org.apache.hadoop.hbase.io.crypto
Class KeyStoreKeyProvider

java.lang.Object
  org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider

All Implemented Interfaces:

KeyProvider

@InterfaceAudience.Public
@InterfaceStability.Unstable
public class KeyStoreKeyProvider
extends Object
implements KeyProvider

A basic KeyProvider that can resolve keys from a protected KeyStore file on the local filesystem. It is configured with a URI passed in as a String to init(). The URI should have the form:

    scheme://path?option1=value1&option2=value2

scheme can be either "jks" or "jceks", specifying the file based providers shipped with every JRE. The latter is the certificate store for the SunJCE cryptography extension, or PKCS #12, and is capable of storing SecretKeys.

path is the location of the keystore in the filesystem namespace.

Options can be specified as query parameters.

If the store was created with a password, the password can be specified using the option 'password'.

For example:

    jceks:///var/tmp/example.ks?password=foobar

It is assumed that all keys in the store are protected with the same password.

Alternatively, a properties file can be specified containing passwords for keys in the keystore.

    jceks:///var/tmp/example.ks?passwordFile=/var/tmp/example.pw

Subclasses for supporting KeyStores that are not file based can extend the protected methods of this class to specify the appropriate LoadStoreParameters.

Field Summary

protected char[]	password
protected Properties	passwordFile
protected KeyStore	store

Fields inherited from interface org.apache.hadoop.hbase.io.crypto.KeyProvider

PASSWORD, PASSWORDFILE

Constructor Summary

KeyStoreKeyProvider()

Method Summary

protected char[]	getAliasPassword(String alias)
Key	getKey(String alias) Retrieve the key for a given key aliase
Key[]	getKeys(String[] aliases) Retrieve keys for a given set of key aliases
void	init(String params) Initialize the key provider
protected void	load(URI uri)
protected void	processParameter(String name, String value)
protected void	processParameters(URI uri)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

store

protected KeyStore store

password

protected char[] password

passwordFile

protected Properties passwordFile

Constructor Detail

KeyStoreKeyProvider

public KeyStoreKeyProvider()

Method Detail

processParameter

protected void processParameter(String name,
                                String value)
                         throws IOException

Throws:

IOException

processParameters

protected void processParameters(URI uri)
                          throws IOException

Throws:

IOException

load

protected void load(URI uri)
             throws IOException

Throws:

IOException

init

public void init(String params)

Description copied from interface: KeyProvider

Initialize the key provider

Specified by:

init in interface KeyProvider

getAliasPassword

protected char[] getAliasPassword(String alias)

getKey

public Key getKey(String alias)

Description copied from interface: KeyProvider

Retrieve the key for a given key aliase

Specified by:

getKey in interface KeyProvider

Returns:

the keys corresponding to the supplied alias, or null if a key is not found

getKeys

public Key[] getKeys(String[] aliases)

Description copied from interface: KeyProvider

Retrieve keys for a given set of key aliases

Specified by:

getKeys in interface KeyProvider

Parameters:

aliases - an array of aliases

Returns:

an array of keys corresponding to the supplied aliases, an entry will be null if a key is not found