Package io.confluent.dekregistry.storage
Class DekRegistry
java.lang.Object
io.confluent.dekregistry.storage.DekRegistry
- All Implemented Interfaces:
Closeable,AutoCloseable
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()config()protected <K,V> io.kcache.Cache<K, V> createCache(org.apache.kafka.common.serialization.Serde<K> keySerde, org.apache.kafka.common.serialization.Serde<V> valueSerde, String topic, io.kcache.CacheUpdateHandler<K, V> cacheUpdateHandler) createDek(String kekName, boolean rewrap, CreateDekRequest request) createDekOrForward(String kekName, boolean rewrap, CreateDekRequest request, Map<String, String> headerProperties) createKek(CreateKekRequest request) createKekOrForward(CreateKekRequest request, Map<String, String> headerProperties) voidvoiddeleteDekOrForward(String name, String subject, DekFormat algorithm, boolean permanentDelete, Map<String, String> headerProperties) voiddeleteDekVersion(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete) voiddeleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete, Map<String, String> headerProperties) voidvoiddeleteKekOrForward(String name, boolean permanentDelete, Map<String, String> headerProperties) protected DataEncryptionKeyprotected DataEncryptionKeygenerateRawDek(KeyEncryptionKey kek, DataEncryptionKey key) protected com.google.crypto.tink.AeadgetAead(KeyEncryptionKey kek) protected CryptorgetCryptor(DekFormat dekFormat) protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDekSubjects(String kekName, boolean lookupDeleted) getDekVersions(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) getKekNames(List<String> subjectPrefix, boolean lookupDeleted) protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getLatestDek(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) getLatestDek(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted, boolean maybeGenerateRawDek) protected com.google.common.collect.SetMultimap<String,KeyEncryptionKeyId> voidinit()booleanbooleanisLeader()io.kcache.Cache<EncryptionKeyId,EncryptionKey> keys()protected LockintnormalizeDekSubjectLimit(int suppliedLimit) intnormalizeDekVersionLimit(int suppliedLimit) intnormalizeKekLimit(int suppliedLimit) intnormalizeLimit(int suppliedLimit, int defaultLimit, int maxLimit) putKek(String name, UpdateKekRequest request) putKekOrForward(String name, UpdateKekRequest request, Map<String, String> headerProperties) voidtestKek(KeyEncryptionKey kek) voidundeleteDek(String name, String subject, DekFormat algorithm) voidundeleteDekOrForward(String name, String subject, DekFormat algorithm, Map<String, String> headerProperties) voidundeleteDekVersion(String name, String subject, int version, DekFormat algorithm) voidundeleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, Map<String, String> headerProperties) voidundeleteKek(String name) voidundeleteKekOrForward(String name, Map<String, String> headerProperties) void
-
Field Details
-
KEY
- See Also:
-
LATEST_VERSION
public static final int LATEST_VERSION- See Also:
-
MIN_VERSION
public static final int MIN_VERSION- See Also:
-
EMPTY_AAD
public static final byte[] EMPTY_AAD -
X_FORWARD_HEADER
- See Also:
-
AWS_KMS
- See Also:
-
AZURE_KMS
- See Also:
-
GCP_KMS
- See Also:
-
-
Constructor Details
-
DekRegistry
-
-
Method Details
-
getSchemaRegistry
-
getMetricsManager
-
createCache
protected <K,V> io.kcache.Cache<K,V> createCache(org.apache.kafka.common.serialization.Serde<K> keySerde, org.apache.kafka.common.serialization.Serde<V> valueSerde, String topic, io.kcache.CacheUpdateHandler<K, V> cacheUpdateHandler) throws io.kcache.exceptions.CacheInitializationException- Throws:
io.kcache.exceptions.CacheInitializationException
-
keys
-
config
-
getCryptor
-
init
@PostConstruct public void init() -
waitForInit
- Throws:
InterruptedException
-
initialized
public boolean initialized() -
isLeader
public boolean isLeader() -
lockFor
-
getKekNames
-
getKeks
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getKeks(String tenant, boolean lookupDeleted) -
getKek
-
toKekEntity
-
getDekSubjects
-
getDekVersions
-
getDeks
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, boolean lookupDeleted) -
getDeks
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String kekName, boolean lookupDeleted) -
getDeks
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String minKekName, String maxKekName, boolean lookupDeleted) -
getDeks
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) -
getLatestDek
public DataEncryptionKey getLatestDek(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
getLatestDek
public DataEncryptionKey getLatestDek(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted, boolean maybeGenerateRawDek) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
getDek
public DataEncryptionKey getDek(String kekName, String subject, int version, DekFormat algorithm, boolean lookupDeleted) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
createKekOrForward
public Kek createKekOrForward(CreateKekRequest request, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
createKek
- Throws:
SchemaRegistryException
-
testKek
- Throws:
SchemaRegistryException
-
createDekOrForward
public Dek createDekOrForward(String kekName, boolean rewrap, CreateDekRequest request, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
createDek
public DataEncryptionKey createDek(String kekName, boolean rewrap, CreateDekRequest request) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
generateEncryptedDek
protected DataEncryptionKey generateEncryptedDek(KeyEncryptionKey kek, DataEncryptionKey key) throws DekGenerationException - Throws:
DekGenerationException
-
generateRawDek
protected DataEncryptionKey generateRawDek(KeyEncryptionKey kek, DataEncryptionKey key) throws DekGenerationException - Throws:
DekGenerationException
-
getAead
- Throws:
GeneralSecurityException
-
putKekOrForward
public Kek putKekOrForward(String name, UpdateKekRequest request, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
putKek
public KeyEncryptionKey putKek(String name, UpdateKekRequest request) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
deleteKekOrForward
public void deleteKekOrForward(String name, boolean permanentDelete, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
deleteKek
- Throws:
SchemaRegistryException
-
deleteDekOrForward
public void deleteDekOrForward(String name, String subject, DekFormat algorithm, boolean permanentDelete, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
deleteDek
public void deleteDek(String name, String subject, DekFormat algorithm, boolean permanentDelete) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
deleteDekVersionOrForward
public void deleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
deleteDekVersion
public void deleteDekVersion(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
undeleteKekOrForward
public void undeleteKekOrForward(String name, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
undeleteKek
- Throws:
SchemaRegistryException
-
undeleteDekOrForward
public void undeleteDekOrForward(String name, String subject, DekFormat algorithm, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
undeleteDek
public void undeleteDek(String name, String subject, DekFormat algorithm) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
undeleteDekVersionOrForward
public void undeleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, Map<String, String> headerProperties) throws SchemaRegistryException- Throws:
SchemaRegistryException
-
undeleteDekVersion
public void undeleteDekVersion(String name, String subject, int version, DekFormat algorithm) throws SchemaRegistryException - Throws:
SchemaRegistryException
-
normalizeLimit
public int normalizeLimit(int suppliedLimit, int defaultLimit, int maxLimit) -
normalizeKekLimit
public int normalizeKekLimit(int suppliedLimit) -
normalizeDekSubjectLimit
public int normalizeDekSubjectLimit(int suppliedLimit) -
normalizeDekVersionLimit
public int normalizeDekVersionLimit(int suppliedLimit) -
close
- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Throws:
IOException
-