hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-17169) Avoid extra call to KeyProvider::getMetadata()
Date Fri, 04 Aug 2017 18:22:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-17169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16114767#comment-16114767
] 

Owen O'Malley commented on HIVE-17169:
--------------------------------------

+1

Although I note that in general encryption block size is not the same as the key length. I
believe HDFS only currently supports AES128 and not AES256, so I don't think this is a big
issue currently. Clearly Hadoop's CipherSuite should also include a method for key length.


Block size: AES128 & AES256 = 128
Key size: AES128 = 128, AES256 = 256


> Avoid extra call to KeyProvider::getMetadata()
> ----------------------------------------------
>
>                 Key: HIVE-17169
>                 URL: https://issues.apache.org/jira/browse/HIVE-17169
>             Project: Hive
>          Issue Type: Bug
>          Components: Shims
>    Affects Versions: 3.0.0
>            Reporter: Mithun Radhakrishnan
>            Assignee: Mithun Radhakrishnan
>         Attachments: HIVE-17169.1.patch
>
>
> Here's the code from {{Hadoop23Shims}}:
> {code:title=Hadoop23Shims.java|borderStyle=solid}
>     @Override
>     public int comparePathKeyStrength(Path path1, Path path2) throws IOException {
>       EncryptionZone zone1, zone2;
>       zone1 = hdfsAdmin.getEncryptionZoneForPath(path1);
>       zone2 = hdfsAdmin.getEncryptionZoneForPath(path2);
>       if (zone1 == null && zone2 == null) {
>         return 0;
>       } else if (zone1 == null) {
>         return -1;
>       } else if (zone2 == null) {
>         return 1;
>       }
>       return compareKeyStrength(zone1.getKeyName(), zone2.getKeyName());
>     }
>     private int compareKeyStrength(String keyname1, String keyname2) throws IOException
{
>       KeyProvider.Metadata meta1, meta2;
>       if (keyProvider == null) {
>         throw new IOException("HDFS security key provider is not configured on your server.");
>       }
>       meta1 = keyProvider.getMetadata(keyname1);
>       meta2 = keyProvider.getMetadata(keyname2);
>       if (meta1.getBitLength() < meta2.getBitLength()) {
>         return -1;
>       } else if (meta1.getBitLength() == meta2.getBitLength()) {
>         return 0;
>       } else {
>         return 1;
>       }
>     }
>   }
> {code}
> It turns out that {{EncryptionZone}} already has the cipher's bit-length stored in a
member variable. One shouldn't need an additional name-node call ({{KeyProvider::getMetadata()}})
only to fetch it again.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message