Back to home page

EIC code displayed by LXR
 
 

    

File indexing completed on 2026-04-17 08:28:53 

0001 // Licensed to the Apache Software Foundation (ASF) under one
0002 // or more contributor license agreements.  See the NOTICE file
0003 // distributed with this work for additional information
0004 // regarding copyright ownership.  The ASF licenses this file
0005 // to you under the Apache License, Version 2.0 (the
0006 // "License"); you may not use this file except in compliance
0007 // with the License.  You may obtain a copy of the License at
0008 //
0009 //   http://www.apache.org/licenses/LICENSE-2.0
0010 //
0011 // Unless required by applicable law or agreed to in writing,
0012 // software distributed under the License is distributed on an
0013 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
0014 // KIND, either express or implied.  See the License for the
0015 // specific language governing permissions and limitations
0016 // under the License.
0017 
0018 #pragma once
0019 
0020 #include <string>
0021 
0022 #include "parquet/platform.h"
0023 
0024 namespace arrow {
0025 namespace json {
0026 namespace internal {
0027 class ObjectParser;
0028 }  // namespace internal
0029 }  // namespace json
0030 }  // namespace arrow
0031 
0032 namespace parquet::encryption {
0033 
0034 // KeyMaterial class represents the "key material", keeping the information that allows
0035 // readers to recover an encryption key (see description of the KeyMetadata class). The
0036 // keytools package (PARQUET-1373) implements the "envelope encryption" pattern, in a
0037 // "single wrapping" or "double wrapping" mode. In the single wrapping mode, the key
0038 // material is generated by encrypting the "data encryption key" (DEK) by a "master key".
0039 // In the double wrapping mode, the key material is generated by encrypting the DEK by a
0040 // "key encryption key" (KEK), that in turn is encrypted by a "master key".
0041 //
0042 // Key material is kept in a flat json object, with the following fields:
0043 // 1. "keyMaterialType" - a String, with the type of  key material. In the current
0044 // version, only one value is allowed - "PKMT1" (stands
0045 //     for "parquet key management tools, version 1"). For external key material storage,
0046 //     this field is written in both "key metadata" and "key material" jsons. For internal
0047 //     key material storage, this field is written only once in the common json.
0048 // 2. "isFooterKey" - a boolean. If true, means that the material belongs to a file footer
0049 // key, and keeps additional information (such as
0050 //     KMS instance ID and URL). If false, means that the material belongs to a column
0051 //     key.
0052 // 3. "kmsInstanceID" - a String, with the KMS Instance ID. Written only in footer key
0053 // material.
0054 // 4. "kmsInstanceURL" - a String, with the KMS Instance URL. Written only in footer key
0055 // material.
0056 // 5. "masterKeyID" - a String, with the ID of the master key used to generate the
0057 // material.
0058 // 6. "wrappedDEK" - a String, with the wrapped DEK (base64 encoding).
0059 // 7. "doubleWrapping" - a boolean. If true, means that the material was generated in
0060 // double wrapping mode.
0061 //     If false - in single wrapping mode.
0062 // 8. "keyEncryptionKeyID" - a String, with the ID of the KEK used to generate the
0063 // material. Written only in double wrapping mode.
0064 // 9. "wrappedKEK" - a String, with the wrapped KEK (base64 encoding). Written only in
0065 // double wrapping mode.
0066 class PARQUET_EXPORT KeyMaterial {
0067  public:
0068   // these fields are defined in a specification and should never be changed
0069   static constexpr const char kKeyMaterialTypeField[] = "keyMaterialType";
0070   static constexpr const char kKeyMaterialType1[] = "PKMT1";
0071 
0072   static constexpr const char kFooterKeyIdInFile[] = "footerKey";
0073   static constexpr const char kColumnKeyIdInFilePrefix[] = "columnKey";
0074 
0075   static constexpr const char kIsFooterKeyField[] = "isFooterKey";
0076   static constexpr const char kDoubleWrappingField[] = "doubleWrapping";
0077   static constexpr const char kKmsInstanceIdField[] = "kmsInstanceID";
0078   static constexpr const char kKmsInstanceUrlField[] = "kmsInstanceURL";
0079   static constexpr const char kMasterKeyIdField[] = "masterKeyID";
0080   static constexpr const char kWrappedDataEncryptionKeyField[] = "wrappedDEK";
0081   static constexpr const char kKeyEncryptionKeyIdField[] = "keyEncryptionKeyID";
0082   static constexpr const char kWrappedKeyEncryptionKeyField[] = "wrappedKEK";
0083 
0084  public:
0085   KeyMaterial() = default;
0086 
0087   static KeyMaterial Parse(const std::string& key_material_string);
0088 
0089   static KeyMaterial Parse(
0090       const ::arrow::json::internal::ObjectParser* key_material_json);
0091 
0092   /// This method returns a json string that will be stored either inside a parquet file
0093   /// or in a key material store outside the parquet file.
0094   static std::string SerializeToJson(bool is_footer_key,
0095                                      const std::string& kms_instance_id,
0096                                      const std::string& kms_instance_url,
0097                                      const std::string& master_key_id,
0098                                      bool is_double_wrapped, const std::string& kek_id,
0099                                      const std::string& encoded_wrapped_kek,
0100                                      const std::string& encoded_wrapped_dek,
0101                                      bool is_internal_storage);
0102 
0103   bool is_footer_key() const { return is_footer_key_; }
0104   bool is_double_wrapped() const { return is_double_wrapped_; }
0105   const std::string& master_key_id() const { return master_key_id_; }
0106   const std::string& wrapped_dek() const { return encoded_wrapped_dek_; }
0107   const std::string& kek_id() const { return kek_id_; }
0108   const std::string& wrapped_kek() const { return encoded_wrapped_kek_; }
0109   const std::string& kms_instance_id() const { return kms_instance_id_; }
0110   const std::string& kms_instance_url() const { return kms_instance_url_; }
0111 
0112  private:
0113   KeyMaterial(bool is_footer_key, const std::string& kms_instance_id,
0114               const std::string& kms_instance_url, const std::string& master_key_id,
0115               bool is_double_wrapped, const std::string& kek_id,
0116               const std::string& encoded_wrapped_kek,
0117               const std::string& encoded_wrapped_dek);
0118 
0119   bool is_footer_key_;
0120   std::string kms_instance_id_;
0121   std::string kms_instance_url_;
0122   std::string master_key_id_;
0123   bool is_double_wrapped_;
0124   std::string kek_id_;
0125   std::string encoded_wrapped_kek_;
0126   std::string encoded_wrapped_dek_;
0127 };
0128 
0129 }  // namespace parquet::encryption
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.3.7 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!