zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-14 08:27:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update KMS method signatures to standardize on KeyringException

Browse source 
It came up during the review of [] that it doesn't make a lot of sense
for encrypt() and decrypt() to not throw the same kinds of Exceptions,
especially not for the same kind of problem, just because one happens to use a
Retrier in its internal implementation and the other doesn't.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=201054057
This commit is contained in:
mcilwain 2018-06-18 14:01:37 -07:00 committed by Ben McIlwain
parent f971583dc0
commit a7256f5edd
4 changed files with 24 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

14
java/google/registry/keyring/kms/KmsConnection.java
View file

@ -14,7 +14,7 @@
package google.registry.keyring.kms; package google.registry.keyring.kms;
import java.io.IOException; import google.registry.keyring.api.KeyringException;
/** An abstraction to simplify Cloud KMS operations. */ /** An abstraction to simplify Cloud KMS operations. */
interface KmsConnection { interface KmsConnection {
@ -34,9 +34,15 @@ interface KmsConnection {
* {@code MAX_SECRET_SIZE_BYTES}. * {@code MAX_SECRET_SIZE_BYTES}.
* *
* <p>If no applicable CryptoKey or CryptoKeyVersion exist, they will be created. * <p>If no applicable CryptoKey or CryptoKeyVersion exist, they will be created.
*
* @throws KeyringException on encryption failure.
*/ */
EncryptResponse encrypt(String cryptoKeyName, byte[] plaintext) throws IOException; EncryptResponse encrypt(String cryptoKeyName, byte[] plaintext);
/** Decrypts a Cloud KMS encrypted and encoded value with CryptoKey {@code cryptoKeyName}. */ /**
byte[] decrypt(String cryptoKeyName, String encodedCiphertext) throws IOException; * Decrypts a Cloud KMS encrypted and encoded value with CryptoKey {@code cryptoKeyName}.
*
* @throws KeyringException on decryption failure.
*/
byte[] decrypt(String cryptoKeyName, String encodedCiphertext);
} }

13
java/google/registry/keyring/kms/KmsConnectionImpl.java
View file

@ -57,11 +57,20 @@ class KmsConnectionImpl implements KmsConnection {
} }
@Override @Override
public EncryptResponse encrypt(String cryptoKeyName, byte[] value) throws IOException { public EncryptResponse encrypt(String cryptoKeyName, byte[] value) {
checkArgument( checkArgument(
value.length <= MAX_SECRET_SIZE_BYTES, value.length <= MAX_SECRET_SIZE_BYTES,
"Value to encrypt was larger than %s bytes", "Value to encrypt was larger than %s bytes",
MAX_SECRET_SIZE_BYTES); MAX_SECRET_SIZE_BYTES);
try {
return attemptEncrypt(cryptoKeyName, value);
} catch (IOException e) {
throw new KeyringException(
String.format("CloudKMS encrypt operation failed for secret %s", cryptoKeyName), e);
}
}
private EncryptResponse attemptEncrypt(String cryptoKeyName, byte[] value) throws IOException {
String fullKeyRingName = getKeyRingName(projectId, kmsKeyRingName); String fullKeyRingName = getKeyRingName(projectId, kmsKeyRingName);
try { try {
kms.projects().locations().keyRings().get(fullKeyRingName).execute(); kms.projects().locations().keyRings().get(fullKeyRingName).execute();
@ -143,7 +152,7 @@ class KmsConnectionImpl implements KmsConnection {
} }
} }
private byte[] attemptDecrypt(String cryptoKeyName, String encodedCiphertext) throws IOException{ private byte[] attemptDecrypt(String cryptoKeyName, String encodedCiphertext) throws IOException {
return kms.projects() return kms.projects()
.locations() .locations()
.keyRings() .keyRings()

2
java/google/registry/keyring/kms/KmsKeyring.java
View file

@ -192,7 +192,7 @@ public class KmsKeyring implements Keyring {
try { try {
return kmsConnection.decrypt(secret.getName(), encryptedData); return kmsConnection.decrypt(secret.getName(), encryptedData);
} catch (IOException e) { } catch (Exception e) {
throw new KeyringException( throw new KeyringException(
String.format("CloudKMS decrypt operation failed for secret %s", keyName), e); String.format("CloudKMS decrypt operation failed for secret %s", keyName), e);
} }

5
javatests/google/registry/keyring/kms/FakeKmsConnection.java
View file

@ -15,7 +15,6 @@
package google.registry.keyring.kms; package google.registry.keyring.kms;
import com.google.common.io.BaseEncoding; import com.google.common.io.BaseEncoding;
import java.io.IOException;
import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Arrays;
class FakeKmsConnection implements KmsConnection { class FakeKmsConnection implements KmsConnection {
@ -29,7 +28,7 @@ class FakeKmsConnection implements KmsConnection {
* and the name of the cryptoKeyVersion is {@code cryptoKeyName + "/foo"}. * and the name of the cryptoKeyVersion is {@code cryptoKeyName + "/foo"}.
*/ */
@Override @Override
public EncryptResponse encrypt(String cryptoKeyName, byte[] plaintext) throws IOException { public EncryptResponse encrypt(String cryptoKeyName, byte[] plaintext) {
return EncryptResponse.create( return EncryptResponse.create(
BaseEncoding.base64().encode(Arrays.reverse(plaintext)), cryptoKeyName + "/foo"); BaseEncoding.base64().encode(Arrays.reverse(plaintext)), cryptoKeyName + "/foo");
} }
@ -40,7 +39,7 @@ class FakeKmsConnection implements KmsConnection {
* <p>The plaintext is the encodedCiphertext base64-decoded and then reversed. * <p>The plaintext is the encodedCiphertext base64-decoded and then reversed.
*/ */
@Override @Override
public byte[] decrypt(String cryptoKeyName, String encodedCiphertext) throws IOException { public byte[] decrypt(String cryptoKeyName, String encodedCiphertext) {
return Arrays.reverse(BaseEncoding.base64().decode(encodedCiphertext)); return Arrays.reverse(BaseEncoding.base64().decode(encodedCiphertext));
} }
} }