org.apache.ignite.internal.managers.encryption

Class GridEncryptionManager

java.lang.Object

org.apache.ignite.internal.managers.GridManagerAdapter<EncryptionSpi>

org.apache.ignite.internal.managers.encryption.GridEncryptionManager

All Implemented Interfaces:

GridComponent, GridManager, MetastorageLifecycleListener, IgniteChangeGlobalStateSupport

public class GridEncryptionManager
extends GridManagerAdapter<EncryptionSpi>
implements MetastorageLifecycleListener, IgniteChangeGlobalStateSupport

Manages cache keys and EncryptionSpi instances. NOTE: Following protocol applied to statically configured caches. For dynamically created caches key generated in request creation. Group keys generation protocol:

• Joining node:
  • 1. Collects and send all stored group keys to coordinator.
  • 2. Generate(but doesn't store locally!) and send keys for all statically configured groups in case the not presented in metastore.
  • 3. Store all keys received from coordinator to local store.
• Coordinator:
  • 1. Checks master key digest are equal to local. If not join is rejected.
  • 2. Checks all stored keys from joining node are equal to stored keys. If not join is rejected.
  • 3. Collects all stored keys and sends it to joining node.
• All nodes:
  • 1. If new key for group doesn't exists locally it added to local store.
  • 2. If new key for group exists locally, then received key skipped.

See Also:

GridCacheProcessor.generateEncryptionKeysAndStartCacheAfter(int, GridPlainClosure)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	GridEncryptionManager.NodeEncryptionKeys

Nested classes/interfaces inherited from interface org.apache.ignite.internal.GridComponent

GridComponent.DiscoveryDataExchangeType

Field Summary

Fields

Modifier and Type	Field and Description
static String	ENCRYPTION_KEY_PREFIX Prefix for a encryption group key in meta store.

Fields inherited from class org.apache.ignite.internal.managers.GridManagerAdapter

ctx, log

Constructor Summary

Constructors

Constructor and Description
GridEncryptionManager(GridKernalContext ctx)

Method Summary

Modifier and Type	Method and Description
void	beforeCacheGroupStart(int grpId, byte[] encKey) Callback for cache group start event.
void	checkEncryptedCacheSupported() Checks cache encryption supported by all nodes in cluster.
void	collectGridNodeData(DiscoveryDataBag dataBag) Collects discovery data on nodes already in grid on receiving TcpDiscoveryNodeAddedMessage.
void	collectJoiningNodeData(DiscoveryDataBag dataBag) Collects discovery data on joining node before sending TcpDiscoveryJoinRequestMessage request.
GridComponent.DiscoveryDataExchangeType	discoveryDataType() Gets unique component type to distinguish components providing discovery data.
IgniteInternalFuture<Collection<byte[]>>	generateKeys(int keyCnt)
Serializable	groupKey(int grpId) Returns group encryption key.
void	groupKey(int grpId, byte[] encGrpKey) Store group encryption key.
void	onActivate(GridKernalContext kctx) Called when cluster performing activation.
void	onCacheGroupDestroyed(int grpId) Callback for cache group destroy event.
void	onDeActivate(GridKernalContext kctx) Called when cluster performing deactivation.
void	onDisconnected(IgniteFuture<?> reconnectFut) Client disconnected callback.
void	onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) Receives discovery data object from remote nodes (called on new node during discovery process).
void	onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) Method is called on nodes that are already in grid (not on joining node).
protected void	onKernalStart0()
protected void	onKernalStop0(boolean cancel)
void	onLocalJoin() Callback for local join.
void	onReadyForRead(ReadOnlyMetastorage metastorage) Is called when metastorage is made ready for read-only operations very early on node startup phase.
void	onReadyForReadWrite(ReadWriteMetastorage metaStorage) Fully functional metastore capable of performing reading and writing operations.
IgniteInternalFuture<?>	onReconnected(boolean clusterRestarted) Client reconnected callback.
void	start() Starts grid component.
void	stop(boolean cancel) Stops grid component.
IgniteNodeValidationResult	validateNode(ClusterNode node) Validates that new node can join grid topology, this method is called on coordinator node before new node joins topology.
IgniteNodeValidationResult	validateNode(ClusterNode node, DiscoveryDataBag.JoiningNodeDiscoveryData discoData)

Methods inherited from class org.apache.ignite.internal.managers.GridManagerAdapter

assertParameter, enabled, getSpi, getSpi, getSpis, inject, onAfterSpiStart, onBeforeSpiStart, onKernalStart, onKernalStop, printMemoryStats, startInfo, startSpi, stopInfo, stopSpi, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ENCRYPTION_KEY_PREFIX

public static final String ENCRYPTION_KEY_PREFIX

Prefix for a encryption group key in meta store.

See Also:

Constant Field Values

Constructor Detail

GridEncryptionManager

public GridEncryptionManager(GridKernalContext ctx)

Parameters:

ctx - Kernel context.

Method Detail

start

public void start()
           throws IgniteCheckedException

Starts grid component.

Specified by:

start in interface GridComponent

Throws:

IgniteCheckedException - Throws in case of any errors.

stop

public void stop(boolean cancel)
          throws IgniteCheckedException

Stops grid component.

Specified by:

stop in interface GridComponent

Parameters:

cancel - If true, then all ongoing tasks or jobs for relevant components need to be cancelled.

Throws:

IgniteCheckedException - Thrown in case of any errors.

onKernalStart0

protected void onKernalStart0()
                       throws IgniteCheckedException

Overrides:

onKernalStart0 in class GridManagerAdapter<EncryptionSpi>

Throws:

IgniteCheckedException - If failed.

onKernalStop0

protected void onKernalStop0(boolean cancel)

Overrides:

onKernalStop0 in class GridManagerAdapter<EncryptionSpi>

Parameters:

cancel - Cancel flag.

onDisconnected

public void onDisconnected(IgniteFuture<?> reconnectFut)

Client disconnected callback.

Specified by:

onDisconnected in interface GridComponent

Overrides:

onDisconnected in class GridManagerAdapter<EncryptionSpi>

Parameters:

reconnectFut - Reconnect future.

onReconnected

public IgniteInternalFuture<?> onReconnected(boolean clusterRestarted)

Client reconnected callback.

Specified by:

onReconnected in interface GridComponent

Overrides:

onReconnected in class GridManagerAdapter<EncryptionSpi>

Parameters:

clusterRestarted - Cluster restarted flag.

Returns:

Future to wait before completing reconnect future.

onLocalJoin

public void onLocalJoin()

Callback for local join.

validateNode

@Nullable
public IgniteNodeValidationResult validateNode(ClusterNode node,
                                                         DiscoveryDataBag.JoiningNodeDiscoveryData discoData)

Specified by:

validateNode in interface GridComponent

Overrides:

validateNode in class GridManagerAdapter<EncryptionSpi>

validateNode

@Nullable
public IgniteNodeValidationResult validateNode(ClusterNode node)

Validates that new node can join grid topology, this method is called on coordinator node before new node joins topology.

Specified by:

validateNode in interface GridComponent

Overrides:

validateNode in class GridManagerAdapter<EncryptionSpi>

Parameters:

node - Joining node.

Returns:

Validation result or null in case of success.

collectJoiningNodeData

public void collectJoiningNodeData(DiscoveryDataBag dataBag)

Collects discovery data on joining node before sending TcpDiscoveryJoinRequestMessage request.

Specified by:

collectJoiningNodeData in interface GridComponent

Overrides:

collectJoiningNodeData in class GridManagerAdapter<EncryptionSpi>

Parameters:

dataBag - container object to store discovery data in.

onJoiningNodeDataReceived

public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data)

Method is called on nodes that are already in grid (not on joining node). It receives discovery data from joining node.

Specified by:

onJoiningNodeDataReceived in interface GridComponent

Overrides:

onJoiningNodeDataReceived in class GridManagerAdapter<EncryptionSpi>

Parameters:

data - DiscoveryDataBag.JoiningNodeDiscoveryData interface to retrieve discovery data of joining node.

collectGridNodeData

public void collectGridNodeData(DiscoveryDataBag dataBag)

Collects discovery data on nodes already in grid on receiving TcpDiscoveryNodeAddedMessage.

Specified by:

collectGridNodeData in interface GridComponent

Overrides:

collectGridNodeData in class GridManagerAdapter<EncryptionSpi>

Parameters:

dataBag - container object to store discovery data in.

onGridDataReceived

public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data)

Receives discovery data object from remote nodes (called on new node during discovery process).

Specified by:

onGridDataReceived in interface GridComponent

Overrides:

onGridDataReceived in class GridManagerAdapter<EncryptionSpi>

Parameters:

data - DiscoveryDataBag.GridDiscoveryData interface to retrieve discovery data collected on remote nodes (data common for all nodes in grid and specific for each node).

groupKey

@Nullable
public Serializable groupKey(int grpId)

Returns group encryption key.

Parameters:

grpId - Group id.

Returns:

Group encryption key.

groupKey

public void groupKey(int grpId,
                     byte[] encGrpKey)

Store group encryption key.

Parameters:

grpId - Group id.

encGrpKey - Encrypted group key.

beforeCacheGroupStart

public void beforeCacheGroupStart(int grpId,
                                  @Nullable
                                  byte[] encKey)

Callback for cache group start event.

Parameters:

grpId - Group id.

encKey - Encryption key

onCacheGroupDestroyed

public void onCacheGroupDestroyed(int grpId)

Callback for cache group destroy event.

Parameters:

grpId - Group id.

onReadyForRead

public void onReadyForRead(ReadOnlyMetastorage metastorage)

Is called when metastorage is made ready for read-only operations very early on node startup phase. Reference for read-only metastorage should be used only within this method and shouldn't be stored to any field.

Specified by:

onReadyForRead in interface MetastorageLifecycleListener

Parameters:

metastorage - Read-only meta storage.

onReadyForReadWrite

public void onReadyForReadWrite(ReadWriteMetastorage metaStorage)
                         throws IgniteCheckedException

Fully functional metastore capable of performing reading and writing operations. Components interested in using metastore are allowed to keep reference passed into the method in their fields.

Specified by:

onReadyForReadWrite in interface MetastorageLifecycleListener

Parameters:

metaStorage - Fully functional meta storage.

Throws:

IgniteCheckedException

onActivate

public void onActivate(GridKernalContext kctx)
                throws IgniteCheckedException

Called when cluster performing activation.

Specified by:

onActivate in interface IgniteChangeGlobalStateSupport

Parameters:

kctx - Kernal context.

Throws:

IgniteCheckedException - If failed.

onDeActivate

public void onDeActivate(GridKernalContext kctx)

Called when cluster performing deactivation.

Specified by:

onDeActivate in interface IgniteChangeGlobalStateSupport

Parameters:

kctx - Kernal context.

generateKeys

public IgniteInternalFuture<Collection<byte[]>> generateKeys(int keyCnt)

Parameters:

keyCnt - Count of keys to generate.

Returns:

Future that will contain results of generation.

checkEncryptedCacheSupported

public void checkEncryptedCacheSupported()
                                  throws IgniteCheckedException

Checks cache encryption supported by all nodes in cluster.

Throws:

IgniteCheckedException - If check fails.

discoveryDataType

public GridComponent.DiscoveryDataExchangeType discoveryDataType()

Gets unique component type to distinguish components providing discovery data. Must return non-null value if component implements any of methods GridComponent.collectJoiningNodeData(DiscoveryDataBag) or GridComponent.collectGridNodeData(DiscoveryDataBag).

Specified by:

discoveryDataType in interface GridComponent

Overrides:

discoveryDataType in class GridManagerAdapter<EncryptionSpi>

Returns:

Unique component type for discovery data exchange.