public ByteBuf decrypt(MessageMetadata msgMetadata, ByteBuf payload, CryptoKeyReader keyReader) { // If dataKey is present, attempt to decrypt using the existing key if (dataKey != null) { ByteBuf decryptedData = getKeyAndDecryptData(msgMetadata, payload); // If decryption succeeded, data is non null if (decryptedData != null) { return decryptedData; } } // dataKey is null or decryption failed. Attempt to regenerate data key List<EncryptionKeys> encKeys = msgMetadata.getEncryptionKeysList(); EncryptionKeys encKeyInfo = encKeys.stream().filter(kbv -> { byte[] encDataKey = kbv.getValue().toByteArray(); List<KeyValue> encKeyMeta = kbv.getMetadataList(); return decryptDataKey(kbv.getKey(), encDataKey, encKeyMeta, keyReader); }).findFirst().orElse(null); if (encKeyInfo == null || dataKey == null) { // Unable to decrypt data key return null; } return getKeyAndDecryptData(msgMetadata, payload); }
kvList.add(KeyValue.newBuilder().setKey(key).setValue(value).build()); }); msgMetadata.addEncryptionKeys(EncryptionKeys.newBuilder().setKey(keyName) .setValue(ByteString.copyFrom(keyInfo.getKey())).addAllMetadata(kvList).build()); } else { msgMetadata.addEncryptionKeys(EncryptionKeys.newBuilder().setKey(keyName) .setValue(ByteString.copyFrom(keyInfo.getKey())).build());
public Builder mergeFrom(org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys other) { if (other == org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys.getDefaultInstance()) return this; if (other.hasKey()) { setKey(other.getKey()); } if (other.hasValue()) { setValue(other.getValue()); } if (!other.metadata_.isEmpty()) { if (metadata_.isEmpty()) { metadata_ = other.metadata_; bitField0_ = (bitField0_ & ~0x00000004); } else { ensureMetadataIsMutable(); metadata_.addAll(other.metadata_); } } return this; }
org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys.Builder subBuilder = org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys.newBuilder(); input.readMessage(subBuilder, extensionRegistry); addEncryptionKeys(subBuilder.buildPartial());
kvList.add(KeyValue.newBuilder().setKey(key).setValue(value).build()); }); msgMetadata.addEncryptionKeys(EncryptionKeys.newBuilder().setKey(keyName) .setValue(ByteString.copyFrom(keyInfo.getKey())).addAllMetadata(kvList).build()); } else { msgMetadata.addEncryptionKeys(EncryptionKeys.newBuilder().setKey(keyName) .setValue(ByteString.copyFrom(keyInfo.getKey())).build());
.collect( Collectors.toMap(EncryptionKeys::getKey, e -> new EncryptionKey(e.getValue().toByteArray(), e.getMetadataList() != null ? e.getMetadataList().stream().collect( Collectors.toMap(KeyValue::getKey, KeyValue::getValue)) : null)));
private ByteBuf getKeyAndDecryptData(MessageMetadata msgMetadata, ByteBuf payload) { ByteBuf decryptedData = null; List<EncryptionKeys> encKeys = msgMetadata.getEncryptionKeysList(); // Go through all keys to retrieve data key from cache for (int i = 0; i < encKeys.size(); i++) { byte[] msgDataKey = encKeys.get(i).getValue().toByteArray(); byte[] keyDigest = digest.digest(msgDataKey); SecretKey storedSecretKey = dataKeyCache.getIfPresent(ByteBuffer.wrap(keyDigest)); if (storedSecretKey != null) { // Taking a small performance hit here if the hash collides. When it // retruns a different key, decryption fails. At this point, we would // call decryptDataKey to refresh the cache and come here again to decrypt. decryptedData = decryptData(storedSecretKey, msgMetadata, payload); // If decryption succeeded, data is non null if (decryptedData != null) { break; } } else { // First time, entry won't be present in cache log.debug("{} Failed to decrypt data or data key is not in cache. Will attempt to refresh", logCtx); } } return decryptedData; }
public ByteBuf decrypt(MessageMetadata msgMetadata, ByteBuf payload, CryptoKeyReader keyReader) { // If dataKey is present, attempt to decrypt using the existing key if (dataKey != null) { ByteBuf decryptedData = getKeyAndDecryptData(msgMetadata, payload); // If decryption succeeded, data is non null if (decryptedData != null) { return decryptedData; } } // dataKey is null or decryption failed. Attempt to regenerate data key List<EncryptionKeys> encKeys = msgMetadata.getEncryptionKeysList(); EncryptionKeys encKeyInfo = encKeys.stream().filter(kbv -> { byte[] encDataKey = kbv.getValue().toByteArray(); List<KeyValue> encKeyMeta = kbv.getMetadataList(); return decryptDataKey(kbv.getKey(), encDataKey, encKeyMeta, keyReader); }).findFirst().orElse(null); if (encKeyInfo == null || dataKey == null) { // Unable to decrypt data key return null; } return getKeyAndDecryptData(msgMetadata, payload); }
public int getSerializedSize() { int size = memoizedSerializedSize; if (size != -1) return size; size = 0; if (((bitField0_ & 0x00000001) == 0x00000001)) { size += org.apache.pulsar.shaded.com.google.protobuf.v241.CodedOutputStream .computeBytesSize(1, getKeyBytes()); } if (((bitField0_ & 0x00000002) == 0x00000002)) { size += org.apache.pulsar.shaded.com.google.protobuf.v241.CodedOutputStream .computeBytesSize(2, value_); } for (int i = 0; i < metadata_.size(); i++) { size += org.apache.pulsar.shaded.com.google.protobuf.v241.CodedOutputStream .computeMessageSize(3, metadata_.get(i)); } memoizedSerializedSize = size; return size; }
public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; if (!hasKey()) { memoizedIsInitialized = 0; return false; } if (!hasValue()) { memoizedIsInitialized = 0; return false; } for (int i = 0; i < getMetadataCount(); i++) { if (!getMetadata(i).isInitialized()) { memoizedIsInitialized = 0; return false; } } memoizedIsInitialized = 1; return true; }
public Builder mergeFrom(org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys other) { if (other == org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys.getDefaultInstance()) return this; if (other.hasKey()) { setKey(other.getKey()); } if (other.hasValue()) { setValue(other.getValue()); } if (!other.metadata_.isEmpty()) { if (metadata_.isEmpty()) { metadata_ = other.metadata_; bitField0_ = (bitField0_ & ~0x00000004); } else { ensureMetadataIsMutable(); metadata_.addAll(other.metadata_); } } return this; }
public Builder toBuilder() { return newBuilder(this); }
public Builder newBuilderForType() { return newBuilder(); } public static Builder newBuilder(org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys prototype) {
public org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys getDefaultInstanceForType() { return org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys.getDefaultInstance(); }
public static Builder newBuilder(org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys prototype) { return newBuilder().mergeFrom(prototype); } public Builder toBuilder() { return newBuilder(this); }
public void writeTo(org.apache.pulsar.common.util.protobuf.ByteBufCodedOutputStream output) throws java.io.IOException { getSerializedSize(); if (((bitField0_ & 0x00000001) == 0x00000001)) { output.writeBytes(1, getKeyBytes()); } if (((bitField0_ & 0x00000002) == 0x00000002)) { output.writeBytes(2, value_); } for (int i = 0; i < metadata_.size(); i++) { output.writeMessage(3, metadata_.get(i)); } }
public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseFrom( byte[] data, org.apache.pulsar.shaded.com.google.protobuf.v241.ExtensionRegistryLite extensionRegistry) throws org.apache.pulsar.shaded.com.google.protobuf.v241.InvalidProtocolBufferException { return newBuilder().mergeFrom(data, extensionRegistry) .buildParsed(); } public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseFrom(java.io.InputStream input)
public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException { Builder builder = newBuilder(); if (builder.mergeDelimitedFrom(input)) { return builder.buildParsed(); } else { return null; } } public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseDelimitedFrom(
public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseFrom( org.apache.pulsar.shaded.com.google.protobuf.v241.CodedInputStream input, org.apache.pulsar.shaded.com.google.protobuf.v241.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { return newBuilder().mergeFrom(input, extensionRegistry) .buildParsed(); }
public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseFrom( java.io.InputStream input, org.apache.pulsar.shaded.com.google.protobuf.v241.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { return newBuilder().mergeFrom(input, extensionRegistry) .buildParsed(); } public static org.apache.pulsar.common.api.proto.PulsarApi.EncryptionKeys parseDelimitedFrom(java.io.InputStream input)