@InterfaceAudience.Public @InterfaceStability.Unstable public abstract class KeyProvider extends Object implements Closeable
KeyProvider
implementations must be thread safe.
Modifier and Type | Class and Description |
---|---|
static class |
KeyProvider.KeyVersion
The combination of both the key version name and the key material.
|
static class |
KeyProvider.Metadata
Key metadata that is associated with the key.
|
static class |
KeyProvider.Options
Options when creating key objects.
|
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_BITLENGTH |
static String |
DEFAULT_BITLENGTH_NAME |
static String |
DEFAULT_CIPHER |
static String |
DEFAULT_CIPHER_NAME |
static String |
JCEKS_KEY_SERIAL_FILTER |
static String |
JCEKS_KEY_SERIALFILTER_DEFAULT |
Constructor and Description |
---|
KeyProvider(Configuration conf)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected static String |
buildVersionName(String name,
int version)
Build a version string from a basename and version number.
|
void |
close()
Can be used by implementing classes to close any resources
that require closing
|
abstract KeyProvider.KeyVersion |
createKey(String name,
byte[] material,
KeyProvider.Options options)
Create a new key.
|
KeyProvider.KeyVersion |
createKey(String name,
KeyProvider.Options options)
Create a new key generating the material for it.
|
abstract void |
deleteKey(String name)
Delete the given key.
|
static KeyProvider |
findProvider(List<KeyProvider> providerList,
String keyName)
Find the provider with the given key.
|
abstract void |
flush()
Ensures that any changes to the keys are written to persistent store.
|
protected byte[] |
generateKey(int size,
String algorithm)
Generates a key material.
|
static String |
getBaseName(String versionName)
Split the versionName in to a base name.
|
Configuration |
getConf()
Return the provider configuration.
|
KeyProvider.KeyVersion |
getCurrentKey(String name)
Get the current version of the key, which should be used for encrypting new
data.
|
abstract List<String> |
getKeys()
Get the key names for all keys.
|
KeyProvider.Metadata[] |
getKeysMetadata(String... names)
Get key metadata in bulk.
|
abstract KeyProvider.KeyVersion |
getKeyVersion(String versionName)
Get the key material for a specific version of the key.
|
abstract List<KeyProvider.KeyVersion> |
getKeyVersions(String name)
Get the key material for all versions of a specific key name.
|
abstract KeyProvider.Metadata |
getMetadata(String name)
Get metadata about the key.
|
void |
invalidateCache(String name)
Can be used by implementing classes to invalidate the caches.
|
boolean |
isTransient()
Indicates whether this provider represents a store
that is intended for transient use - such as the UserProvider
is.
|
boolean |
needsPassword()
Does this provider require a password? This means that a password is
required for normal operation, and it has not been found through normal
means.
|
String |
noPasswordError()
If a password for the provider is needed, but is not provided, this will
return an error message and instructions for supplying said password to
the provider.
|
String |
noPasswordWarning()
If a password for the provider is needed, but is not provided, this will
return a warning and instructions for supplying said password to the
provider.
|
static KeyProvider.Options |
options(Configuration conf)
A helper function to create an options object.
|
KeyProvider.KeyVersion |
rollNewVersion(String name)
Roll a new version of the given key generating the material for it.
|
abstract KeyProvider.KeyVersion |
rollNewVersion(String name,
byte[] material)
Roll a new version of the given key.
|
public static final String DEFAULT_CIPHER_NAME
public static final String DEFAULT_CIPHER
public static final String DEFAULT_BITLENGTH_NAME
public static final int DEFAULT_BITLENGTH
public static final String JCEKS_KEY_SERIALFILTER_DEFAULT
public static final String JCEKS_KEY_SERIAL_FILTER
public KeyProvider(Configuration conf)
conf
- configuration for the providerpublic Configuration getConf()
public static KeyProvider.Options options(Configuration conf)
conf
- the configuration to usepublic boolean isTransient()
public abstract KeyProvider.KeyVersion getKeyVersion(String versionName) throws IOException
versionName
- the name of a specific version of the keyIOException
public abstract List<String> getKeys() throws IOException
IOException
public KeyProvider.Metadata[] getKeysMetadata(String... names) throws IOException
names
- the names of the keys to getIOException
public abstract List<KeyProvider.KeyVersion> getKeyVersions(String name) throws IOException
IOException
public KeyProvider.KeyVersion getCurrentKey(String name) throws IOException
name
- the base name of the keyIOException
public abstract KeyProvider.Metadata getMetadata(String name) throws IOException
name
- the basename of the keyIOException
public abstract KeyProvider.KeyVersion createKey(String name, byte[] material, KeyProvider.Options options) throws IOException
name
- the base name of the keymaterial
- the key material for the first version of the key.options
- the options for the new key.IOException
protected byte[] generateKey(int size, String algorithm) throws NoSuchAlgorithmException
size
- length of the key.algorithm
- algorithm to use for generating the key.NoSuchAlgorithmException
public KeyProvider.KeyVersion createKey(String name, KeyProvider.Options options) throws NoSuchAlgorithmException, IOException
This implementation generates the key material and calls the
createKey(String, byte[], Options)
method.
name
- the base name of the keyoptions
- the options for the new key.IOException
NoSuchAlgorithmException
public abstract void deleteKey(String name) throws IOException
name
- the name of the key to deleteIOException
public abstract KeyProvider.KeyVersion rollNewVersion(String name, byte[] material) throws IOException
name
- the basename of the keymaterial
- the new key materialIOException
public void close() throws IOException
close
in interface Closeable
close
in interface AutoCloseable
IOException
public KeyProvider.KeyVersion rollNewVersion(String name) throws NoSuchAlgorithmException, IOException
This implementation generates the key material and calls the
rollNewVersion(String, byte[])
method.
name
- the basename of the keyIOException
NoSuchAlgorithmException
public void invalidateCache(String name) throws IOException
name
- the basename of the keyIOException
public abstract void flush() throws IOException
IOException
public static String getBaseName(String versionName) throws IOException
versionName
- the version name to splitIOException
protected static String buildVersionName(String name, int version)
name
- the basename of the keyversion
- the version of the keypublic static KeyProvider findProvider(List<KeyProvider> providerList, String keyName) throws IOException
providerList
- the list of providerskeyName
- the key name we are looking forIOException
public boolean needsPassword() throws IOException
IOException
public String noPasswordWarning()
public String noPasswordError()
Copyright © 2008–2022 Apache Software Foundation. All rights reserved.