public class StandardEncryptionManager extends java.lang.Object implements EncryptionManager
Constructor and Description |
---|
StandardEncryptionManager(java.lang.String tableKeyId,
int dataKeyLength,
org.apache.iceberg.encryption.KeyManagementClient kmsClient) |
Modifier and Type | Method and Description |
---|---|
NativeEncryptionInputFile |
decrypt(EncryptedInputFile encrypted)
Given an
EncryptedInputFile.encryptedInputFile() representing the raw encrypted bytes
from the underlying file system, and given metadata about how the file was encrypted via EncryptedInputFile.keyMetadata() , return an InputFile that returns decrypted input
streams. |
java.lang.Iterable<InputFile> |
decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
Variant of
EncryptionManager.decrypt(EncryptedInputFile) that provides a sequence of files that all need
to be decrypted in a single context. |
NativeEncryptionOutputFile |
encrypt(OutputFile plainOutput)
Given a handle on an
OutputFile that writes raw bytes to the underlying file system,
return a bundle of an EncryptedOutputFile.encryptingOutputFile() that writes encrypted
bytes to the underlying file system, and the EncryptedOutputFile.keyMetadata() that
points to the encryption key that is being used to encrypt this file. |
java.nio.ByteBuffer |
unwrapKey(java.nio.ByteBuffer wrappedSecretKey) |
java.nio.ByteBuffer |
wrapKey(java.nio.ByteBuffer secretKey) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
encrypt
public StandardEncryptionManager(java.lang.String tableKeyId, int dataKeyLength, org.apache.iceberg.encryption.KeyManagementClient kmsClient)
tableKeyId
- table encryption key iddataKeyLength
- length of data encryption key (16/24/32 bytes)kmsClient
- Client of KMS used to wrap/unwrap keys in envelope encryptionpublic NativeEncryptionOutputFile encrypt(OutputFile plainOutput)
EncryptionManager
OutputFile
that writes raw bytes to the underlying file system,
return a bundle of an EncryptedOutputFile.encryptingOutputFile()
that writes encrypted
bytes to the underlying file system, and the EncryptedOutputFile.keyMetadata()
that
points to the encryption key that is being used to encrypt this file.encrypt
in interface EncryptionManager
public NativeEncryptionInputFile decrypt(EncryptedInputFile encrypted)
EncryptionManager
EncryptedInputFile.encryptedInputFile()
representing the raw encrypted bytes
from the underlying file system, and given metadata about how the file was encrypted via EncryptedInputFile.keyMetadata()
, return an InputFile
that returns decrypted input
streams.decrypt
in interface EncryptionManager
public java.lang.Iterable<InputFile> decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
EncryptionManager
EncryptionManager.decrypt(EncryptedInputFile)
that provides a sequence of files that all need
to be decrypted in a single context.
By default this calls the single-file decryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
decrypt
in interface EncryptionManager
public java.nio.ByteBuffer wrapKey(java.nio.ByteBuffer secretKey)
public java.nio.ByteBuffer unwrapKey(java.nio.ByteBuffer wrappedSecretKey)