Example 1 with DecryptResponse
use of com.google.cloud.kms.v1.DecryptResponse in project ranger by apache.
the class RangerGoogleCloudHSMProvider method decryptZoneKey.
@Override
public byte[] decryptZoneKey(byte[] encryptedByte) throws Exception {
CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
if (logger.isDebugEnabled()) {
logger.debug("==> GCP decryptZoneKey() : CryptoKeyName - { " + keyName + " }");
}
DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(encryptedByte));
if (response == null) {
throw new RuntimeCryptoException("Got null response for decrypt zone key operation!");
} else if (response.getPlaintext() == null || StringUtils.isEmpty(response.getPlaintext().toString())) {
throw new RuntimeCryptoException("Error - Received null or empty decrypted zone key : " + response.getPlaintext());
}
if (logger.isDebugEnabled()) {
logger.debug("<== GCP decryptZoneKey() : DecryptResponse - { " + response + " }");
}
return response.getPlaintext().toByteArray();
}
Also used :
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
DecryptResponse(com.google.cloud.kms.v1.DecryptResponse)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
Aggregations
CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)1
DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)1
RuntimeCryptoException (org.bouncycastle.crypto.RuntimeCryptoException)1
