[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13965244#comment-13965244
]
Hudson commented on HADOOP-10429:
-
FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See
[https://builds.apache.org/job/Hadoop-Yarn-trunk/535/])
HADOOP-10429. KeyStores should have methods to generate the materials
themselves, KeyShell should use them. (tucu) (tucu:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1586105)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 3.0.0
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13965349#comment-13965349
]
Hudson commented on HADOOP-10429:
-
FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/])
HADOOP-10429. KeyStores should have methods to generate the materials
themselves, KeyShell should use them. (tucu) (tucu:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1586105)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 3.0.0
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13965721#comment-13965721
]
Hudson commented on HADOOP-10429:
-
FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/])
HADOOP-10429. KeyStores should have methods to generate the materials
themselves, KeyShell should use them. (tucu) (tucu:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1586105)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 3.0.0
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13964619#comment-13964619
]
Hudson commented on HADOOP-10429:
-
SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/5481/])
HADOOP-10429. KeyStores should have methods to generate the materials
themselves, KeyShell should use them. (tucu) (tucu:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1586105)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Fix For: 3.0.0
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13960441#comment-13960441
]
Alejandro Abdelnur commented on HADOOP-10429:
-
[~lmccay], any further comments or we are good to go?
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13960487#comment-13960487
]
Benoy Antony commented on HADOOP-10429:
---
reviewed, +1.
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13960545#comment-13960545
]
Larry McCay commented on HADOOP-10429:
--
+1 [~tucu00]] - thanks!
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13958304#comment-13958304
]
Aaron T. Myers commented on HADOOP-10429:
-
+1, the latest patch looks good to me.
Thanks, Tucu.
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13947774#comment-13947774
]
Larry McCay commented on HADOOP-10429:
--
Great. I was trying to read it without applying it.
Sorry for the off base comments.
I will have more time to apply and review in a few days.
On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA)
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13946309#comment-13946309
]
Hadoop QA commented on HADOOP-10429:
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-common.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console
This message is automatically generated.
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13947418#comment-13947418
]
Larry McCay commented on HADOOP-10429:
--
[~tucu00]] - I had given this some thought in the past as well. I think that it
is fine to add this but I don't know that we should remove the ability for the
consumer to use an arbitrary source for keying material. I would imagine a
perhaps adding a separate switch to indicate that you want to delegate it to
the provider or not.
I can imagine a usecase where a specialized hardware key generator is used but
you want to store it in a java keystore. You shouldn't necessarily have to
write a new provider for that combination.
What do you think?
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[
https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13947572#comment-13947572
]
Alejandro Abdelnur commented on HADOOP-10429:
-
[~lmccay], agree 100%. The patch adds new methods, but it does not remove the
old ones, both work, and the default impl of the new signature uses the old
one. This means that if you have a custom provider already, it will work just
fine and it will have the new functionality.
KeyStores should have methods to generate the materials themselves, KeyShell
should use them
Key: HADOOP-10429
URL: https://issues.apache.org/jira/browse/HADOOP-10429
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Attachments: HADOOP-10429.patch
Currently, the {{KeyProvider}} API expects the caller to provide the key
materials. And, the {{KeyShell}} generates key materials.
For security reasons, {{KeyProvider}} implementations may want to generate
and hide (from the user generating the key) the key materials.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
