...
The secure store can be protected with a key in the CDAP master keystore, which CDAP already requires the user to provide in order to have SSL enabled. Since the program will be executed in the same JVM as the SDK process, accessing access to the sensitive data can be done directly through the proper Guice binding that binds the SecureStore interface to the actual implementation.
...
Hadoop KMS caches keys for a short period of time to avoid excessive hits to the underlying key provider. In the operations we are interested in, only 2 use the cache, get data, and get metadata.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
//Implementation needs to be thread safe
public class JavaSecureStoreProvider extends KeyProvider {
private JavaSecureStoreProvider(URI uri, Configuration conf) throws IOException {
//Get the file path for local storage
//Get the password for the secure store
//Load or create the store
}
//Since we are not supporting versioning, the KeyVersion will always be current
public KeyVersion getKeyVersion(String versionName) throws IOException {
}
//Lists all the keys that is accessible to this user.
public List<String> getKeys() throws IOException {
}
//Since we are not supporting versioning, thethis will only have onone item
public List<KeyVersion> getKeyVersions(String name) throws IOException{
}
public Metadata getMetadata(String name) throws IOException {
}
public KeyVersion createKey(String name, byte[] material, Options options) throws IOException {
}
public void deleteKey(String name) throws IOException {
}
//No-op for this version
public KeyVersion rollNewVersion(String name, byte[] material) throws IOException {
}
public void flush() throws IOException{
}
public static class Factory extends KeyProviderFactory {
@Override
public KeyProvider createProvider(URI providerName,
Configuration conf) throws IOException {
}
}
} |
...