@Override public KeyVersion getKeyVersion(String versionName) throws IOException { return keyProvider.getKeyVersion(versionName); }
@Override public KeyVersion load(String key) throws Exception { KeyVersion kv = provider.getKeyVersion(key); if (kv == null) { throw new KeyNotFoundException(); } return kv; } });
/** * Get the current version of the key, which should be used for encrypting new * data. * @param name the base name of the key * @return the version name of the current version of the key or null if the * key version doesn't exist * @throws IOException */ public KeyVersion getCurrentKey(String name) throws IOException { Metadata meta = getMetadata(name); if (meta == null) { return null; } return getKeyVersion(buildVersionName(name, meta.getVersions() - 1)); }
@Override public KeyVersion decryptEncryptedKey( EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException { // Fetch the encryption key material final String encryptionKeyVersionName = encryptedKeyVersion.getEncryptionKeyVersionName(); final KeyVersion encryptionKey = keyProvider.getKeyVersion(encryptionKeyVersionName); Preconditions .checkNotNull(encryptionKey, "KeyVersion name '%s' does not exist", encryptionKeyVersionName); Preconditions.checkArgument( encryptedKeyVersion.getEncryptedKeyVersion().getVersionName() .equals(KeyProviderCryptoExtension.EEK), "encryptedKey version name must be '%s', but found '%s'", KeyProviderCryptoExtension.EEK, encryptedKeyVersion.getEncryptedKeyVersion().getVersionName()); try (CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf())) { final Decryptor decryptor = cc.createDecryptor(); return decryptEncryptedKey(decryptor, encryptionKey, encryptedKeyVersion); } }
ekv.getEncryptionKeyVersionName(); final KeyVersion encryptionKey = keyProvider.getKeyVersion(encryptionKeyVersionName); Preconditions.checkNotNull(encryptionKey, "KeyVersion name '%s' does not exist", encryptionKeyVersionName);
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { return keyProvider.getKeyVersion(versionName); }
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { return keyProvider.getKeyVersion(versionName); }
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { return keyProvider.getKeyVersion(versionName); }
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { return keyProvider.getKeyVersion(versionName); }
@Override public KeyVersion load(String key) throws Exception { KeyVersion kv = provider.getKeyVersion(key); if (kv == null) { throw new KeyNotFoundException(); } return kv; } });
@Override public KeyVersion load(String key) throws Exception { KeyVersion kv = provider.getKeyVersion(key); if (kv == null) { throw new KeyNotFoundException(); } return kv; } });
@Override public KeyVersion load(String key) throws Exception { KeyVersion kv = provider.getKeyVersion(key); if (kv == null) { throw new KeyNotFoundException(); } return kv; } });
@Override public KeyVersion load(String key) throws Exception { KeyVersion kv = provider.getKeyVersion(key); if (kv == null) { throw new KeyNotFoundException(); } return kv; } });
/** * Get the current version of the key, which should be used for encrypting new * data. * @param name the base name of the key * @return the version name of the current version of the key or null if the * key version doesn't exist * @throws IOException */ public KeyVersion getCurrentKey(String name) throws IOException { Metadata meta = getMetadata(name); if (meta == null) { return null; } return getKeyVersion(buildVersionName(name, meta.getVersions() - 1)); }
/** * Get the current version of the key, which should be used for encrypting new * data. * @param name the base name of the key * @return the version name of the current version of the key or null if the * key version doesn't exist * @throws IOException */ public KeyVersion getCurrentKey(String name) throws IOException { Metadata meta = getMetadata(name); if (meta == null) { return null; } return getKeyVersion(buildVersionName(name, meta.getVersions() - 1)); }
/** * Get the current version of the key, which should be used for encrypting new * data. * @param name the base name of the key * @return the version name of the current version of the key or null if the * key version doesn't exist * @throws IOException */ public KeyVersion getCurrentKey(String name) throws IOException { Metadata meta = getMetadata(name); if (meta == null) { return null; } return getKeyVersion(buildVersionName(name, meta.getVersions() - 1)); }
/** * Get the current version of the key, which should be used for encrypting new * data. * @param name the base name of the key * @return the version name of the current version of the key or null if the * key version doesn't exist * @throws IOException */ public KeyVersion getCurrentKey(String name) throws IOException { Metadata meta = getMetadata(name); if (meta == null) { return null; } return getKeyVersion(buildVersionName(name, meta.getVersions() - 1)); }
@Test public void testKeyVersion() throws Exception { KeyProvider.KeyVersion mockKey = Mockito.mock(KeyProvider.KeyVersion.class); KeyProvider mockProv = Mockito.mock(KeyProvider.class); Mockito.when(mockProv.getKeyVersion(Mockito.eq("k1@0"))) .thenReturn(mockKey); Mockito.when(mockProv.getKeyVersion(Mockito.eq("k2@0"))).thenReturn(null); Mockito.when(mockProv.getConf()).thenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); // asserting caching Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(1)) .getKeyVersion(Mockito.eq("k1@0")); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(1)) .getKeyVersion(Mockito.eq("k1@0")); Thread.sleep(200); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(2)) .getKeyVersion(Mockito.eq("k1@0")); // asserting no caching when key is not known cache = new CachingKeyProvider(mockProv, 100, 100); Assert.assertEquals(null, cache.getKeyVersion("k2@0")); Mockito.verify(mockProv, Mockito.times(1)) .getKeyVersion(Mockito.eq("k2@0")); Assert.assertEquals(null, cache.getKeyVersion("k2@0")); Mockito.verify(mockProv, Mockito.times(2)) .getKeyVersion(Mockito.eq("k2@0")); }
@Test public void testDeleteKey() throws Exception { KeyProvider.KeyVersion mockKey = Mockito.mock(KeyProvider.KeyVersion.class); KeyProvider mockProv = Mockito.mock(KeyProvider.class); Mockito.when(mockProv.getCurrentKey(Mockito.eq("k1"))).thenReturn(mockKey); Mockito.when(mockProv.getKeyVersion(Mockito.eq("k1@0"))) .thenReturn(mockKey); Mockito.when(mockProv.getMetadata(Mockito.eq("k1"))).thenReturn( new KMSClientProvider.KMSMetadata("c", 0, "l", null, new Date(), 1)); Mockito.when(mockProv.getConf()).thenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); Assert.assertEquals(mockKey, cache.getCurrentKey("k1")); Mockito.verify(mockProv, Mockito.times(1)).getCurrentKey(Mockito.eq("k1")); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(1)) .getKeyVersion(Mockito.eq("k1@0")); cache.deleteKey("k1"); // asserting the cache is purged Assert.assertEquals(mockKey, cache.getCurrentKey("k1")); Mockito.verify(mockProv, Mockito.times(2)).getCurrentKey(Mockito.eq("k1")); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(2)) .getKeyVersion(Mockito.eq("k1@0")); } }
@Test public void testDeleteKey() throws Exception { KeyProvider.KeyVersion mockKey = Mockito.mock(KeyProvider.KeyVersion.class); KeyProvider mockProv = Mockito.mock(KeyProvider.class); Mockito.when(mockProv.getCurrentKey(Mockito.eq("k1"))).thenReturn(mockKey); Mockito.when(mockProv.getKeyVersion(Mockito.eq("k1@0"))) .thenReturn(mockKey); Mockito.when(mockProv.getMetadata(Mockito.eq("k1"))).thenReturn( new KMSClientProvider.KMSMetadata("c", 0, "l", null, new Date(), 1)); Mockito.when(mockProv.getConf()).thenReturn(new Configuration()); KeyProvider cache = new CachingKeyProvider(mockProv, 100, 100); Assert.assertEquals(mockKey, cache.getCurrentKey("k1")); Mockito.verify(mockProv, Mockito.times(1)).getCurrentKey(Mockito.eq("k1")); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(1)) .getKeyVersion(Mockito.eq("k1@0")); cache.deleteKey("k1"); // asserting the cache is purged Assert.assertEquals(mockKey, cache.getCurrentKey("k1")); Mockito.verify(mockProv, Mockito.times(2)).getCurrentKey(Mockito.eq("k1")); Assert.assertEquals(mockKey, cache.getKeyVersion("k1@0")); Mockito.verify(mockProv, Mockito.times(2)) .getKeyVersion(Mockito.eq("k1@0")); } }