Examples with CryptoKeyName - com.google.cloud.kms.v1.CryptoKeyName

Example 1 with CryptoKeyName

use of com.google.cloud.kms.v1.CryptoKeyName in project ranger by apache.

the class RangerGoogleCloudHSMProvider method encryptZoneKey.

@Override
public byte[] encryptZoneKey(Key zoneKey) throws Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("==> GCP encryptZoneKey()");
    }
    // Data to encrypt i.e a zoneKey
    byte[] primaryEncodedZoneKey = zoneKey.getEncoded();
    CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
    EncryptResponse encryptResponse = this.client.encrypt(keyName, ByteString.copyFrom(primaryEncodedZoneKey));
    if (encryptResponse == null) {
        throw new RuntimeCryptoException("Got null response for encrypt zone key operation, Please reverify/check configs!");
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== GCP encryptZoneKey() : EncryptResponse - { " + encryptResponse + " }");
    }
    return encryptResponse.getCiphertext().toByteArray();
}

Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)

Example 2 with CryptoKeyName

use of com.google.cloud.kms.v1.CryptoKeyName in project ranger by apache.

the class RangerGoogleCloudHSMProvider method decryptZoneKey.

@Override
public byte[] decryptZoneKey(byte[] encryptedByte) throws Exception {
    CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
    if (logger.isDebugEnabled()) {
        logger.debug("==> GCP decryptZoneKey() : CryptoKeyName - { " + keyName + " }");
    }
    DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(encryptedByte));
    if (response == null) {
        throw new RuntimeCryptoException("Got null response for decrypt zone key operation!");
    } else if (response.getPlaintext() == null || StringUtils.isEmpty(response.getPlaintext().toString())) {
        throw new RuntimeCryptoException("Error - Received null or empty decrypted zone key : " + response.getPlaintext());
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== GCP decryptZoneKey() : DecryptResponse - { " + response + " }");
    }
    return response.getPlaintext().toByteArray();
}

Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)

Aggregations

CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)2 RuntimeCryptoException (org.bouncycastle.crypto.RuntimeCryptoException)2 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)1 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)1