Improve parameter handling in FieldEncryptionExecutor

confluentinc · Feb 22, 2024 · be5c571 · be5c571
1 parent 2316185
commit be5c571
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/...n/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java b/...n/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java
@@ -150,7 +150,7 @@ public FieldEncryptionExecutorTransform newTransform(RuleContext ctx) throws Rul
 
   private Cryptor getCryptor(RuleContext ctx) {
     String algorithm = ctx.getParameter(ENCRYPT_DEK_ALGORITHM);
-    DekFormat dekFormat = algorithm != null
+    DekFormat dekFormat = algorithm != null && !algorithm.isEmpty()
         ? DekFormat.valueOf(algorithm)
         : DekFormat.AES256_GCM;
     return getCryptor(dekFormat);
@@ -292,10 +292,10 @@ protected KekInfo getOrCreateKek(RuleContext ctx) throws RuleException {
         if (isRead) {
           throw new RuleException("No kek found for " + kekName + " during consume");
         }
-        if (kmsType == null) {
+        if (kmsType == null || kmsType.isEmpty()) {
           throw new RuleException("No kms type found for " + kekName + " during produce");
         }
-        if (kmsKeyId == null) {
+        if (kmsKeyId == null || kmsKeyId.isEmpty()) {
           throw new RuleException("No kms key id found for " + kekName + " during produce");
         }
         kek = new KekInfo(kmsType, kmsKeyId, false);
@@ -309,12 +309,12 @@ protected KekInfo getOrCreateKek(RuleContext ctx) throws RuleException {
         }
       }
       if (kmsType != null && !kmsType.equals(kek.getKmsType())) {
-        throw new RuleException("Found " + kekName + " with different kms type: "
-            + kek.getKmsType());
+        throw new RuleException("Found " + kekName + " with kms type '"
+            + kek.getKmsType() + "' which differs from rule kms type '" + kmsType + "'");
       }
       if (kmsKeyId != null && !kmsKeyId.equals(kek.getKmsKeyId())) {
-        throw new RuleException("Found " + kekName + " with different kms key id: "
-            + kek.getKmsKeyId());
+        throw new RuleException("Found " + kekName + " with kms key id '"
+            + kek.getKmsKeyId() + "' which differs from rule kms key id '" + kmsKeyId + "'");
       }
       return kek;
     }