org.apache.nifi.security.kms

Class KeyProviderFactory

java.lang.Object

org.apache.nifi.security.kms.KeyProviderFactory

public class KeyProviderFactory
extends Object

Factory class to build KeyProvider instances. Currently supports StaticKeyProvider and FileBasedKeyProvider.

Field Summary

Fields

Modifier and Type	Field and Description
private static org.slf4j.Logger	logger

Constructor Summary

Constructors

Constructor and Description
KeyProviderFactory()

Method Summary

Modifier and Type	Method and Description
static KeyProvider	buildKeyProvider(RepositoryEncryptionConfiguration rec, SecretKey rootKey) Returns a key provider instantiated from the configuration values in a RepositoryEncryptionConfiguration object.
static KeyProvider	buildKeyProvider(String implementationClassName, String keyProviderLocation, String keyId, Map<String,String> encryptionKeys, SecretKey rootKey) Returns a key provider instantiated from the configuration values in a RepositoryEncryptionConfiguration object.
static boolean	requiresRootKey(String implementationClassName) Returns true if this KeyProvider implementation requires the presence of the root key in order to decrypt the available data encryption keys.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

Constructor Detail

KeyProviderFactory

public KeyProviderFactory()

Method Detail

buildKeyProvider

public static KeyProvider buildKeyProvider(RepositoryEncryptionConfiguration rec,
                                           SecretKey rootKey)
                                    throws KeyManagementException

Returns a key provider instantiated from the configuration values in a RepositoryEncryptionConfiguration object.

Parameters:

rec - the data container for config values (usually extracted from NiFiProperties)

rootKey - the root key used to decrypt wrapped keys

Returns:

the configured key provider

Throws:

KeyManagementException - if the key provider cannot be instantiated

buildKeyProvider

public static KeyProvider buildKeyProvider(String implementationClassName,
                                           String keyProviderLocation,
                                           String keyId,
                                           Map<String,String> encryptionKeys,
                                           SecretKey rootKey)
                                    throws KeyManagementException

Returns a key provider instantiated from the configuration values in a RepositoryEncryptionConfiguration object.

Parameters:

implementationClassName - the key provider class name

keyProviderLocation - the filepath/URL of the stored keys

keyId - the active key id

encryptionKeys - the available encryption keys

rootKey - the root key used to decrypt wrapped keys

Returns:

the configured key provider

Throws:

KeyManagementException - if the key provider cannot be instantiated

requiresRootKey

public static boolean requiresRootKey(String implementationClassName)
                               throws KeyManagementException

Returns true if this KeyProvider implementation requires the presence of the root key in order to decrypt the available data encryption keys.

Parameters:

implementationClassName - the key provider implementation class

Returns:

true if this implementation requires the root key to operate

Throws:

KeyManagementException - if the provided class name is not a valid key provider implementation