| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc --> |
| <title>KmsClient</title> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="KmsClient"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":18,"i1":6,"i2":18,"i3":6,"i4":6}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],16:["t5","Default Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../org/apache/iceberg/encryption/InputFilesDecryptor.html" title="class in org.apache.iceberg.encryption"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../org/apache/iceberg/encryption/KmsClient.KeyGenerationResult.html" title="class in org.apache.iceberg.encryption"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?org/apache/iceberg/encryption/KmsClient.html" target="_top">Frames</a></li> |
| <li><a href="KmsClient.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li><a href="#nested.class.summary">Nested</a> | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.iceberg.encryption</div> |
| <h2 title="Interface KmsClient" class="title">Interface KmsClient</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Superinterfaces:</dt> |
| <dd>java.io.Serializable</dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public interface <span class="typeNameLabel">KmsClient</span> |
| extends java.io.Serializable</pre> |
| <div class="block">A minimum client interface to connect to a key management service (KMS).</div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ======== NESTED CLASS SUMMARY ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="nested.class.summary"> |
| <!-- --> |
| </a> |
| <h3>Nested Class Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Nested Class Summary table, listing nested classes, and an explanation"> |
| <caption><span>Nested Classes</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Interface and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static class </code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.KeyGenerationResult.html" title="class in org.apache.iceberg.encryption">KmsClient.KeyGenerationResult</a></span></code> |
| <div class="block">For KMS systems that support key generation, this class keeps the key generation result - the |
| raw secret key, and its wrap.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span><span id="t5" class="tableTab"><span><a href="javascript:show(16);">Default Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>default <a href="../../../../org/apache/iceberg/encryption/KmsClient.KeyGenerationResult.html" title="class in org.apache.iceberg.encryption">KmsClient.KeyGenerationResult</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.html#generateKey-java.lang.String-">generateKey</a></span>(java.lang.String wrappingKeyId)</code> |
| <div class="block">Generate a new secret key in the KMS server, and wrap it using a wrapping/master key which is |
| stored in KMS and referenced by an ID.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.html#initialize-java.util.Map-">initialize</a></span>(java.util.Map<java.lang.String,java.lang.String> properties)</code> |
| <div class="block">Initialize the KMS client with given properties</div> |
| </td> |
| </tr> |
| <tr id="i2" class="altColor"> |
| <td class="colFirst"><code>default boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.html#supportsKeyGeneration--">supportsKeyGeneration</a></span>()</code> |
| <div class="block">Some KMS systems support generation of secret keys inside the KMS server.</div> |
| </td> |
| </tr> |
| <tr id="i3" class="rowColor"> |
| <td class="colFirst"><code>java.nio.ByteBuffer</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.html#unwrapKey-java.lang.String-java.lang.String-">unwrapKey</a></span>(java.lang.String wrappedKey, |
| java.lang.String wrappingKeyId)</code> |
| <div class="block">Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an |
| ID.</div> |
| </td> |
| </tr> |
| <tr id="i4" class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/iceberg/encryption/KmsClient.html#wrapKey-java.nio.ByteBuffer-java.lang.String-">wrapKey</a></span>(java.nio.ByteBuffer key, |
| java.lang.String wrappingKeyId)</code> |
| <div class="block">Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="wrapKey-java.nio.ByteBuffer-java.lang.String-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>wrapKey</h4> |
| <pre>java.lang.String wrapKey(java.nio.ByteBuffer key, |
| java.lang.String wrappingKeyId)</pre> |
| <div class="block">Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID. |
| Wrapping means encryption of the secret key with the master key, and adding optional |
| KMS-specific metadata that allows the KMS to decrypt the secret key in an unwrapping call.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>key</code> - a secret key being wrapped</dd> |
| <dd><code>wrappingKeyId</code> - a key ID that represents a wrapping key stored in KMS</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>wrapped key material</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="supportsKeyGeneration--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>supportsKeyGeneration</h4> |
| <pre>default boolean supportsKeyGeneration()</pre> |
| <div class="block">Some KMS systems support generation of secret keys inside the KMS server.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if KMS server supports key generation and KmsClient implementation is interested |
| to leverage this capability. Otherwise, return false - Iceberg will then generate secret |
| keys locally (using the SecureRandom mechanism) and call <a href="../../../../org/apache/iceberg/encryption/KmsClient.html#wrapKey-java.nio.ByteBuffer-java.lang.String-"><code>wrapKey(ByteBuffer, |
| String)</code></a> to wrap them in KMS.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="generateKey-java.lang.String-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>generateKey</h4> |
| <pre>default <a href="../../../../org/apache/iceberg/encryption/KmsClient.KeyGenerationResult.html" title="class in org.apache.iceberg.encryption">KmsClient.KeyGenerationResult</a> generateKey(java.lang.String wrappingKeyId)</pre> |
| <div class="block">Generate a new secret key in the KMS server, and wrap it using a wrapping/master key which is |
| stored in KMS and referenced by an ID. This method will be called only if supportsKeyGeneration |
| returns true.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>wrappingKeyId</code> - a key ID that represents a wrapping key stored in KMS</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>key in two forms: raw, and wrapped with the given wrappingKeyId</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="unwrapKey-java.lang.String-java.lang.String-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>unwrapKey</h4> |
| <pre>java.nio.ByteBuffer unwrapKey(java.lang.String wrappedKey, |
| java.lang.String wrappingKeyId)</pre> |
| <div class="block">Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an |
| ID.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>wrappedKey</code> - wrapped key material (encrypted key and optional KMS metadata, returned by |
| the wrapKey method)</dd> |
| <dd><code>wrappingKeyId</code> - a key ID that represents a wrapping key stored in KMS</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>raw key bytes</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="initialize-java.util.Map-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>initialize</h4> |
| <pre>void initialize(java.util.Map<java.lang.String,java.lang.String> properties)</pre> |
| <div class="block">Initialize the KMS client with given properties</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>properties</code> - kms client properties</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../org/apache/iceberg/encryption/InputFilesDecryptor.html" title="class in org.apache.iceberg.encryption"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../org/apache/iceberg/encryption/KmsClient.KeyGenerationResult.html" title="class in org.apache.iceberg.encryption"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?org/apache/iceberg/encryption/KmsClient.html" target="_top">Frames</a></li> |
| <li><a href="KmsClient.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li><a href="#nested.class.summary">Nested</a> | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |