From 14936914c52942466c1603bf40f35b07fce42ee4 Mon Sep 17 00:00:00 2001 From: Robert Yokota Date: Tue, 12 Dec 2023 11:17:22 -0800 Subject: [PATCH] Refactor getAead method so it can be overridden --- .../io/confluent/dekregistry/storage/DekRegistry.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java b/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java index 3628a4dc783..5961371f7a3 100644 --- a/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java +++ b/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java @@ -576,7 +576,7 @@ public DataEncryptionKey createDek(String kekName, CreateDekRequest request) protected DataEncryptionKey generateEncryptedDek(KeyEncryptionKey kek, DataEncryptionKey key) throws DekGenerationException { try { - Aead aead = kek.toKekEntity().toAead(config.originals()); + Aead aead = getAead(kek); // Generate new dek byte[] rawDek = getCryptor(key.getAlgorithm()).generateKey(); byte[] encryptedDek = aead.encrypt(rawDek, EMPTY_AAD); @@ -595,7 +595,7 @@ protected DataEncryptionKey generateRawDek(KeyEncryptionKey kek, DataEncryptionK throws DekGenerationException { try { // Decrypt dek - Aead aead = kek.toKekEntity().toAead(config.originals()); + Aead aead = getAead(kek); byte[] encryptedDek = Base64.getDecoder().decode( key.getEncryptedKeyMaterial().getBytes(StandardCharsets.UTF_8)); byte[] rawDek = aead.decrypt(encryptedDek, EMPTY_AAD); @@ -613,6 +613,10 @@ protected DataEncryptionKey generateRawDek(KeyEncryptionKey kek, DataEncryptionK } } + protected Aead getAead(KeyEncryptionKey kek) throws GeneralSecurityException { + return kek.toKekEntity().toAead(config.originals()); + } + public Kek putKekOrForward(String name, UpdateKekRequest request, Map headerProperties) throws SchemaRegistryException { String tenant = schemaRegistry.tenant();