[ https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050923#comment-14050923 ]
Alejandro Abdelnur commented on HADOOP-10719: --------------------------------------------- The extensions classes are ligthweigth classes and in some cases will be implemented by the keyprovider itself, so I wouldn't worry about the caching thing. Some additional feedback on the patch: KeyProviderCryptoExtension.Factory, I think could get rid of the factory inner class and simply have a static method: {code} public static KeyProviderCryptoExtension getCryptoExtension( KeyProvider keyProvider, Configuration conf) { if (keyProvider instanceof CryptoExtension) { return new KeyProviderCryptoExtension(keyProvider, (CryptoExtension) keyProvider); } else { return new KeyProviderCryptoExtension(keyProvider, new DefaultCryptoExtension(keyProvider, conf)); } } {code} Also, we should maybe get rid of the Configuration param and have KeyProvider to have a getConf() method and us that one to crate the DefaultCryptoExtension. KeyProviderCryptoExtension.DefaultCryptoExtension should be a private class. KeyProviderCryptoExtension.DefaultCryptoExtension#generateEncryptedKey() should be using Cipher instead of CryptoCodec in trunk, in fs-encryption we should change it, both here and in decryptEncryptedKey() to use CryptoCodec. > Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider > ----------------------------------------------------------------------- > > Key: HADOOP-10719 > URL: https://issues.apache.org/jira/browse/HADOOP-10719 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Arun Suresh > Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, > HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, > HADOOP-10719.patch, HADOOP-10719.patch > > > This is a follow up on > [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044] > KeyProvider API should have 2 new methods: > * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv) > * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion > encryptedKey) > The implementation would do a known transformation on the IV (i.e.: xor with > 0xff the original IV). -- This message was sent by Atlassian JIRA (v6.2#6252)