[jira] [Updated] (HADOOP-10853) Refactor get instance of CryptoCodec and support create via algorithm/mode/padding.

[Yi Liu (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-10853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yi Liu updated HADOOP-10853:
----------------------------

    Attachment: HADOOP-10853.004.patch

Thanks [~umamaheswararao] for your review. Update the patch for your comments.
{quote}
Also now we are dealing with multiple claases configured. So do we need to make 
this configuration as HADOOP_SECURITY_CRYPTO_CODEC_CLASSES_KEY_PREFIX?
{quote}
Right, use CLASSES is better, even other codec classes are fallback.

{quote}
But where do we mention that user can change the suffix to required 
algorithm/mode/padding to which it supports?
{quote}
OK. I found an example for hdfs ha namenodes, and let’s handle it in same way 
in core-default.xml. Furthermore, we will add more detail in user doc of 
fs-encryption.
{code}
<property>
 <name>hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITE</name>
  <value></value>
  <description>
    The prefix for a given crypto codec, contains a comma-separated
    list of implementation classes for a given crypto codec (eg 
EXAMPLECIPHERSUITE).
    The first implementation will be used if available, others are fallbacks.
  </description>
</property>
{code}

> Refactor get instance of CryptoCodec and support create via 
> algorithm/mode/padding.
> -----------------------------------------------------------------------------------
>
>                 Key: HADOOP-10853
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10853
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-10853.001.patch, HADOOP-10853.002.patch, 
> HADOOP-10853.003.patch, HADOOP-10853.004.patch
>
>
> We should be able to create instance of *CryptoCodec*:
> * via codec class name. (Applications may have config for different crypto 
> codecs)
> * via algorithm/mode/padding. (For automatically decryption, we need to find 
> correct crypto codec and proper implementation)
> * a default crypto codec through specific config. 
> This JIRA is for
> * Create instance through cipher suite(algorithm/mode/padding)
> * Refactor create instance of {{CryptoCodec}} into {{CryptoCodecFactory}}
> We need to get all crypto codecs in system, this can be done via a Java 
> ServiceLoader + hadoop.security.crypto.codecs config.



--
This message was sent by Atlassian JIRA
(v6.2#6252)