This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 50d8f2f RANGER-2537 : Ranger KMS having wrong bit length and version
in DB after after export / import within keystore file
50d8f2f is described below
commit 50d8f2fa8ce564cea522c95b97a17421edb7fcd9
Author: Dhaval B. Shah <dhavalshah9...@gmail.com>
AuthorDate: Tue Oct 15 16:39:47 2019 +0530
RANGER-2537 : Ranger KMS having wrong bit length and version in DB after
after export / import within keystore file
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../apache/hadoop/crypto/key/RangerKeyStore.java | 74 ++++++++++++++++------
.../hadoop/crypto/key/RangerKeyStoreProvider.java | 2 +-
2 files changed, 57 insertions(+), 19 deletions(-)
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
index f3d7c20..b9e7cb2 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
@@ -750,8 +750,7 @@ public class RangerKeyStore extends KeyStoreSpi {
Metadata metadata =
(Metadata) f.get(keyMetadata);
entry.bit_length =
metadata.getBitLength();
entry.cipher_field =
metadata.getAlgorithm();
- entry.version =
(alias.split("@").length == 2) ? (Integer
-
.parseInt(alias.split("@")[1])) : 0;
+ entry.version =
metadata.getVersions();
Constructor<RangerKeyStoreProvider.KeyMetadata> constructor =
RangerKeyStoreProvider.KeyMetadata.class
.getDeclaredConstructor(Metadata.class);
constructor.setAccessible(true);
@@ -761,17 +760,43 @@ public class RangerKeyStore extends KeyStoreSpi {
secretKey = new
SecretKeySpec(k.getEncoded(),
getAlgorithm(metadata.getAlgorithm()));
} else if (k instanceof
KeyByteMetadata) {
- Metadata m =
((KeyByteMetadata) k).metadata;
- byte[] encodedKey =
((KeyByteMetadata) k)
-
.getEncoded();
- entry.cipher_field =
m.getCipher();
- entry.version =
m.getVersions();
- entry.bit_length =
m.getBitLength();
- if (encodedKey != null
&& encodedKey.length > 0) {
- secretKey = new
SecretKeySpec(encodedKey,
-
m.getAlgorithm());
+ Metadata metadata =
((KeyByteMetadata) k).metadata;
+ entry.cipher_field =
metadata.getCipher();
+ entry.version =
metadata.getVersions();
+ entry.bit_length =
metadata.getBitLength();
+ if (k.getEncoded() !=
null && k.getEncoded().length > 0) {
+ secretKey = new
SecretKeySpec(k.getEncoded(),
+
getAlgorithm(metadata.getAlgorithm()));
+ } else {
+ KeyGenerator
keyGenerator = KeyGenerator
+
.getInstance(getAlgorithm(metadata.getCipher()));
+
keyGenerator.init(metadata.getBitLength());
+ byte[] keyByte
= keyGenerator.generateKey().getEncoded();
+ secretKey = new
SecretKeySpec(keyByte,
+
getAlgorithm(metadata.getCipher()));
}
- } else {
+ } else if (k instanceof
KeyMetadata) {
+ Metadata metadata =
((KeyMetadata) k).metadata;
+ entry.bit_length =
metadata.getBitLength();
+ entry.cipher_field =
metadata.getCipher();
+ entry.version =
metadata.getVersions();
+
+ if (k.getEncoded() !=
null
+ &&
k.getEncoded().length > 0) {
+ secretKey = new
SecretKeySpec(k.getEncoded(),
+
getAlgorithm(metadata.getAlgorithm()));
+ } else {
+ KeyGenerator
keyGenerator = KeyGenerator
+
.getInstance(getAlgorithm(metadata
+
.getCipher()));
+
keyGenerator.init(metadata.getBitLength());
+ byte[] keyByte
= keyGenerator.generateKey()
+
.getEncoded();
+ secretKey = new
SecretKeySpec(keyByte,
+
getAlgorithm(metadata.getCipher()));
+ }
+
+ }else {
entry.bit_length =
(k.getEncoded().length * NUMBER_OF_BITS_PER_BYTE);
entry.cipher_field =
k.getAlgorithm();
if
(alias.split("@").length == 2) {
@@ -797,7 +822,7 @@ public class RangerKeyStore extends KeyStoreSpi {
+ ks.getType();
deltaEntries.put(alias, entry);
}
- } catch (Exception t) {
+ } catch (Throwable t) {
logger.error("Unable to load keystore
file ", t);
throw new IOException(t);
}
@@ -820,15 +845,23 @@ public class RangerKeyStore extends KeyStoreSpi {
Metadata metadata =
(Metadata) f.get(keyMetadata);
entry.bit_length =
metadata.getBitLength();
entry.cipher_field =
metadata.getAlgorithm();
+ entry.version =
metadata.getVersions();
Constructor<RangerKeyStoreProvider.KeyMetadata> constructor =
RangerKeyStoreProvider.KeyMetadata.class
.getDeclaredConstructor(Metadata.class);
constructor.setAccessible(true);
RangerKeyStoreProvider.KeyMetadata nk = constructor
.newInstance(metadata);
k = nk;
+ } else if (k instanceof
KeyMetadata) {
+ Metadata metadata =
((KeyMetadata) k).metadata;
+ entry.bit_length =
metadata.getBitLength();
+ entry.cipher_field =
metadata.getCipher();
+ entry.version =
metadata.getVersions();
} else {
entry.bit_length =
(k.getEncoded().length * NUMBER_OF_BITS_PER_BYTE);
entry.cipher_field =
k.getAlgorithm();
+ entry.version =
(alias.split("@").length == 2) ? (Integer
+
.parseInt(alias.split("@")[1]) + 1) : 1;
}
String keyName =
alias.split("@")[0];
validateKeyName(keyName);
@@ -857,8 +890,6 @@ public class RangerKeyStore extends KeyStoreSpi {
}
entry.date =
ks.getCreationDate(alias);
- entry.version =
(alias.split("@").length == 2) ? (Integer
-
.parseInt(alias.split("@")[1])) : 0;
entry.description =
k.getFormat() + " - "
+ ks.getType();
deltaEntries.put(alias, entry);
@@ -892,9 +923,16 @@ public class RangerKeyStore extends KeyStoreSpi {
alias = e.nextElement();
if(azureKeyVaultEnabled){
key = engineGetDecryptedZoneKey(alias);
- }else{
- key = engineGetKey(alias, masterKey);
- }
+ } else {
+ key =
engineGetKey(alias, masterKey);
+ if (key instanceof
KeyMetadata) {
+ Metadata meta =
((KeyMetadata) key).metadata;
+ if (meta !=
null) {
+ key =
new KeyMetadata(meta);
+ }
+ }
+
+ }
ks.setKeyEntry(alias, key, keyPass, null);
}
diff --git
a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
index 1792bc4..7473871 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
@@ -672,7 +672,7 @@ public class RangerKeyStoreProvider extends KeyProvider {
Metadata metadata;
private final static long serialVersionUID =
8405872419967874451L;
- private KeyMetadata(Metadata meta) {
+ protected KeyMetadata(Metadata meta) {
this.metadata = meta;
}
