Search in sources :

Example 1 with EncryptResponse

use of com.google.cloud.kms.v1.EncryptResponse in project ranger by apache.

the class RangerGoogleCloudHSMProvider method encryptZoneKey.

@Override
public byte[] encryptZoneKey(Key zoneKey) throws Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("==> GCP encryptZoneKey()");
    }
    // Data to encrypt i.e a zoneKey
    byte[] primaryEncodedZoneKey = zoneKey.getEncoded();
    CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
    EncryptResponse encryptResponse = this.client.encrypt(keyName, ByteString.copyFrom(primaryEncodedZoneKey));
    if (encryptResponse == null) {
        throw new RuntimeCryptoException("Got null response for encrypt zone key operation, Please reverify/check configs!");
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== GCP encryptZoneKey() : EncryptResponse - { " + encryptResponse + " }");
    }
    return encryptResponse.getCiphertext().toByteArray();
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)

Aggregations

CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)1 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)1 RuntimeCryptoException (org.bouncycastle.crypto.RuntimeCryptoException)1