abstractdog commented on code in PR #7827:
URL: https://github.com/apache/hadoop/pull/7827#discussion_r2228243815
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManagerConfig.java:
##########
@@ -0,0 +1,123 @@
+
+package org.apache.hadoop.security.token;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * Provides configuration and utility methods for managing cryptographic key
generation
+ * and message authentication code (MAC) generation using specified algorithms
and key lengths.
+ * <p>
+ * This class supports static access to the selected cryptographic algorithm
and key length,
+ * and provides methods to create configured {@link javax.crypto.KeyGenerator}
and {@link javax.crypto.Mac} instances.
+ * The configuration is initialized statically from a provided {@link
Configuration} object.
+ * <p>
+ * The {@link SecretManager} has some static method, so static configuration
is required
+ */
+public class SecretManagerConfig {
+ private static final Logger LOG =
LoggerFactory.getLogger(SecretManagerConfig.class);
+ private static String SELECTED_ALGORITHM;
+ private static int SELECTED_LENGTH;
+
+ static {
+ update(new Configuration());
+ }
+
+ /**
+ * Updates the selected cryptographic algorithm and key length using the
provided
+ * Hadoop {@link Configuration}. This method reads the values for
+ * {@code HADOOP_SECURITY_SECRET_MANAGER_KEY_GENERATOR_ALGORITHM_KEY} and
+ * {@code HADOOP_SECURITY_SECRET_MANAGER_KEY_LENGTH_KEY}, or uses default
values if not set.
+ *
+ * @param conf the configuration object containing cryptographic settings
+ */
+ public static void update(Configuration conf) {
Review Comment:
while this method is crucial for Tez as explained on
[HADOOP-19639](https://issues.apache.org/jira/browse/HADOOP-19639), it might
also bring confusion, which is due to the fact that we try to lazy init static
things, so scenario I'm worried about a wrong usage:
1. keyGen is initialized by createKeyGenerator
2. update is called
3. update is not effective as the keyGen is already initialized
need to make this more robust by giving a warning or even throwing an
exception if the update(Configuration) is called after initialization, making
the user aware that the settings won't be applied
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
