithmBlockSize()); } }