Major Description
Here's the code from Hadoop23Shims:
Hadoop23Shims.java
@Override
public int comparePathKeyStrength(Path path1, Path path2) throws IOException {
EncryptionZone zone1, zone2;
zone1 = hdfsAdmin.getEncryptionZoneForPath(path1);
zone2 = hdfsAdmin.getEncryptionZoneForPath(path2);
if (zone1 == null && zone2 == null) {
return 0;
} else if (zone1 == null) {
return -1;
} else if (zone2 == null) {
return 1;
}
return compareKeyStrength(zone1.getKeyName(), zone2.getKeyName());
}
private int compareKeyStrength(String keyname1, String keyname2) throws IOException {
KeyProvider.Metadata meta1, meta2;
if (keyProvider == null) {
throw new IOException("HDFS security key provider is not configured on your server.");
}
meta1 = keyProvider.getMetadata(keyname1);
meta2 = keyProvider.getMetadata(keyname2);
if (meta1.getBitLength() < meta2.getBitLength()) {
return -1;
} else if (meta1.getBitLength() == meta2.getBitLength()) {
return 0;
} else {
return 1;
}
}
}
It turns out that EncryptionZone already has the cipher's bit-length stored in a member variable. One shouldn't need an additional name-node call (KeyProvider::getMetadata()) only to fetch it again.