All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.nifi.properties.GcpKmsSensitivePropertyProvider Maven / Gradle / Ivy

There is a newer version: 2.0.0-M3
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.nifi.properties;

import com.google.api.gax.rpc.ApiException;
import com.google.cloud.kms.v1.CryptoKey;
import com.google.cloud.kms.v1.CryptoKeyName;
import com.google.cloud.kms.v1.CryptoKeyVersion;
import com.google.cloud.kms.v1.DecryptResponse;
import com.google.cloud.kms.v1.EncryptResponse;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.protobuf.ByteString;
import org.apache.commons.lang3.StringUtils;

import java.util.Properties;

/**
 * Google Cloud Platform Key Management Service Sensitive Property Provider
 */
public class GcpKmsSensitivePropertyProvider extends ClientBasedEncodedSensitivePropertyProvider {
    protected static final String PROJECT_PROPERTY = "gcp.kms.project";
    protected static final String LOCATION_PROPERTY = "gcp.kms.location";
    protected static final String KEYRING_PROPERTY = "gcp.kms.keyring";
    protected static final String KEY_PROPERTY = "gcp.kms.key";

    private static final String SCHEME_BASE_PATH = "gcp/kms";

    private CryptoKeyName cryptoKeyName;

    GcpKmsSensitivePropertyProvider(final KeyManagementServiceClient keyManagementServiceClient, final Properties properties) {
        super(keyManagementServiceClient, properties);
    }

    @Override
    public String getIdentifierKey() {
        return SCHEME_BASE_PATH;
    }

    /**
     * Close Client when configured
     */
    @Override
    public void cleanUp() {
        final KeyManagementServiceClient keyManagementServiceClient = getClient();
        if (keyManagementServiceClient == null) {
            logger.debug("GCP KMS Client not configured");
        } else {
            keyManagementServiceClient.close();
        }
    }

    /**
     * Validate Client and Key Operations with Encryption Algorithm when configured
     *
     * @param keyManagementServiceClient Key Management Service Client
     */
    @Override
    protected void validate(final KeyManagementServiceClient keyManagementServiceClient) {
        if (keyManagementServiceClient == null) {
            logger.debug("GCP KMS Client not configured");
        } else {
            final String project = getProperties().getProperty(PROJECT_PROPERTY);
            final String location = getProperties().getProperty(LOCATION_PROPERTY);
            final String keyring = getProperties().getProperty(KEYRING_PROPERTY);
            final String key = getProperties().getProperty(KEY_PROPERTY);
            if (StringUtils.isNoneBlank(project, location, keyring, key)) {
                cryptoKeyName = CryptoKeyName.of(project, location, keyring, key);
                try {
                    final CryptoKey cryptoKey = keyManagementServiceClient.getCryptoKey(cryptoKeyName);
                    final CryptoKeyVersion cryptoKeyVersion = cryptoKey.getPrimary();
                    if (CryptoKeyVersion.CryptoKeyVersionState.ENABLED == cryptoKeyVersion.getState()) {
                        logger.info("GCP KMS Crypto Key [{}] Validated", cryptoKeyName);
                    } else {
                        throw new SensitivePropertyProtectionException(String.format("GCP KMS Crypto Key [%s] Disabled", cryptoKeyName));
                    }
                } catch (final ApiException e) {
                    throw new SensitivePropertyProtectionException(String.format("GCP KMS Crypto Key [%s] Validation Failed", cryptoKeyName), e);
                }
            } else {
                throw new SensitivePropertyProtectionException("GCP KMS Missing Required Properties");
            }
        }
    }

    /**
     * Get encrypted bytes
     *
     * @param bytes Unprotected bytes
     * @return Encrypted bytes
     */
    @Override
    protected byte[] getEncrypted(final byte[] bytes) {
        final EncryptResponse encryptResponse = getClient().encrypt(cryptoKeyName, ByteString.copyFrom(bytes));
        return encryptResponse.getCiphertext().toByteArray();
    }

    /**
     * Get decrypted bytes
     *
     * @param bytes Encrypted bytes
     * @return Decrypted bytes
     */
    @Override
    protected byte[] getDecrypted(final byte[] bytes) {
        final DecryptResponse decryptResponse = getClient().decrypt(cryptoKeyName, ByteString.copyFrom(bytes));
        return decryptResponse.getPlaintext().toByteArray();
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy