HDDS-929. Remove ozone.max.key.len property. Contributed by Ajay Kumar.

hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/SecurityConfig.java

@@ -21,7 +21,6 @@ package org.apache.hadoop.hdds.security.x509;
 
 import com.google.common.base.Preconditions;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.ozone.OzoneConfigKeys;
 import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
@@ -95,7 +94,6 @@ public class SecurityConfig {
   private final Duration certDuration;
   private final String x509SignatureAlgo;
   private final Boolean grpcBlockTokenEnabled;
-  private final int getMaxKeyLength;
   private final String certificateDir;
   private final String certificateFileName;
   private final Boolean grpcTlsEnabled;
@@ -112,9 +110,6 @@ public class SecurityConfig {
   public SecurityConfig(Configuration configuration) {
     Preconditions.checkNotNull(configuration, "Configuration cannot be null");
     this.configuration = configuration;
-    this.getMaxKeyLength = configuration.getInt(
-        OzoneConfigKeys.OZONE_MAX_KEY_LEN,
-        OzoneConfigKeys.OZONE_MAX_KEY_LEN_DEFAULT);
     this.size = this.configuration.getInt(HDDS_KEY_LEN, HDDS_DEFAULT_KEY_LEN);
     this.keyAlgo = this.configuration.get(HDDS_KEY_ALGORITHM,
         HDDS_DEFAULT_KEY_ALGORITHM);
@@ -421,8 +416,4 @@ public class SecurityConfig {
       throw new SecurityException("Unknown security provider:" + provider);
     }
   }
-
-  public int getMaxKeyLength() {
-    return this.getMaxKeyLength;
-  }
 }

hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConfigKeys.java

@@ -350,10 +350,6 @@ public final class OzoneConfigKeys {
   public static final String OZONE_CONTAINER_COPY_WORKDIR =
       "hdds.datanode.replication.work.dir";
 
-  public static final String OZONE_MAX_KEY_LEN =
-      "ozone.max.key.len";
-  public static final int OZONE_MAX_KEY_LEN_DEFAULT = 1024 * 1024;
-
   /**
    * Config properties to set client side checksum properties.
    */

hadoop-hdds/common/src/main/resources/ozone-default.xml

@@ -992,15 +992,6 @@
       the logs. Very useful when debugging REST protocol.
     </description>
   </property>
-  <property>
-    <name>ozone.max.key.len</name>
-    <value>1048576</value>
-    <tag>OZONE, SECURITY</tag>
-    <description>
-      Maximum length of private key in Ozone. Used in Ozone delegation and
-      block tokens.
-    </description>
-  </property>
 
   <!--Client Settings-->
   <property>

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretKey.java

@@ -48,20 +48,12 @@ public class OzoneSecretKey implements Writable {
   private long expiryDate;
   private PrivateKey privateKey;
   private PublicKey publicKey;
-  private int maxKeyLen;
   private SecurityConfig securityConfig;
 
-  public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair,
-      int maxKeyLen) {
+  public OzoneSecretKey(int keyId, long expiryDate, KeyPair keyPair) {
     Preconditions.checkNotNull(keyId);
     this.keyId = keyId;
     this.expiryDate = expiryDate;
-    byte[] encodedKey = keyPair.getPrivate().getEncoded();
-    this.maxKeyLen = maxKeyLen;
-    if (encodedKey.length > maxKeyLen) {
-      throw new RuntimeException("can't create " + encodedKey.length +
-          " byte long DelegationKey.");
-    }
     this.privateKey = keyPair.getPrivate();
     this.publicKey = keyPair.getPublic();
   }
@@ -70,18 +62,13 @@ public class OzoneSecretKey implements Writable {
    * Create new instance using default signature algorithm and provider.
    * */
   public OzoneSecretKey(int keyId, long expiryDate, byte[] pvtKey,
-      byte[] publicKey, int maxKeyLen) {
+      byte[] publicKey) {
     Preconditions.checkNotNull(pvtKey);
     Preconditions.checkNotNull(publicKey);
 
     this.securityConfig = new SecurityConfig(new OzoneConfiguration());
     this.keyId = keyId;
     this.expiryDate = expiryDate;
-    this.maxKeyLen = maxKeyLen;
-    if (pvtKey.length > maxKeyLen) {
-      throw new RuntimeException("can't create " + pvtKey.length +
-          " byte long DelegationKey. Max allowed length is " + maxKeyLen);
-    }
     this.privateKey = SecurityUtil.getPrivateKey(pvtKey, securityConfig);
     this.publicKey = SecurityUtil.getPublicKey(publicKey, securityConfig);
   }
@@ -102,10 +89,6 @@ public class OzoneSecretKey implements Writable {
     return publicKey;
   }
 
-  public int getMaxKeyLen() {
-    return maxKeyLen;
-  }
-
   public byte[] getEncodedPrivateKey() {
     return privateKey.getEncoded();
   }
@@ -125,7 +108,6 @@ public class OzoneSecretKey implements Writable {
         .setExpiryDate(getExpiryDate())
         .setPrivateKeyBytes(ByteString.copyFrom(getEncodedPrivateKey()))
         .setPublicKeyBytes(ByteString.copyFrom(getEncodedPubliceKey()))
-        .setMaxKeyLen(getMaxKeyLen())
         .build();
     out.write(token.toByteArray());
   }
@@ -139,7 +121,6 @@ public class OzoneSecretKey implements Writable {
         .toByteArray(), securityConfig);
     publicKey = SecurityUtil.getPublicKey(secretKey.getPublicKeyBytes()
         .toByteArray(), securityConfig);
-    maxKeyLen = secretKey.getMaxKeyLen();
   }
 
   @Override
@@ -179,7 +160,7 @@ public class OzoneSecretKey implements Writable {
     SecretKeyProto key = SecretKeyProto.parseFrom((DataInputStream) in);
     return new OzoneSecretKey(key.getKeyId(), key.getExpiryDate(),
         key.getPrivateKeyBytes().toByteArray(),
-        key.getPublicKeyBytes().toByteArray(), key.getMaxKeyLen());
+        key.getPublicKeyBytes().toByteArray());
   }
 
   /**

hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/OzoneSecretManager.java

@@ -59,7 +59,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
   private final Text service;
   private volatile boolean running;
   private OzoneSecretKey currentKey;
-  private int maxKeyLength;
   private AtomicInteger currentKeyId;
   private AtomicInteger tokenSequenceNumber;
   protected final Map<Integer, OzoneSecretKey> allKeys;
@@ -83,7 +82,6 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
     tokenSequenceNumber = new AtomicInteger();
     allKeys = new ConcurrentHashMap<>();
     this.service = service;
-    this.maxKeyLength = securityConfig.getMaxKeyLength();
     this.logger = logger;
   }
 
@@ -189,7 +187,7 @@ public abstract class OzoneSecretManager<T extends TokenIdentifier>
     // expire time.
     int newCurrentId = incrementCurrentKeyId();
     OzoneSecretKey newKey = new OzoneSecretKey(newCurrentId, -1,
-        keyPair, maxKeyLength);
+        keyPair);
     currentKey = newKey;
     return currentKey;
   }

hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto

@@ -497,7 +497,6 @@ message SecretKeyProto {
     required uint64 expiryDate = 2;
     required bytes privateKeyBytes = 3;
     required bytes publicKeyBytes = 4;
-    required uint32 maxKeyLen = 5;
 }
 
 message ListKeysRequest {