@Override
public void deleteKey(String keyName) throws IOException {
checkKeyProvider();
if (keyProvider.getMetadata(keyName) != null) {
keyProvider.deleteKey(keyName);
keyProvider.flush();
} else {
throw new IOException("key '" + keyName + "' does not exist.");
}
}
@Override
public void createKey(String keyName, int bitLength)
throws IOException, NoSuchAlgorithmException {
checkKeyProvider();
if (keyProvider.getMetadata(keyName) == null) {
final KeyProvider.Options options = new Options(this.conf);
options.setCipher(HDFS_SECURITY_DEFAULT_CIPHER);
options.setBitLength(bitLength);
keyProvider.createKey(keyName, options);
keyProvider.flush();
} else {
throw new IOException("key '" + keyName + "' already exists");
}
}
/**
* Compares two encryption key strengths.
*
* @param keyname1 Keyname to compare
* @param keyname2 Keyname to compare
* @return 1 if path1 is stronger; 0 if paths are equals; -1 if path1 is weaker.
* @throws IOException If an error occurred attempting to get key metadata
*/
private int compareKeyStrength(String keyname1, String keyname2) throws IOException {
KeyProvider.Metadata meta1, meta2;
if (keyProvider == null) {
throw new IOException("HDFS security key provider is not configured on your server.");
}
meta1 = keyProvider.getMetadata(keyname1);
meta2 = keyProvider.getMetadata(keyname2);
if (meta1.getBitLength() < meta2.getBitLength()) {
return -1;
} else if (meta1.getBitLength() == meta2.getBitLength()) {
return 0;
} else {
return 1;
}
}
@Override
public List<String> getKeys() throws IOException {
checkKeyProvider();
return keyProvider.getKeys();
}