merlimat commented on a change in pull request #2024: Forward encryption
properties with encrypted payload to consumer
URL: https://github.com/apache/incubator-pulsar/pull/2024#discussion_r197931740
##########
File path:
pulsar-client/src/main/java/org/apache/pulsar/client/api/ConsumerCryptoFailureAction.java
##########
@@ -22,8 +22,37 @@
public enum ConsumerCryptoFailureAction {
FAIL, // This is the default option to fail consume until crypto succeeds
DISCARD, // Message is silently acknowledged and not delivered to the
application
- CONSUME // Deliver the encrypted message to the application. It's the
application's
- // responsibility to decrypt the message. If message is also
compressed,
- // decompression will fail. If message contain batch messages,
client will
- // not be able to retrieve individual messages in the batch
+ /**
+ *
+ * <pre>
+ * Deliver the encrypted message to the application. It's the
application's responsibility to decrypt the message.
+ * If message is also compressed, decompression will fail. If message
contain batch messages, client will not be
+ * able to retrieve individual messages in the batch.
+ * </pre>
+ *
+ * Delivered encrypted message will contain encrypted payload along with
properties which can be used to uncompress
+ * and decrypt the payload. Message will contain following properties to
decrypt message:
+ *
+ * <ul>
+ * <li>{@value #PULSAR_ENCRYPTION_KEY_PROP}: Encryption keys in json
format of {@link EncryptionKeyInfo}</li>
+ * <li>{@value #PULSAR_ENCRYPTION_PARAM_BASE64_ENCODED_PROP} : encryption
param required to decrypt message</li>
+ * <li>{@value #PULSAR_ENCRYPTION_ALGO_PROP}: encryption algorithm</li>
+ * <li>{@value #PULSAR_COMPRESSION_TYPE_PROP}: compression type if message
is already compressed
+ * {@link CompressionType} (null if message is not compressed).</li>
+ * <li>{@value #PULSAR_UNCOMPRESSED_MSG_SIZE_PROP}: uncompressed message
size (null if message is not compressed).
+ * </li>
+ * <li>{@value #PULSAR_BATCH_SIZE_PROP}: number of messages present into
batch message (null if message is not batch
+ * message).</li>
+ * </ul>
+ *
+ *
+ */
+ CONSUME;
+
+ public static final String PULSAR_ENCRYPTION_KEY_PROP =
"__pulsar_encryption_key__";
+ public static final String PULSAR_ENCRYPTION_PARAM_BASE64_ENCODED_PROP =
"__pulsar_encryption_param_base64_encoded__";
+ public static final String PULSAR_ENCRYPTION_ALGO_PROP =
"__pulsar_encryption_algo__";
+ public static final String PULSAR_COMPRESSION_TYPE_PROP =
"__pulsar_compression_type__";
+ public static final String PULSAR_UNCOMPRESSED_MSG_SIZE_PROP =
"__pulsar_uncompressed_msg_size__";
+ public static final String PULSAR_BATCH_SIZE_PROP =
"__pulsar_batch_size__";
Review comment:
Right now the message properties are only application defined properties.
The encryption metadata is being added with specific protobuf fields. I would
prefer not to mix these fields in the properties but rather to expose an
`Optional<EncryptionContext>` object with the infos. Also, I'd prefer to always
have these info if available, not only if the message failed to be decrypted.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
