This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.5 by this push:
new 112917b2d RANGER-3927-Avoid generating MK if it already exists
112917b2d is described below
commit 112917b2d8c4fa4d2eec2eb9455a3ace743cf7f8
Author: Vikas Kumar <[email protected]>
AuthorDate: Wed Nov 29 17:36:49 2023 +0530
RANGER-3927-Avoid generating MK if it already exists
(cherry picked from commit 626deedfdfeb3dd3f6af5ece2d0465611cadce35)
---
.../apache/hadoop/crypto/key/RangerMasterKey.java | 82 ++++++++++++++++------
1 file changed, 61 insertions(+), 21 deletions(-)
diff --git
a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
index ccf86860a..effc38de8 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
@@ -202,16 +202,25 @@ public class RangerMasterKey implements RangerKMSMKI {
logger.debug("==> RangerMasterKey.generateMasterKey()");
}
logger.info("Generating Master Key...");
+
init();
- String encryptedMasterKey = encryptMasterKey(password);
- String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
- if (savedKey != null && !savedKey.trim().equals("")) {
+ if( ! checkMKExistence(this.masterKeyDao)) {
+ logger.info("Master Key doesn't exist in DB, Generating the Master
Key");
+ String encryptedMasterKey = encryptMasterKey(password);
+ String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
+ if (savedKey != null && !savedKey.trim().equals("")) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Master Key Created with id = " + savedKey);
+ logger.debug("<== RangerMasterKey.generateMasterKey()");
+ }
+ return true;
+ }
+ } else {
if (logger.isDebugEnabled()) {
- logger.debug("Master Key Created with id = " + savedKey);
- logger.debug("<== RangerMasterKey.generateMasterKey()");
+ logger.debug("Ranger Master Key already exists in the DB,
returning.");
}
- return true;
}
+
if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMasterKey()");
}
@@ -222,15 +231,24 @@ public class RangerMasterKey implements RangerKMSMKI {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.generateMKFromHSMMK()");
}
+
init();
- String encryptedMasterKey = encryptMasterKey(password, key);
- String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
- if (savedKey != null && !savedKey.trim().equals("")) {
+ if( ! checkMKExistence(this.masterKeyDao)) {
+ logger.info("Master Key doesn't exist in DB, Generating the Master
Key");
+ String encryptedMasterKey = encryptMasterKey(password, key);
+ String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
+ if (savedKey != null && !savedKey.trim().equals("")) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Master Key Created with id = " + savedKey);
+ logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
+ }
+ }
+ } else {
if (logger.isDebugEnabled()) {
- logger.debug("Master Key Created with id = " + savedKey);
- logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
+ logger.debug("Ranger Master Key already exists in the DB,
returning.");
}
}
+
if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
}
@@ -286,12 +304,21 @@ public class RangerMasterKey implements RangerKMSMKI {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.generateMKFromKeySecureMK()");
}
+
init();
- String encryptedMasterKey = encryptMasterKey(password, key);
- String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
- if (savedKey != null && !savedKey.trim().equals("")) {
- logger.debug("Master Key Created with id = " + savedKey);
+ if( ! checkMKExistence(this.masterKeyDao)) {
+ logger.info("Master Key doesn't exist in DB, Generating the Master
Key");
+ String encryptedMasterKey = encryptMasterKey(password, key);
+ String savedKey = saveEncryptedMK(paddingString + "," +
encryptedMasterKey);
+ if (savedKey != null && !savedKey.trim().equals("")) {
+ logger.debug("Master Key Created with id = " + savedKey);
+ }
+ } else {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Ranger Master Key already exists in the DB,
returning.");
+ }
}
+
if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMKFromKeySecureMK()");
}
@@ -359,13 +386,11 @@ public class RangerMasterKey implements RangerKMSMKI {
xxRangerMasterKey.setMasterKey(encryptedMasterKey);
try {
if (masterKeyDao != null) {
- if (masterKeyDao.getAllCount() < 1) {
- XXRangerMasterKey rangerMasterKey =
masterKeyDao.create(xxRangerMasterKey);
- if (logger.isDebugEnabled()) {
- logger.debug("<== RangerMasterKey.saveEncryptedMK()");
- }
- return rangerMasterKey.getId().toString();
+ XXRangerMasterKey rangerMasterKey =
masterKeyDao.create(xxRangerMasterKey);
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== RangerMasterKey.saveEncryptedMK()");
}
+ return rangerMasterKey.getId().toString();
}
} catch (Exception e) {
logger.error("Error while saving master key in Database!!! ", e);
@@ -376,6 +401,21 @@ public class RangerMasterKey implements RangerKMSMKI {
return null;
}
+ /*
+ Returns:
+ true: if Master Key exists
+ fasle: If Master key doesn't exist.
+ */
+ private boolean checkMKExistence(RangerMasterKeyDao rangerMKDao)
+ {
+ boolean mkExists = false;
+
+ if (rangerMKDao != null) {
+ mkExists = rangerMKDao.getAllCount() < 1 ? false : true;
+ }
+ return mkExists;
+ }
+
private String encryptMasterKey(String password) throws Throwable {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.encryptMasterKey()");
