KeyProviderCryptoExtension.CryptoExtension (Apache Hadoop Common 2.8.2 API)

All Superinterfaces:

KeyProviderExtension.Extension

All Known Implementing Classes:

LoadBalancingKMSClientProvider

Enclosing class:

org.apache.hadoop.crypto.key.KeyProviderCryptoExtension
```
public static interface KeyProviderCryptoExtension.CryptoExtension
extends KeyProviderExtension.Extension
```
CryptoExtension is a type of Extension that exposes methods to generate EncryptedKeys and to decrypt the same.

Method Summary

Methods
Modifier and Type	Method and Description
`KeyProvider.KeyVersion`	`decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)` Decrypts an encrypted byte[] key material using the given a key version name and initialization vector.
`void`	`drain(String keyName)` Drains the Queue for the provided key.
`KeyProviderCryptoExtension.EncryptedKeyVersion`	`generateEncryptedKey(String encryptionKeyName)` Generates a key material and encrypts it using the given key version name and initialization vector.
`void`	`warmUpEncryptedKeys(String... keyNames)` Calls to this method allows the underlying KeyProvider to warm-up any implementation specific caches used to store the Encrypted Keys.

- Method Detail
  - warmUpEncryptedKeys
```
void warmUpEncryptedKeys(String... keyNames)
                         throws IOException
```
    Calls to this method allows the underlying KeyProvider to warm-up any implementation specific caches used to store the Encrypted Keys.
    
    Parameters:
    keyNames - Array of Key Names
    
    Throws:
    
    IOException
  - drain
```
void drain(String keyName)
```
    Drains the Queue for the provided key.
    
    Parameters:
    keyName - the key to drain the Queue for
  - generateEncryptedKey
```
KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
                                                                    throws IOException,
                                                                           GeneralSecurityException
```
    Generates a key material and encrypts it using the given key version name and initialization vector. The generated key material is of the same length as the KeyVersion material of the latest key version of the key and is encrypted using the same cipher.
    NOTE: The generated key is not stored by the KeyProvider
    
    Parameters:
    encryptionKeyName - The latest KeyVersion of this key's material will be encrypted.
    
    Returns:
    EncryptedKeyVersion with the generated key material, the version name is 'EEK' (for Encrypted Encryption Key)
    
    Throws:
    
    IOException - thrown if the key material could not be generated
    
    GeneralSecurityException - thrown if the key material could not be encrypted because of a cryptographic issue.
  - decryptEncryptedKey
```
KeyProvider.KeyVersion decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
                                           throws IOException,
                                                  GeneralSecurityException
```
    Decrypts an encrypted byte[] key material using the given a key version name and initialization vector.
    
    Parameters:
    encryptedKeyVersion - contains keyVersionName and IV to decrypt the encrypted key material
    
    Returns:
    a KeyVersion with the decrypted key material, the version name is 'EK' (For Encryption Key)
    
    Throws:
    
    IOException - thrown if the key material could not be decrypted
    
    GeneralSecurityException - thrown if the key material could not be decrypted because of a cryptographic issue.

Interface KeyProviderCryptoExtension.CryptoExtension

Method Summary

Method Detail

warmUpEncryptedKeys

drain

generateEncryptedKey

decryptEncryptedKey