Package de.otto.kafka.messaging.e2ee

Interface KafkaEncryptionHelper

public interface KafkaEncryptionHelper

  • Field Details

    • KAFKA_HEADER_IV_KEY

      static final String KAFKA_HEADER_IV_KEY
      Name of Kafka Header for the initialization vector for the partition key
      See Also:

    • KAFKA_HEADER_IV_VALUE

      static final String KAFKA_HEADER_IV_VALUE
      Name of Kafka Header for the initialization vector for the payload (or value)
      See Also:

    • KAFKA_CE_HEADER_IV_VALUE

      static final String KAFKA_CE_HEADER_IV_VALUE
      Name of Kafka CloudEvent Header for the initialization vector for the payload (or value)
      See Also:

    • KAFKA_HEADER_CIPHER_KEY

      static final String KAFKA_HEADER_CIPHER_KEY
      Name of Kafka Header for the cipher metadata for the partition key
      See Also:

    • KAFKA_HEADER_CIPHER_VALUE

      static final String KAFKA_HEADER_CIPHER_VALUE
      Name of Kafka Header for the cipher metadata for the payload (or value)
      See Also:

    • KAFKA_CE_HEADER_CIPHER_VERSION_VALUE

      static final String KAFKA_CE_HEADER_CIPHER_VERSION_VALUE
      Name of Kafka CloudEvent Header for the cipher version for the payload (or value)
      See Also:

    • KAFKA_CE_HEADER_CIPHER_NAME_VALUE

      static final String KAFKA_CE_HEADER_CIPHER_NAME_VALUE
      Name of Kafka CloudEvent Header for the cipher name for the payload (or value)
      See Also:

  • Method Details

    • headerNameIv

      static String headerNameIv(boolean isForKey)

    • headerNameCiphers

      static String headerNameCiphers(boolean isForKey)

    • aesEncryptedPayloadOfKafka

      static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] encryptedPayload, String kafkaHeaderInitializationVector, String kafkaHeaderCiphersText)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaderInitializationVector - value of kafka header of "initialization vector"
      kafkaHeaderCiphersText - value of kafka header of "ciphers"
      Returns:
      a AesEncryptedPayload instance with the given values
      See Also:

    • aesEncryptedPayloadOfKafka

      static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] encryptedPayload, String kafkaHeaderInitializationVector, String kafkaHeaderCiphersText, String kafkaCeHeaderInitializationVector, String kafkaCeHeaderCipherVersion, String kafkaCeHeaderCipherName)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaderInitializationVector - value of deprecated kafka header of "initialization vector"
      kafkaHeaderCiphersText - value of deprecated kafka header of "ciphers"
      kafkaCeHeaderInitializationVector - value of cloud event kafka header of "initialization vector"
      kafkaCeHeaderCipherVersion - value of cloud event kafka header of "cipher version"
      kafkaCeHeaderCipherName - value of cloud event kafka header of "cipher name"
      Returns:
      a AesEncryptedPayload instance with the given values

    • aesEncryptedPayloadOfKafka

      static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] encryptedPayload, byte[] kafkaHeaderInitializationVector, byte[] kafkaHeaderCiphersText)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaderInitializationVector - value of kafka header of "initialization vector"
      kafkaHeaderCiphersText - value of kafka header of "ciphers"
      Returns:
      a AesEncryptedPayload instance with the given values

    • aesEncryptedPayloadOfKafka

      static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] encryptedPayload, byte[] kafkaHeaderInitializationVector, byte[] kafkaHeaderCiphersText, byte[] kafkaCeHeaderInitializationVector, byte[] kafkaCeHeaderCipherVersion, byte[] kafkaCeHeaderCipherName)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaderInitializationVector - value of kafka header of "initialization vector"
      kafkaHeaderCiphersText - value of kafka header of "ciphers"
      Returns:
      a AesEncryptedPayload instance with the given values
      See Also:

    • aesEncryptedPayloadOfKafkaForKey

      static AesEncryptedPayload aesEncryptedPayloadOfKafkaForKey(byte[] encryptedPayload, Map<String,?> kafkaHeaders)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaders - all kafka headers including "initialization vector" and "ciphers"
      Returns:
      a AesEncryptedPayload instance with the given values to represent an encrypted kafka key
      See Also:

    • aesEncryptedPayloadOfKafkaForValue

      static AesEncryptedPayload aesEncryptedPayloadOfKafkaForValue(byte[] encryptedPayload, Map<String,?> kafkaHeaders)
      Parameters:
      encryptedPayload - the encrypted payload
      kafkaHeaders - all kafka headers including "initialization vector" and "ciphers"
      Returns:
      a AesEncryptedPayload instance with the given values to represent an encrypted kafka value a.k.a. payload
      See Also:

    • extractKafkaHeaderValueText

      static String extractKafkaHeaderValueText(Map<String,?> kafkaHeaders, String headerName)
      find and extract the value of the specified kafka header
      Parameters:
      kafkaHeaders - all kafka headers
      headerName - name of the kafka header that are of interest
      Returns:
      the found header or null

    • byteArrayToUtf8String

      static String byteArrayToUtf8String(byte[] kafkaHeaderValue)
      Parameters:
      kafkaHeaderValue - a Kafka header value as raw byte array or null
      Returns:
      the header value as String can be null

    • mapToKafkaHeadersForKey

      static Map<String,byte[]> mapToKafkaHeadersForKey(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - a AesEncryptedPayload object for a Kafka key
      Returns:
      the kafka headers needed for given AesEncryptedPayload
      See Also:

    • mapToKafkaHeadersForValue

      static Map<String,byte[]> mapToKafkaHeadersForValue(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - a AesEncryptedPayload object for a Kafka value a.k.a. payload
      Returns:
      the kafka headers needed for given AesEncryptedPayload
      See Also:

    • mapToIvHeaderValueText

      static String mapToIvHeaderValueText(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the initialization vector. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToIvHeaderValue

      static byte[] mapToIvHeaderValue(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the initialization vector. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherHeaderValueText

      static String mapToCipherHeaderValueText(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher metadata. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherHeaderValueText

      static String mapToCipherHeaderValueText(EncryptionCipherSpec cipherSpec)
      Parameters:
      cipherSpec - the cipher spec
      Returns:
      the value for the cipher metadata.
      See Also:

    • mapToCipherNameHeaderValue

      static byte[] mapToCipherNameHeaderValue(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher name. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherNameHeaderText

      static String mapToCipherNameHeaderText(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher name. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherVersionHeaderValue

      static byte[] mapToCipherVersionHeaderValue(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher version. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherVersionHeaderText

      static String mapToCipherVersionHeaderText(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher version. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • mapToCipherHeaderValue

      static byte[] mapToCipherHeaderValue(AesEncryptedPayload encryptedPayload)
      Parameters:
      encryptedPayload - the payload
      Returns:
      the value for the cipher metadata. Note: you should check AesEncryptedPayload.isEncrypted() before calling this method.
      See Also:

    • extractIv

      static byte[] extractIv(byte[] ivRaw)
      Parameters:
      ivRaw - the raw kafka header value of the initialization vector
      Returns:
      the initialization vector
      See Also:

    • extractIv

      static byte[] extractIv(String ivText)
      Parameters:
      ivText - the kafka header value of the initialization vector
      Returns:
      the initialization vector
      See Also:

    • extractCipherVersion

      static int extractCipherVersion(byte[] cipherVersionCeHeaderValue)
      Parameters:
      cipherVersionCeHeaderValue - the raw CloudEvent kafka header value of the cipher version.
      Returns:
      the key version used to encrypt the payload

    • extractCipherVersion

      static int extractCipherVersion(String cipherVersionCeHeaderText)
      Parameters:
      cipherVersionCeHeaderText - the CloudEvent kafka header value of the cipher version.
      Returns:
      the key version used to encrypt the payload

    • extractCipherName

      static String extractCipherName(byte[] cipherNameCeHeaderValue)
      Parameters:
      cipherNameCeHeaderValue - the raw CloudEvent kafka header value of the cipher name.
      Returns:
      the key version used to encrypt the payload

    • extractCipherName

      static String extractCipherName(String cipherNameCeHeaderValue)
      Parameters:
      cipherNameCeHeaderValue - the raw CloudEvent kafka header value of the cipher name.
      Returns:
      the key version used to encrypt the payload

    • extractKeyVersion

      static int extractKeyVersion(byte[] cipherHeaderValue)
      Parameters:
      cipherHeaderValue - the raw kafka header value of the cipher metadata.
      Returns:
      the key version used to encrypt the payload
      See Also:

    • extractKeyVersion

      static int extractKeyVersion(String ciphersText)
      Parameters:
      ciphersText - the kafka header value of the cipher metadata.
      Returns:
      the key version used to encrypt the payload
      See Also:

    • extractEncryptionKeyAttributeName

      static String extractEncryptionKeyAttributeName(String ciphersText)
      Parameters:
      ciphersText - the kafka header value of the cipher metadata.
      Returns:
      the encryptionKeyAttributeName used to fetch the key from the vault
      See Also:

    • extractCipherSpec

      static EncryptionCipherSpec extractCipherSpec(byte[] cipherHeaderValue)
      Parameters:
      cipherHeaderValue - the kafka header value of the cipher metadata.
      Returns:
      the EncryptionCipherSpec used to fetch the key from the vault
      See Also:

    • extractCipherSpec

      static EncryptionCipherSpec extractCipherSpec(String ciphersText)
      Parameters:
      ciphersText - the kafka header value of the cipher metadata.
      Returns:
      the EncryptionCipherSpec used to fetch the key from the vault
      See Also: