Skip to content

Commit

Permalink
RANGER-3927-Avoid generating MK if it already exists
Browse files Browse the repository at this point in the history
  • Loading branch information
@vikaskr22 @dhavalshah9131
vikaskr22 authored and dhavalshah9131 committed Jun 20, 2024
1 parent b3b5ece commit 626deed
Showing 1 changed file with 61 additions and 21 deletions.
82 changes: 61 additions & 21 deletions kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,16 +195,25 @@ public boolean generateMasterKey(String password) throws Throwable {
logger.debug("==> RangerMasterKey.generateMasterKey()");
}
logger.info("Generating Master Key...");

init();
String encryptedMasterKey = encryptMasterKey(password);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
if( ! checkMKExistence(this.masterKeyDao)) {
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
String encryptedMasterKey = encryptMasterKey(password);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
if (logger.isDebugEnabled()) {
logger.debug("Master Key Created with id = " + savedKey);
logger.debug("<== RangerMasterKey.generateMasterKey()");
}
return true;
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Master Key Created with id = " + savedKey);
logger.debug("<== RangerMasterKey.generateMasterKey()");
logger.debug("Ranger Master Key already exists in the DB, returning.");
}
return true;
}

if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMasterKey()");
}
Expand All @@ -215,15 +224,24 @@ public void generateMKFromHSMMK(String password, byte[] key) throws Throwable {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.generateMKFromHSMMK()");
}

init();
String encryptedMasterKey = encryptMasterKey(password, key);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
if( ! checkMKExistence(this.masterKeyDao)) {
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
String encryptedMasterKey = encryptMasterKey(password, key);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
if (logger.isDebugEnabled()) {
logger.debug("Master Key Created with id = " + savedKey);
logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
}
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Master Key Created with id = " + savedKey);
logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
logger.debug("Ranger Master Key already exists in the DB, returning.");
}
}

if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
}
Expand Down Expand Up @@ -279,12 +297,21 @@ public void generateMKFromKeySecureMK(String password, byte[] key) throws Throwa
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.generateMKFromKeySecureMK()");
}

init();
String encryptedMasterKey = encryptMasterKey(password, key);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
logger.debug("Master Key Created with id = " + savedKey);
if( ! checkMKExistence(this.masterKeyDao)) {
logger.info("Master Key doesn't exist in DB, Generating the Master Key");
String encryptedMasterKey = encryptMasterKey(password, key);
String savedKey = saveEncryptedMK(paddingString + "," + encryptedMasterKey);
if (savedKey != null && !savedKey.trim().equals("")) {
logger.debug("Master Key Created with id = " + savedKey);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Ranger Master Key already exists in the DB, returning.");
}
}

if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.generateMKFromKeySecureMK()");
}
Expand Down Expand Up @@ -352,13 +379,11 @@ private String saveEncryptedMK(String encryptedMasterKey) {
xxRangerMasterKey.setMasterKey(encryptedMasterKey);
try {
if (masterKeyDao != null) {
if (masterKeyDao.getAllCount() < 1) {
XXRangerMasterKey rangerMasterKey = masterKeyDao.create(xxRangerMasterKey);
if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.saveEncryptedMK()");
}
return rangerMasterKey.getId().toString();
XXRangerMasterKey rangerMasterKey = masterKeyDao.create(xxRangerMasterKey);
if (logger.isDebugEnabled()) {
logger.debug("<== RangerMasterKey.saveEncryptedMK()");
}
return rangerMasterKey.getId().toString();
}
} catch (Exception e) {
logger.error("Error while saving master key in Database!!! ", e);
Expand All @@ -369,6 +394,21 @@ private String saveEncryptedMK(String encryptedMasterKey) {
return null;
}

/*
Returns:
true: if Master Key exists
fasle: If Master key doesn't exist.
*/
private boolean checkMKExistence(RangerMasterKeyDao rangerMKDao)
{
boolean mkExists = false;

if (rangerMKDao != null) {
mkExists = rangerMKDao.getAllCount() < 1 ? false : true;
}
return mkExists;
}

private String encryptMasterKey(String password) throws Throwable {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerMasterKey.encryptMasterKey()");
Expand Down

0 comments on commit 626deed

Please sign in to comment.