public static interface KeyProviderCryptoExtension.CryptoExtension extends KeyProviderExtension.Extension
Modifier and Type | Method and Description |
---|---|
KeyProvider.KeyVersion |
decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
Decrypts an encrypted byte[] key material using the given key version
name and initialization vector.
|
void |
drain(String keyName)
Drains the Queue for the provided key.
|
KeyProviderCryptoExtension.EncryptedKeyVersion |
generateEncryptedKey(String encryptionKeyName)
Generates a key material and encrypts it using the given key name.
|
KeyProviderCryptoExtension.EncryptedKeyVersion |
reencryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion ekv)
Re-encrypts an encrypted key version, using its initialization vector
and key material, but with the latest key version name of its key name
in the key provider.
|
void |
reencryptEncryptedKeys(List<KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs)
Batched version of
KeyProviderCryptoExtension.reencryptEncryptedKey(EncryptedKeyVersion) . |
void |
warmUpEncryptedKeys(String... keyNames)
Calls to this method allows the underlying KeyProvider to warm-up any
implementation specific caches used to store the Encrypted Keys.
|
void warmUpEncryptedKeys(String... keyNames) throws IOException
keyNames
- Array of Key NamesIOException
void drain(String keyName)
keyName
- the key to drain the Queue forKeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException
KeyVersion
material of the latest key version
of the key and is encrypted using the same cipher.
NOTE: The generated key is not stored by the KeyProvider
encryptionKeyName
- The latest KeyVersion of this key's material will be encrypted.IOException
- thrown if the key material could not be generatedGeneralSecurityException
- thrown if the key material could not be encrypted because of a
cryptographic issue.KeyProvider.KeyVersion decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException
encryptedKeyVersion
- contains keyVersionName and IV to decrypt the encrypted key
materialIOException
- thrown if the key material could not be decryptedGeneralSecurityException
- thrown if the key material could not be decrypted because of a
cryptographic issue.KeyProviderCryptoExtension.EncryptedKeyVersion reencryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion ekv) throws IOException, GeneralSecurityException
If the latest key version name in the provider is the same as the one encrypted the passed-in encrypted key version, the same encrypted key version is returned.
NOTE: The generated key is not stored by the KeyProvider
ekv
- The EncryptedKeyVersion containing keyVersionName and IV.IOException
- If the key material could not be re-encrypted.GeneralSecurityException
- If the key material could not be
re-encrypted because of a cryptographic issue.void reencryptEncryptedKeys(List<KeyProviderCryptoExtension.EncryptedKeyVersion> ekvs) throws IOException, GeneralSecurityException
KeyProviderCryptoExtension.reencryptEncryptedKey(EncryptedKeyVersion)
.
For each encrypted key version, re-encrypts an encrypted key version, using its initialization vector and key material, but with the latest key version name of its key name. If the latest key version name in the provider is the same as the one encrypted the passed-in encrypted key version, the same encrypted key version is returned.
NOTE: The generated key is not stored by the KeyProvider
ekvs
- List containing the EncryptedKeyVersion'sIOException
- If any EncryptedKeyVersion could not be re-encryptedGeneralSecurityException
- If any EncryptedKeyVersion could not be
re-encrypted because of a cryptographic issue.Copyright © 2008–2021 Apache Software Foundation. All rights reserved.