This is the multi-page printable view of this section. Click here to print.
Additional Information
1 - Migrating Tokenized Unicode Data
Migrating Tokenized Unicode Data between the Big Data Protector and the Teradata Database
The procedure to migrate tokenized Unicode data from and to a Teradata database are listed below.
This section is only applicable for Legacy Unicode and Base64 Unicode data element.
This section considers the Teradata database for reference.
In addition to the Teradata database, the Big Data Protector works with other databases, such as Netezza and Greenplum.
Migrating Tokenized Unicode Data from a Teradata Database
This section describes the task to unprotect the tokenized Unicode data in Hive, Impala, or Spark, which was tokenized in the Teradata database using the Protegrity Database Protector and then migrated to Hive, Impala, MapReduce, or Spark.
Ensure that the data elements used in the data security policy, deployed on the Teradata Database Protector and Big Data Protector machines are uniform.
From Teradata Database to Hive or Impala
To migrate Tokenized Unicode data from Teradata database to Hive or Impala and unprotect it using Hive or Impala protector:
- Tokenize the Unicode data in the Teradata database using Protegrity Database Protector.
- Migrate the tokenized Unicode data from the Teradata database to Hive or Impala.
- To unprotect the tokenized Unicode data on Hive or Impala, ensure that the following UDFs are used, as required:
- Hive:
ptyUnprotectUnicode() - Impala:
pty_UnicodeStringSel()
- Hive:
From Teradata database to Hadoop
To migrate Tokenized Unicode data from a Teradata database to Hadoop and unprotect it using MapReduce or Spark protector:
- Migrate the tokenized Unicode data to the Hadoop ecosystem using any data migration utilities.
- To unprotect the tokenized Unicode data using MapReduce or Spark, ensure that the following APIs are used, as required:
- MapReduce: public byte[] unprotect(String dataElement, byte[] data)
- Spark: void unprotect(String dataElement, List
errorIndex, byte[][] input, byte[][] output)
- Convert the protected tokens to bytes using UTF-8 encoding.
- Send the data as input to the Unprotect API in the MapReduce or Spark protector, as required.
- Convert the unprotected output in bytes to String using UTF-16LE encoding. The string data will display the data in cleartext format.
The following sample code snippet describes how to unprotect the Tokenized Unicode data, that is migrated from a Teradata database to Hadoop, using the MapReduce or Spark protector.
private Protector protector = null;
String[] unprotectinput= new String[SIZE] ;
byte[][] inputValueByte = new byte [unprotectinput.length][];
StringBuilder unprotectedString = new StringBuilder();
int x=0;
for (x=0; x< unprotectinput.length; x++)
inputValueByte[x]= unprotectinput[x].getBytes(StandardCharsets.UTF_8); // Point a implementation
protector.unprotect(DATAELEMENT_NAME, errorIndexList, inputValueByte, outputValueByte); //Point b implementation
unprotectedString.apprend(new String(outputValueByte[j],StandardCharsets.UTF_16LE))//Point c implementation
Migrating Tokenized Unicode Data to a Teradata Database
The steps to protect Unicode data in Hive, Impala, MapReduce, or Spark, migrate it to a Teradata database, and then unprotect the tokenized Unicode data using the Protegrity Database Protector are listed below.
Ensure that the data elements used in the data security policy, deployed on the Teradata Database Protector and Big Data Protector machines are uniform.
Migrating Tokenized Unicode data using Hive or Impala
To migrate Tokenized Unicode data using Hive or Impala protector to Teradata database:
- To protect the Unicode data on Hive or Impala, ensure that the following UDFs are used, as required:
- Hive:
ptyProtectUnicode() - Impala:
pty_UnicodeStringIns()
- Hive:
- Migrate the tokenized Unicode data from Hive or Impala to the Teradata database.
- To unprotect the tokenized Unicode data in the Teradata database, use the Protegrity Database Protector.
Migrating Unicode data using MapReduce or Spark protector
To protect Unicode data using MapReduce or Spark protector and migrate it to a Teradata database:
- Convert the cleartext format Unicode data to bytes using UTF-16LE encoding.
- To migrate the tokenized Unicode data using MapReduce or Spark to the Teradata database, ensure that the following APIs are used, as required:
- MapReduce:
public byte[] protect(String dataElement, byte[] data) - Spark:
void protect(String dataElement, List<Integer> errorIndex, byte[][] input, byte[][] output)
- MapReduce:
- Send the data as input to the Protect API in the MapReduce or Spark protector, as required.
- Convert the protected output in bytes to String using UTF-8 encoding. The output is protected tokenized data.
- Migrate the protected data to the Teradata database using any data migration utilities.
The following sample code snippet describes how to protect Unicode data using the MapReduce or Spark protector, and migrating it to a Teradata database.
private Protector protector = null;
String[] clear_data = new String[SIZE] ;
byte[][] inputValueByte = new byte [clear_data.length][];
StringBuilder protectedString = new StringBuilder();
inputValueByte= data.getBytes(StandardCharsets.UTF_16LE); //Point a implementation
protector.protect(DATAELEMENT_NAME, errorIndexList, inputValueByte, outputValueByte); //Point b implementation
int x=0;
for (x=0; x<outputValueByte.length; x++)
protectedString.append(new String(outputValueByte[x],StandardCharsets.UTF_8)); //Point c implementation
2 - Return Codes for the Big Data Protector
If you are using the Big Data Protector and any failures occur, then the protector throws an exception. The exception consists of an error code and error message. All the possible error codes and error messages are described below.
The following table lists all errors returned from the Core layer that are logged.
| Code | Error | Error Message |
|---|---|---|
| 0 | NONE | |
| 1 | USER_NOT_FOUND | The username could not be found in the policy. |
| 2 | DATA_ELEMENT_NOT_FOUND | The data element could not be found in the policy. |
| 3 | PERMISSION_DENIED | The user does not have the appropriate permissions to perform the requested operation. |
| 4 | TWEAK_NULL | Tweak is null. |
| 5 | INTEGRITY_CHECK_FAILED | Integrity check failed. |
| 6 | PROTECT_SUCCESS | Data protect operation was successful. |
| 7 | PROTECT_FAILED | Data protect operation failed. |
| 8 | UNPROTECT_SUCCESS | Data unprotect operation was successful. |
| 9 | UNPROTECT_FAILED | Data unprotect operation failed. |
| 10 | OK_ACCESS | The user has appropriate permissions to perform the requested operation but no data has been protected/unprotected. |
| 11 | INACTIVE_KEYID_USED | Data unprotect operation was successful with use of an inactive keyid. |
| 12 | INVALID_PARAM | Input is null or not within allowed limits. |
| 13 | INTERNAL_ERROR | Internal error occurring in a function call after the Core Provider has been opened. |
| 14 | LOAD_KEY_FAILED | Failed to load data encryption key. |
| 15 | TWEAK_INPUT_TOO_LONG | Tweak input is too long. |
| 17 | INIT_FAILED | Failed to initialize the CORE - This is a fatal error |
| 19 | UNSUPPORTED_TWEAK | Unsupported tweak action for the specified FPE data element. |
| 20 | OUT_OF_MEMORY | Failed to allocate memory. |
| 21 | BUFFER_TOO_SMALL | Input or output buffer is too small. |
| 22 | INPUT_TOO_SHORT | Data is too short to be protected/unprotected. |
| 23 | INPUT_TOO_LONG | Data is too long to be protected/unprotected. |
| 25 | USERNAME_TOO_LONG | Username too long. |
| 26 | UNSUPPORTED | Unsupported algorithm or unsupported action for the specific data element. |
| 27 | APPLICATION_AUTHORIZED | Application has been authorized. |
| 28 | APPLICATION_NOT_AUTHORIZED | Application has not been authorized. |
| 31 | EMPTY_POLICY | Policy not available. |
| 40 | LICENSE_EXPIRED | No valid license or current date is beyond the license expiration date. |
| 41 | METHOD_RESTRICTED | The use of the protection method is restricted by license. |
| 42 | LICENSE_INVALID | Invalid license or time is before licensestart. |
| 44 | INVALID_FORMAT | The content of the input data is not valid. |
| 49 | LOG_UNSUPPORTED_ENCODING | Unsupported input encoding for the specific data element. |
| 50 | REPROTECT_SUCCESS | Data reprotect operation was successful. |
| 51 | LOG_LOG_UNREACHABLE | Failed to send logs, connection refused. |
The following table lists all the error messages returned from the Core layer that are NOT logged.
| Code | Error | Error Message |
|---|---|---|
| 1 | SUCCESS | The operation was successful. |
| 0 | FAILED | The operation failed. |
| -1 | INVALID_PARAMETER | The parameter is invalid. |
| -2 | EOF | The end of file was reached. |
| -3 | BUSY | The operation is already in progress or object already locked. |
| -4 | TIMEOUT | Time-out waiting for response or operation took too long. |
| -5 | ALREADY_EXISTS | The object, such as file, already exists. |
| -6 | ACCESS_DENIED | The permission to access the object was denied. |
| -7 | PARSE_ERROR | Error when parsing contents, e.g. ini file, or user supplied data. |
| -8 | NOT_FOUND | The search operation was not successful. |
| -9 | NOT_SUPPORTED | The operation is not supported. |
| -10 | CONNECTION_REFUSED | The connection was refused. |
| -11 | DISCONNECTED | The connection was disconnected. |
| -12 | UNREACHABLE | The Internet link is down or the host is not reachable. |
| -13 | ADDRESS_IN_USE | The IP Address or port is already utilized. |
| -14 | OUT_OF_MEMORY | The operation to allocate memory failed. |
| -15 | CRC_ERROR | The CRC check failed. |
| -16 | BUFFER_TOO_SMALL | The buffer size is very small. |
| -17 | BAD_REQUEST | A malformed message request was received. |
| -18 | INVALID_STRING_LENGTH | The input string is too long. |
| -19 | INVALID_TYPE | The wrong type was used. |
| -20 | READONLY_OBJECT | Unable to write to read-only object. |
| -21 | SERVICE_FAILED | The service failed. |
| -22 | ALREADY_CONNECTED | The Administrator is already connected to the server. |
| -23 | INVALID_KEY | The key is invalid. |
| -24 | INTEGRITY_ERROR | The integrity check failed. |
| -25 | LOGIN_FAILED | The attempt to login failed. |
| -26 | NOT_AVAILABLE | The object is not available. |
| -27 | NOT_EXIST | The object does not exist. |
| -28 | SET_FAILED | The Set operation failed. |
| -29 | GET_FAILED | The Get operation failed. |
| -30 | READ_FAILED | The Read operation failed. |
| -31 | WRITE_FAILED | The Write operation failed. |
| -33 | REWRITE_FAILED | The Rewrite operation failed. |
| -34 | DELETE_FAILED | The Delete operation failed. |
| -35 | UPDATE_FAILED | The Update operation failed. |
| -36 | SIGN_FAILED | The Sign operation failed. |
| -37 | VERIFY_FAILED | The Verification failed. |
| -38 | ENCRYPT_FAILED | The Encrypt operation failed. |
| -39 | DECRYPT_FAILED | The Decrypt operation failed. |
| -40 | REENCRYPT_FAILED | The Reencrypt operation failed. |
| -41 | EXPIRED | The object has expired. |
| -42 | REVOKED | The object has been revoked. |
| -43 | INVALID_FORMAT | The format is invalid. |
| -44 | HASH_FAILED | The Hash operation failed. |
| -45 | NOT_DEFINED | The property or setting is not defined. |
| -46 | NOT_INITIALIZED | The service requested or function is performed on an object that is not initialized. |
| -47 | POLICY_LOCKED | The Policy is locked for some reason. |
| -48 | THROW_EXCEPTION | The error message is used to convey that an exception should be thrown during decryption. |
| -49 | USER_AUTHENTICATION_FAILED | The Authentication operation failed. |
| -54 | INVALID_CARD_TYPE | The credit card number provided does not confirm to the required credit card format. |
| -55 | LICENSE_AUDITONLY | The License provided is for the audit functionality and only No Encryption data elements are allowed. |
| -56 | NO_VALID_CIPHERS | No valid ciphers were found. |
| -57 | NO_VALID_PROTOCOLS | No valid protocols were found. |
| -61 | SEND_LOG_FAILED | Failed to send logs to logforwarder. |
| -201 | CRYPT_KEY_DATA_ILLEGAL | The key data specified is invalid. |
| -202 | CRYPT_INTEGRITY_ERROR | The integrity check for the data failed. |
| -203 | CRYPT_DATA_LEN_ILLEGAL | The data length specified is invalid. |
| -204 | CRYPT_LOGIN_FAILURE | The Crypto login failed. |
| -205 | CRYPT_CONTEXT_IN_USE | An attempt to close a key being used is made. |
| -206 | CRYPT_NO_TOKEN | The hardware token is available. |
| -207 | CRYPT_OBJECT_EXISTS | The object to be created already exists. |
| -208 | CRYPT_OBJECT_MISSING | A request for a non-existing object is made. |
| -221 | X509_SET_DATA | The operation to set data in the object failed. |
| -222 | X509_GET_DATA | The operation to get data from the object failed. |
| -223 | X509_SIGN_OBJECT | The operation to sign the object failed. |
| -224 | X509_VERIFY_OBJECT | The verification operation for the object failed. |
| -231 | SSL_CERT_EXPIRED | The certificate has expired. |
| -232 | SSL_CERT_REVOKED | The certificate has been revoked. |
| -233 | SSL_CERT_UNKNOWN | The Trusted certificate was not found. |
| -234 | SSL_CERT_VERIFY_FAILED | The certificate cound not be verified. |
| -235 | SSL_FAILED | A general SSL error occurs. |
| -241 | KEY_ID_FORMAT_ERROR | The format on the Key ID is invalid. |
| -242 | KEY_CLASS_FORMAT_ERROR | The format on the KeyClass is invalid. |
| -243 | KEY_EXPIRED | The key expired. |
| -250 | FIPS_MODE_FAILED | The FIPS mode failed. |