/******************************************************************** * 2014 - * open source under Apache License Version 2.0 ********************************************************************/ /** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef _HDFS_LIBHDFS3_CLIENT_KMSCLIENTPROVIDER_H_ #define _HDFS_LIBHDFS3_CLIENT_KMSCLIENTPROVIDER_H_ #include #include #include "openssl/conf.h" #include "openssl/evp.h" #include "openssl/err.h" #include "FileEncryptionInfo.h" #include "HttpClient.h" #include #include "common/SessionConfig.h" #include "rpc/RpcAuth.h" #include "common/Memory.h" #include using boost::property_tree::ptree; using namespace Hdfs::Internal; namespace Hdfs { class KmsClientProvider { public: /** * Construct a KmsClientProvider instance. * @param auth RpcAuth to get the auth method and user info. * @param conf a SessionConfig to get the configuration. */ KmsClientProvider(shared_ptr auth, shared_ptr conf); /** * Destroy a KmsClientProvider instance. */ virtual ~KmsClientProvider() { } /** * Set HttpClient object. */ void setHttpClient(shared_ptr hc); /** * Create an encryption key from kms. * @param keyName the name of this key. * @param cipher the ciphertext of this key. e.g. "AES/CTR/NoPadding" . * @param length the length of this key. * @param material will be encode to base64. * @param description key's info. */ virtual void createKey(const std::string &keyName, const std::string &cipher, const int length, const std::string &material, const std::string &description); /** * Get key metadata based on encrypted file's key name. * @param encryptionInfo the encryption info of file. * @return return response info about key metadata from kms server. */ virtual ptree getKeyMetadata(const FileEncryptionInfo &encryptionInfo); /** * Delete an encryption key from kms. * @param encryptionInfo the encryption info of file. */ virtual void deleteKey(const FileEncryptionInfo &encryptionInfo); /** * Decrypt an encrypted key from kms. * @param encryptionInfo the encryption info of file. * @return return decrypted key. */ virtual ptree decryptEncryptedKey(const FileEncryptionInfo &encryptionInfo); /** * Encode string to base64. */ static std::string base64Encode(const std::string &data); /** * Decode base64 to string. */ static std::string base64Decode(const std::string &data); private: /** * Convert ptree format to json format. */ static std::string toJson(const ptree &data); /** * Convert json format to ptree format. */ static ptree fromJson(const std::string &data); /** * Parse kms url from configure file. */ std::string parseKmsUrl(); /** * Build kms url based on urlSuffix and different auth method. */ std::string buildKmsUrl(const std::string &url, const std::string &urlSuffix); /** * Set common headers for kms API. */ void setCommonHeaders(std::vector& headers); shared_ptr hc; std::string url; shared_ptr auth; AuthMethod method; shared_ptr conf; }; } #endif