thamht4190 commented on a change in pull request #8023: URL: https://github.com/apache/arrow/pull/8023#discussion_r486382968
########## File path: cpp/src/parquet/key_material.h ########## @@ -0,0 +1,120 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#pragma once + +#include <map> +#include <string> + +#include <rapidjson/document.h> + +namespace parquet { +namespace encryption { + +// KeyMaterial class represents the "key material", keeping the information that allows +// readers to recover an encryption key (see description of the KeyMetadata class). The +// keytools package (PARQUET-1373) implements the "envelope encryption" pattern, in a +// "single wrapping" or "double wrapping" mode. In the single wrapping mode, the key +// material is generated by encrypting the "data encryption key" (DEK) by a "master key". +// In the double wrapping mode, the key material is generated by encrypting the DEK by a +// "key encryption key" (KEK), that in turn is encrypted by a "master key". +// +// Key material is kept in a flat json object, with the following fields: +// 1. "keyMaterialType" - a String, with the type of key material. In the current +// version, only one value is allowed - "PKMT1" (stands +// for "parquet key management tools, version 1"). For external key material storage, +// this field is written in both "key metadata" and "key material" jsons. For internal +// key material storage, this field is written only once in the common json. +// 2. "isFooterKey" - a boolean. If true, means that the material belongs to a file footer +// key, and keeps additional information (such as +// KMS instance ID and URL). If false, means that the material belongs to a column +// key. +// 3. "kmsInstanceID" - a String, with the KMS Instance ID. Written only in footer key +// material. +// 4. "kmsInstanceURL" - a String, with the KMS Instance URL. Written only in footer key +// material. +// 5. "masterKeyID" - a String, with the ID of the master key used to generate the +// material. +// 6. "wrappedDEK" - a String, with the wrapped DEK (base64 encoding). +// 7. "doubleWrapping" - a boolean. If true, means that the material was generated in +// double wrapping mode. +// If false - in single wrapping mode. +// 8. "keyEncryptionKeyID" - a String, with the ID of the KEK used to generate the +// material. Written only in double wrapping mode. +// 9. "wrappedKEK" - a String, with the wrapped KEK (base64 encoding). Written only in +// double wrapping mode. +class KeyMaterial { + public: + static constexpr char KEY_MATERIAL_TYPE_FIELD[] = "keyMaterialType"; + static constexpr char KEY_MATERIAL_TYPE1[] = "PKMT1"; + + static constexpr char FOOTER_KEY_ID_IN_FILE[] = "footerKey"; + static constexpr char COLUMN_KEY_ID_IN_FILE_PREFIX[] = "columnKey"; + + static constexpr char IS_FOOTER_KEY_FIELD[] = "isFooterKey"; + static constexpr char DOUBLE_WRAPPING_FIELD[] = "doubleWrapping"; + static constexpr char KMS_INSTANCE_ID_FIELD[] = "kmsInstanceID"; + static constexpr char KMS_INSTANCE_URL_FIELD[] = "kmsInstanceURL"; + static constexpr char MASTER_KEY_ID_FIELD[] = "masterKeyID"; + static constexpr char WRAPPED_DEK_FIELD[] = "wrappedDEK"; + static constexpr char KEK_ID_FIELD[] = "keyEncryptionKeyID"; + static constexpr char WRAPPED_KEK_FIELD[] = "wrappedKEK"; + + public: + KeyMaterial() = default; + + static KeyMaterial Parse(const std::string& key_material_string); + + static KeyMaterial Parse(const rapidjson::Document& key_material_json); + + static std::string CreateSerialized(bool is_footer_key, Review comment: I updated it to `SerializeToJson` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
