Package org.apache.orc.impl

Interface KeyProvider

public interface KeyProvider
A source of crypto keys. This is usually backed by a Ranger KMS.

  • Method Details

    • getKeyNames

      List<String> getKeyNames() throws IOException
      Get the list of key names from the key provider.
      Returns:
      a list of key names
      Throws:
      IOException

    • getCurrentKeyVersion

      HadoopShims.KeyMetadata getCurrentKeyVersion(String keyName) throws IOException
      Get the current metadata for a given key. This is used when encrypting new data.
      Parameters:
      keyName - the name of a key
      Returns:
      metadata for the current version of the key
      Throws:
      IllegalArgumentException - if the key is unknown
      IOException

    • createLocalKey

      LocalKey createLocalKey(HadoopShims.KeyMetadata key) throws IOException
      Create a local key for the given key version. This local key will be randomly generated and encrypted with the given version of the master key. The encryption and decryption is done with the local key and the user process never has access to the master key, because it stays on the Ranger KMS.
      Parameters:
      key - the master key version
      Returns:
      the local key's material both encrypted and unencrypted
      Throws:
      IOException

    • decryptLocalKey

      Key decryptLocalKey(HadoopShims.KeyMetadata key, byte[] encryptedKey) throws IOException
      Decrypt a local key for reading a file.
      Parameters:
      key - the master key version
      encryptedKey - the encrypted key
      Returns:
      the decrypted local key's material or null if the key is not available
      Throws:
      IOException

    • getKind

      HadoopShims.KeyProviderKind getKind()
      Get the kind of this provider.