Package org.apache.iceberg.encryption
Class StandardEncryptionManager
- java.lang.Object
-
- org.apache.iceberg.encryption.StandardEncryptionManager
-
- All Implemented Interfaces:
java.io.Serializable,EncryptionManager
public class StandardEncryptionManager extends java.lang.Object implements EncryptionManager
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description StandardEncryptionManager(java.lang.String tableKeyId, int dataKeyLength, org.apache.iceberg.encryption.KeyManagementClient kmsClient)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Iterable<InputFile>decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)Variant ofEncryptionManager.decrypt(EncryptedInputFile)that provides a sequence of files that all need to be decrypted in a single context.NativeEncryptionInputFiledecrypt(EncryptedInputFile encrypted)Given anEncryptedInputFile.encryptedInputFile()representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata(), return anInputFilethat returns decrypted input streams.NativeEncryptionOutputFileencrypt(OutputFile plainOutput)Given a handle on anOutputFilethat writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()that points to the encryption key that is being used to encrypt this file.java.nio.ByteBufferunwrapKey(java.nio.ByteBuffer wrappedSecretKey)java.nio.ByteBufferwrapKey(java.nio.ByteBuffer secretKey)-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.iceberg.encryption.EncryptionManager
encrypt
-
-
-
-
Constructor Detail
-
StandardEncryptionManager
public StandardEncryptionManager(java.lang.String tableKeyId, int dataKeyLength, org.apache.iceberg.encryption.KeyManagementClient kmsClient)- Parameters:
tableKeyId- table encryption key iddataKeyLength- length of data encryption key (16/24/32 bytes)kmsClient- Client of KMS used to wrap/unwrap keys in envelope encryption
-
-
Method Detail
-
encrypt
public NativeEncryptionOutputFile encrypt(OutputFile plainOutput)
Description copied from interface:EncryptionManagerGiven a handle on anOutputFilethat writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()that points to the encryption key that is being used to encrypt this file.- Specified by:
encryptin interfaceEncryptionManager
-
decrypt
public NativeEncryptionInputFile decrypt(EncryptedInputFile encrypted)
Description copied from interface:EncryptionManagerGiven anEncryptedInputFile.encryptedInputFile()representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata(), return anInputFilethat returns decrypted input streams.- Specified by:
decryptin interfaceEncryptionManager
-
decrypt
public java.lang.Iterable<InputFile> decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
Description copied from interface:EncryptionManagerVariant ofEncryptionManager.decrypt(EncryptedInputFile)that provides a sequence of files that all need to be decrypted in a single context.By default this calls the single-file decryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
- Specified by:
decryptin interfaceEncryptionManager
-
wrapKey
public java.nio.ByteBuffer wrapKey(java.nio.ByteBuffer secretKey)
-
unwrapKey
public java.nio.ByteBuffer unwrapKey(java.nio.ByteBuffer wrappedSecretKey)
-
-