Hi Bruno, By passing hard coding ref key and KeyId and forcing shouldReadCommitUserData = true inside EncryptionDirectory.maybeWrapOutput() , encryption is performing without any issue for first document ingest and failed with null pointer for next request.
But setting dynamic ref key and KeyId it is breaking , at EncryptionUtil.getActiveKeyRefFromCommit(Map<String, String> commitUserData) as it is returning null pointer , because it is called before creating commitUserData and commitUserData.get(COMMIT_ACTIVE_KEY) returns null . Would you please suggest? how to set COMMIT_ACTIVE_KEY and COMMIT_KEY_ID or PARAM_KEY_ID in SolrQueryRequest req dynamically ? If Keys are set to req object before calling EncryptionRequestHandler.handleRequestBody(SolrQueryRequest req, SolrQueryResponse rsp), this module will work. Regards, Manish On 2024/07/10 13:38:27 Bruno Roustant wrote: > Could you avoid the "RE: Re:" prefix on the email title so that it's easier > to have a single thread mail please? > > 1- From you solrconfig.xml, I suppose > org.apache.solr.encryption.KmsKeySupplierFactory is your custom > KeySupplierFactory, right? > 2- Are you able to run the encryption tests? Do they pass? > 3- From your traces, I see "ref key = 1071082519", which is surprising. Is > it keyRef or keyId? keyRef should be a small integer normally. > 4- Could you output the content of Map<String, String> commitUserData > inside EncryptionDirectory.getLatestCommitData()? > 5- Could you output the IndexOutput param of each call to > EncryptionDirectory.maybeWrapOutput()? I would like to know if the > _0_Lucene90FieldsIndex-doc_ids_0.tmp is encrypted. > 6- Can you confirm that, until you call the EncryptionRequestHandler, auto > commits are working, and the first auto commit after the > EncryptionRequestHandler call fails? > This electronic message may contain proprietary and confidential information of Verint Systems Inc., its affiliates and/or subsidiaries. The information is intended to be for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient (or authorized to receive this e-mail for the intended recipient), you may not use, copy, disclose or distribute to anyone this message or any information contained in this message. If you have received this electronic message in error, please notify us by replying to this e-mail.
