This is an in-memory implementation of KeyProvider. The primary use of this class is for when the user doesn't have a Hadoop KMS running and wishes to use encryption. It is also useful for testing. The local keys for this class are encrypted/decrypted using the cipher in CBC/NoPaddin
| 55 | * This class is not thread safe. |
| 56 | */ |
| 57 | public class InMemoryKeystore implements KeyProvider { |
| 58 | /** |
| 59 | * Support AES 256 ? |
| 60 | */ |
| 61 | public static final boolean SUPPORTS_AES_256; |
| 62 | |
| 63 | static { |
| 64 | try { |
| 65 | SUPPORTS_AES_256 = Cipher.getMaxAllowedKeyLength("AES") >= 256; |
| 66 | } catch (final NoSuchAlgorithmException e) { |
| 67 | throw new IllegalArgumentException("Unknown algorithm", e); |
| 68 | } |
| 69 | } |
| 70 | |
| 71 | private final Random random; |
| 72 | |
| 73 | /** |
| 74 | * A map that stores the 'keyName@version' |
| 75 | * and 'metadata + material' mapping. |
| 76 | */ |
| 77 | private final TreeMap<String, KeyVersion> keys = new TreeMap<>(); |
| 78 | |
| 79 | /** |
| 80 | * A map from the keyName (without version) to the currentVersion. |
| 81 | */ |
| 82 | private final Map<String, Integer> currentVersion = new HashMap<>(); |
| 83 | |
| 84 | /** |
| 85 | * Create a new InMemoryKeystore. |
| 86 | */ |
| 87 | public InMemoryKeystore() { |
| 88 | this(new SecureRandom()); |
| 89 | } |
| 90 | |
| 91 | /** |
| 92 | * Create an InMemoryKeystore with the given random generator. |
| 93 | * Except for testing, this must be a SecureRandom. |
| 94 | */ |
| 95 | public InMemoryKeystore(Random random) { |
| 96 | this.random = random; |
| 97 | } |
| 98 | |
| 99 | /** |
| 100 | * Build a version string from a basename and version number. Converts |
| 101 | * "/aaa/bbb" and 3 to "/aaa/bbb@3". |
| 102 | * |
| 103 | * @param name the basename of the key |
| 104 | * @param version the version of the key |
| 105 | * @return the versionName of the key. |
| 106 | */ |
| 107 | private static String buildVersionName(final String name, |
| 108 | final int version) { |
| 109 | return name + "@" + version; |
| 110 | } |
| 111 | |
| 112 | /** |
| 113 | * Get the list of key names from the key provider. |
| 114 | * |
nothing calls this directly
no outgoing calls
no test coverage detected