Search in sources :

Example 1 with KmsWrappedCryptoKey

use of com.google.privacy.dlp.v2.KmsWrappedCryptoKey in project java-docs-samples by GoogleCloudPlatform.

the class DeIdentification method deidentifyWithDateShift.

// [END dlp_reidentify_fpe]
// [START dlp_deidentify_date_shift]
/**
 * @param inputCsvPath The path to the CSV file to deidentify
 * @param outputCsvPath (Optional) path to the output CSV file
 * @param dateFields The list of (date) fields in the CSV file to date shift
 * @param lowerBoundDays The maximum number of days to shift a date backward
 * @param upperBoundDays The maximum number of days to shift a date forward
 * @param contextFieldId (Optional) The column to determine date shift, default : a random shift
 *     amount
 * @param wrappedKey (Optional) The encrypted ('wrapped') AES-256 key to use when shifting dates
 * @param keyName (Optional) The name of the Cloud KMS key used to encrypt ('wrap') the AES-256
 *     key
 * @param projectId ID of Google Cloud project to run the API under.
 */
private static void deidentifyWithDateShift(Path inputCsvPath, Path outputCsvPath, String[] dateFields, int lowerBoundDays, int upperBoundDays, String contextFieldId, String wrappedKey, String keyName, String projectId) throws Exception {
    // instantiate a client
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
        // Set the maximum days to shift a day backward (lowerbound), forward (upperbound)
        DateShiftConfig.Builder dateShiftConfigBuilder = DateShiftConfig.newBuilder().setLowerBoundDays(lowerBoundDays).setUpperBoundDays(upperBoundDays);
        // If contextFieldId, keyName or wrappedKey is set: all three arguments must be valid
        if (contextFieldId != null && keyName != null && wrappedKey != null) {
            dateShiftConfigBuilder.setContext(FieldId.newBuilder().setName(contextFieldId).build());
            KmsWrappedCryptoKey kmsWrappedCryptoKey = KmsWrappedCryptoKey.newBuilder().setCryptoKeyName(keyName).setWrappedKey(ByteString.copyFrom(BaseEncoding.base64().decode(wrappedKey))).build();
            dateShiftConfigBuilder.setCryptoKey(CryptoKey.newBuilder().setKmsWrapped(kmsWrappedCryptoKey).build());
        } else if (contextFieldId != null || keyName != null || wrappedKey != null) {
            throw new IllegalArgumentException("You must set either ALL or NONE of {contextFieldId, keyName, wrappedKey}!");
        }
        // Read and parse the CSV file
        BufferedReader br = null;
        String line;
        List<Table.Row> rows = new ArrayList<>();
        List<FieldId> headers;
        br = new BufferedReader(new FileReader(inputCsvPath.toFile()));
        // convert csv header to FieldId
        headers = Arrays.stream(br.readLine().split(",")).map(header -> FieldId.newBuilder().setName(header).build()).collect(Collectors.toList());
        while ((line = br.readLine()) != null) {
            // convert csv rows to Table.Row
            rows.add(convertCsvRowToTableRow(line));
        }
        br.close();
        Table table = Table.newBuilder().addAllHeaders(headers).addAllRows(rows).build();
        List<FieldId> dateFieldIds = Arrays.stream(dateFields).map(field -> FieldId.newBuilder().setName(field).build()).collect(Collectors.toList());
        DateShiftConfig dateShiftConfig = dateShiftConfigBuilder.build();
        FieldTransformation fieldTransformation = FieldTransformation.newBuilder().addAllFields(dateFieldIds).setPrimitiveTransformation(PrimitiveTransformation.newBuilder().setDateShiftConfig(dateShiftConfig).build()).build();
        DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder().setRecordTransformations(RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build()).build();
        ContentItem tableItem = ContentItem.newBuilder().setTable(table).build();
        DeidentifyContentRequest request = DeidentifyContentRequest.newBuilder().setParent(ProjectName.of(projectId).toString()).setDeidentifyConfig(deidentifyConfig).setItem(tableItem).build();
        // Execute the deidentification request
        DeidentifyContentResponse response = dlpServiceClient.deidentifyContent(request);
        // Write out the response as a CSV file
        List<FieldId> outputHeaderFields = response.getItem().getTable().getHeadersList();
        List<Table.Row> outputRows = response.getItem().getTable().getRowsList();
        List<String> outputHeaders = outputHeaderFields.stream().map(FieldId::getName).collect(Collectors.toList());
        File outputFile = outputCsvPath.toFile();
        if (!outputFile.exists()) {
            outputFile.createNewFile();
        }
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(outputFile));
        // write out headers
        bufferedWriter.append(String.join(",", outputHeaders) + "\n");
        // write out each row
        for (Table.Row outputRow : outputRows) {
            String row = outputRow.getValuesList().stream().map(value -> value.getStringValue()).collect(Collectors.joining(","));
            bufferedWriter.append(row + "\n");
        }
        bufferedWriter.flush();
        bufferedWriter.close();
        System.out.println("Successfully saved date-shift output to: " + outputCsvPath.getFileName());
    } catch (Exception e) {
        System.out.println("Error in deidentifyWithDateShift: " + e.getMessage());
    }
}
Also used : Arrays(java.util.Arrays) Date(com.google.type.Date) CryptoKey(com.google.privacy.dlp.v2.CryptoKey) DefaultParser(org.apache.commons.cli.DefaultParser) Path(java.nio.file.Path) Value(com.google.privacy.dlp.v2.Value) DateShiftConfig(com.google.privacy.dlp.v2.DateShiftConfig) InfoTypeTransformation(com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation) FieldTransformation(com.google.privacy.dlp.v2.FieldTransformation) ContentItem(com.google.privacy.dlp.v2.ContentItem) Collectors(java.util.stream.Collectors) ByteString(com.google.protobuf.ByteString) ReidentifyContentRequest(com.google.privacy.dlp.v2.ReidentifyContentRequest) DateTimeParseException(java.time.format.DateTimeParseException) List(java.util.List) ParseException(org.apache.commons.cli.ParseException) LocalDate(java.time.LocalDate) RecordTransformations(com.google.privacy.dlp.v2.RecordTransformations) FfxCommonNativeAlphabet(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig.FfxCommonNativeAlphabet) CharacterMaskConfig(com.google.privacy.dlp.v2.CharacterMaskConfig) Options(org.apache.commons.cli.Options) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) PrimitiveTransformation(com.google.privacy.dlp.v2.PrimitiveTransformation) HelpFormatter(org.apache.commons.cli.HelpFormatter) ArrayList(java.util.ArrayList) CryptoReplaceFfxFpeConfig(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig) ServiceOptions(com.google.cloud.ServiceOptions) DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig) CommandLine(org.apache.commons.cli.CommandLine) FieldId(com.google.privacy.dlp.v2.FieldId) Option(org.apache.commons.cli.Option) DeidentifyContentResponse(com.google.privacy.dlp.v2.DeidentifyContentResponse) DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient) InfoTypeTransformations(com.google.privacy.dlp.v2.InfoTypeTransformations) BaseEncoding(com.google.common.io.BaseEncoding) CommandLineParser(org.apache.commons.cli.CommandLineParser) BufferedWriter(java.io.BufferedWriter) Table(com.google.privacy.dlp.v2.Table) FileWriter(java.io.FileWriter) ReidentifyContentResponse(com.google.privacy.dlp.v2.ReidentifyContentResponse) SurrogateType(com.google.privacy.dlp.v2.CustomInfoType.SurrogateType) InfoType(com.google.privacy.dlp.v2.InfoType) DeidentifyContentRequest(com.google.privacy.dlp.v2.DeidentifyContentRequest) File(java.io.File) InspectConfig(com.google.privacy.dlp.v2.InspectConfig) ProjectName(com.google.privacy.dlp.v2.ProjectName) Paths(java.nio.file.Paths) OptionGroup(org.apache.commons.cli.OptionGroup) BufferedReader(java.io.BufferedReader) FileReader(java.io.FileReader) CustomInfoType(com.google.privacy.dlp.v2.CustomInfoType) FileWriter(java.io.FileWriter) ArrayList(java.util.ArrayList) ByteString(com.google.protobuf.ByteString) BufferedWriter(java.io.BufferedWriter) DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig) FileReader(java.io.FileReader) FieldTransformation(com.google.privacy.dlp.v2.FieldTransformation) DeidentifyContentRequest(com.google.privacy.dlp.v2.DeidentifyContentRequest) Table(com.google.privacy.dlp.v2.Table) DateTimeParseException(java.time.format.DateTimeParseException) ParseException(org.apache.commons.cli.ParseException) DateShiftConfig(com.google.privacy.dlp.v2.DateShiftConfig) DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient) FieldId(com.google.privacy.dlp.v2.FieldId) BufferedReader(java.io.BufferedReader) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) File(java.io.File) ContentItem(com.google.privacy.dlp.v2.ContentItem) DeidentifyContentResponse(com.google.privacy.dlp.v2.DeidentifyContentResponse)

Example 2 with KmsWrappedCryptoKey

use of com.google.privacy.dlp.v2.KmsWrappedCryptoKey in project java-docs-samples by GoogleCloudPlatform.

the class DeIdentification method reIdentifyWithFpe.

// [END dlp_deidentify_fpe]
// [START dlp_reidentify_fpe]
/**
 * Reidentify a string by encrypting sensitive information while preserving format.
 *
 * @param string The string to reidentify.
 * @param alphabet The set of characters used when encrypting the input. For more information, see
 *     cloud.google.com/dlp/docs/reference/rest/v2/content/deidentify
 * @param keyName The name of the Cloud KMS key to use when decrypting the wrapped key.
 * @param wrappedKey The encrypted (or "wrapped") AES-256 encryption key.
 * @param projectId ID of Google Cloud project to run the API under.
 * @param surrogateType The name of the surrogate custom info type to used during the encryption
 *     process.
 */
private static void reIdentifyWithFpe(String string, FfxCommonNativeAlphabet alphabet, String keyName, String wrappedKey, String projectId, String surrogateType) {
    // instantiate a client
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
        ContentItem contentItem = ContentItem.newBuilder().setValue(string).build();
        InfoType surrogateTypeObject = InfoType.newBuilder().setName(surrogateType).build();
        // Create the format-preserving encryption (FPE) configuration
        KmsWrappedCryptoKey kmsWrappedCryptoKey = KmsWrappedCryptoKey.newBuilder().setWrappedKey(ByteString.copyFrom(BaseEncoding.base64().decode(wrappedKey))).setCryptoKeyName(keyName).build();
        CryptoKey cryptoKey = CryptoKey.newBuilder().setKmsWrapped(kmsWrappedCryptoKey).build();
        CryptoReplaceFfxFpeConfig cryptoReplaceFfxFpeConfig = CryptoReplaceFfxFpeConfig.newBuilder().setCryptoKey(cryptoKey).setCommonAlphabet(alphabet).setSurrogateInfoType(surrogateTypeObject).build();
        // Create the deidentification transformation configuration
        PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder().setCryptoReplaceFfxFpeConfig(cryptoReplaceFfxFpeConfig).build();
        InfoTypeTransformation infoTypeTransformationObject = InfoTypeTransformation.newBuilder().setPrimitiveTransformation(primitiveTransformation).addInfoTypes(surrogateTypeObject).build();
        InfoTypeTransformations infoTypeTransformationArray = InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformationObject).build();
        // Create the inspection config
        CustomInfoType customInfoType = CustomInfoType.newBuilder().setInfoType(surrogateTypeObject).setSurrogateType(SurrogateType.newBuilder().build()).build();
        InspectConfig inspectConfig = InspectConfig.newBuilder().addCustomInfoTypes(customInfoType).build();
        // Create the reidentification request object
        DeidentifyConfig reidentifyConfig = DeidentifyConfig.newBuilder().setInfoTypeTransformations(infoTypeTransformationArray).build();
        ReidentifyContentRequest request = ReidentifyContentRequest.newBuilder().setParent(ProjectName.of(projectId).toString()).setReidentifyConfig(reidentifyConfig).setInspectConfig(inspectConfig).setItem(contentItem).build();
        // Execute the deidentification request
        ReidentifyContentResponse response = dlpServiceClient.reidentifyContent(request);
        // Print the reidentified input value
        // e.g. "My SSN is 7261298621" --> "My SSN is 123456789"
        String result = response.getItem().getValue();
        System.out.println(result);
    } catch (Exception e) {
        System.out.println("Error in reidentifyWithFpe: " + e.getMessage());
    }
}
Also used : InfoTypeTransformations(com.google.privacy.dlp.v2.InfoTypeTransformations) ReidentifyContentRequest(com.google.privacy.dlp.v2.ReidentifyContentRequest) PrimitiveTransformation(com.google.privacy.dlp.v2.PrimitiveTransformation) CryptoKey(com.google.privacy.dlp.v2.CryptoKey) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) ByteString(com.google.protobuf.ByteString) ReidentifyContentResponse(com.google.privacy.dlp.v2.ReidentifyContentResponse) InspectConfig(com.google.privacy.dlp.v2.InspectConfig) DateTimeParseException(java.time.format.DateTimeParseException) ParseException(org.apache.commons.cli.ParseException) CustomInfoType(com.google.privacy.dlp.v2.CustomInfoType) CryptoReplaceFfxFpeConfig(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig) DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient) DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) InfoTypeTransformation(com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation) InfoType(com.google.privacy.dlp.v2.InfoType) CustomInfoType(com.google.privacy.dlp.v2.CustomInfoType) ContentItem(com.google.privacy.dlp.v2.ContentItem)

Example 3 with KmsWrappedCryptoKey

use of com.google.privacy.dlp.v2.KmsWrappedCryptoKey in project java-docs-samples by GoogleCloudPlatform.

the class DeIdentification method deIdentifyWithFpe.

// [END dlp_deidentify_mask]
// [START dlp_deidentify_fpe]
/**
 * Deidentify a string by encrypting sensitive information while preserving format.
 *
 * @param string The string to deidentify.
 * @param alphabet The set of characters to use when encrypting the input. For more information,
 *     see cloud.google.com/dlp/docs/reference/rest/v2/content/deidentify
 * @param keyName The name of the Cloud KMS key to use when decrypting the wrapped key.
 * @param wrappedKey The encrypted (or "wrapped") AES-256 encryption key.
 * @param projectId ID of Google Cloud project to run the API under.
 */
private static void deIdentifyWithFpe(String string, FfxCommonNativeAlphabet alphabet, String keyName, String wrappedKey, String projectId, String surrogateType) {
    // instantiate a client
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
        ContentItem contentItem = ContentItem.newBuilder().setValue(string).build();
        // Create the format-preserving encryption (FPE) configuration
        KmsWrappedCryptoKey kmsWrappedCryptoKey = KmsWrappedCryptoKey.newBuilder().setWrappedKey(ByteString.copyFrom(BaseEncoding.base64().decode(wrappedKey))).setCryptoKeyName(keyName).build();
        CryptoKey cryptoKey = CryptoKey.newBuilder().setKmsWrapped(kmsWrappedCryptoKey).build();
        CryptoReplaceFfxFpeConfig cryptoReplaceFfxFpeConfig = CryptoReplaceFfxFpeConfig.newBuilder().setCryptoKey(cryptoKey).setCommonAlphabet(alphabet).setSurrogateInfoType(InfoType.newBuilder().setName(surrogateType).build()).build();
        // Create the deidentification transformation configuration
        PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder().setCryptoReplaceFfxFpeConfig(cryptoReplaceFfxFpeConfig).build();
        InfoTypeTransformation infoTypeTransformationObject = InfoTypeTransformation.newBuilder().setPrimitiveTransformation(primitiveTransformation).build();
        InfoTypeTransformations infoTypeTransformationArray = InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformationObject).build();
        // Create the deidentification request object
        DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder().setInfoTypeTransformations(infoTypeTransformationArray).build();
        DeidentifyContentRequest request = DeidentifyContentRequest.newBuilder().setParent(ProjectName.of(projectId).toString()).setDeidentifyConfig(deidentifyConfig).setItem(contentItem).build();
        // Execute the deidentification request
        DeidentifyContentResponse response = dlpServiceClient.deidentifyContent(request);
        // Print the deidentified input value
        // e.g. "My SSN is 123456789" --> "My SSN is 7261298621"
        String result = response.getItem().getValue();
        System.out.println(result);
    } catch (Exception e) {
        System.out.println("Error in deidentifyWithFpe: " + e.getMessage());
    }
}
Also used : InfoTypeTransformations(com.google.privacy.dlp.v2.InfoTypeTransformations) DeidentifyContentRequest(com.google.privacy.dlp.v2.DeidentifyContentRequest) PrimitiveTransformation(com.google.privacy.dlp.v2.PrimitiveTransformation) CryptoKey(com.google.privacy.dlp.v2.CryptoKey) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) ByteString(com.google.protobuf.ByteString) DateTimeParseException(java.time.format.DateTimeParseException) ParseException(org.apache.commons.cli.ParseException) CryptoReplaceFfxFpeConfig(com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig) DlpServiceClient(com.google.cloud.dlp.v2.DlpServiceClient) DeidentifyConfig(com.google.privacy.dlp.v2.DeidentifyConfig) KmsWrappedCryptoKey(com.google.privacy.dlp.v2.KmsWrappedCryptoKey) InfoTypeTransformation(com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation) ContentItem(com.google.privacy.dlp.v2.ContentItem) DeidentifyContentResponse(com.google.privacy.dlp.v2.DeidentifyContentResponse)

Aggregations

DlpServiceClient (com.google.cloud.dlp.v2.DlpServiceClient)3 ContentItem (com.google.privacy.dlp.v2.ContentItem)3 CryptoKey (com.google.privacy.dlp.v2.CryptoKey)3 CryptoReplaceFfxFpeConfig (com.google.privacy.dlp.v2.CryptoReplaceFfxFpeConfig)3 DeidentifyConfig (com.google.privacy.dlp.v2.DeidentifyConfig)3 InfoTypeTransformations (com.google.privacy.dlp.v2.InfoTypeTransformations)3 InfoTypeTransformation (com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation)3 KmsWrappedCryptoKey (com.google.privacy.dlp.v2.KmsWrappedCryptoKey)3 PrimitiveTransformation (com.google.privacy.dlp.v2.PrimitiveTransformation)3 ByteString (com.google.protobuf.ByteString)3 DateTimeParseException (java.time.format.DateTimeParseException)3 CustomInfoType (com.google.privacy.dlp.v2.CustomInfoType)2 DeidentifyContentRequest (com.google.privacy.dlp.v2.DeidentifyContentRequest)2 DeidentifyContentResponse (com.google.privacy.dlp.v2.DeidentifyContentResponse)2 InfoType (com.google.privacy.dlp.v2.InfoType)2 InspectConfig (com.google.privacy.dlp.v2.InspectConfig)2 ReidentifyContentRequest (com.google.privacy.dlp.v2.ReidentifyContentRequest)2 ReidentifyContentResponse (com.google.privacy.dlp.v2.ReidentifyContentResponse)2 ParseException (org.apache.commons.cli.ParseException)2 ServiceOptions (com.google.cloud.ServiceOptions)1