Class MetadataEncoderService
java.lang.Object
io.confluent.kafka.schemaregistry.storage.encoder.MetadataEncoderService
- All Implemented Interfaces:
Closeable,AutoCloseable
- Direct Known Subclasses:
KafkaMetadataEncoderService
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final Stringprotected final AtomicBooleanprotected final CountDownLatchprotected com.google.crypto.tink.KeyTemplate -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionabstract voidclose()voiddecodeMetadata(SchemaValue schema) protected voiddoInit()Subclass hook to prepare any resources before secret rotation occurs.voidencodeMetadata(SchemaValue schema) protected static StringencoderOldSecret(SchemaRegistryConfig config) protected static StringencoderSecret(SchemaRegistryConfig config) Get all tenant keys.abstract com.google.crypto.tink.KeysetHandlegetEncoder(String tenant) protected abstract KeysetWrappergetEncoderWrapper(String tenant) Get the encoder wrapper for a tenant.protected abstract com.google.crypto.tink.KeysetHandlegetOrCreateEncoder(String tenant) protected static com.google.crypto.tink.AeadgetPrimitive(String secret) final voidinit()Initialize the metadata encoder service by rotating the secrets if needed.protected voidprotected abstract voidputEncoderWrapper(String tenant, KeysetWrapper wrapper) Store an encoder wrapper for a tenant.void
-
Field Details
-
encoderSecret
-
keyTemplate
protected com.google.crypto.tink.KeyTemplate keyTemplate -
initialized
-
initLatch
-
-
Constructor Details
-
MetadataEncoderService
-
-
Method Details
-
getSchemaRegistry
-
getPrimitive
protected static com.google.crypto.tink.Aead getPrimitive(String secret) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
encoderSecret
-
encoderOldSecret
-
doInit
protected void doInit()Subclass hook to prepare any resources before secret rotation occurs. Default is no-op. -
init
Initialize the metadata encoder service by rotating the secrets if needed. Subclasses should overridedoInit()to prepare any resources before the secrets are rotated.- Throws:
SchemaRegistryStoreException
-
getAllTenants
Get all tenant keys. Used for secret rotation. -
getEncoderWrapper
protected abstract KeysetWrapper getEncoderWrapper(String tenant) throws SchemaRegistryStoreException Get the encoder wrapper for a tenant.- Throws:
SchemaRegistryStoreException
-
putEncoderWrapper
protected abstract void putEncoderWrapper(String tenant, KeysetWrapper wrapper) throws SchemaRegistryStoreException Store an encoder wrapper for a tenant.- Throws:
SchemaRegistryStoreException
-
maybeRotateSecrets
- Throws:
SchemaRegistryStoreException
-
waitForInit
- Throws:
InterruptedException
-
getEncoder
public abstract com.google.crypto.tink.KeysetHandle getEncoder(String tenant) throws SchemaRegistryStoreException - Throws:
SchemaRegistryStoreException
-
encodeMetadata
- Throws:
SchemaRegistryStoreException
-
decodeMetadata
- Throws:
SchemaRegistryStoreException
-
getOrCreateEncoder
protected abstract com.google.crypto.tink.KeysetHandle getOrCreateEncoder(String tenant) throws SchemaRegistryStoreException - Throws:
SchemaRegistryStoreException
-
close
public abstract void close()- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable
-