tolleybot commented on issue #39444:
URL: https://github.com/apache/arrow/issues/39444#issuecomment-1889812752
**I changed GetColumnDecryptor so that it always returns a new Decryptor and
I no longer see the issue. I am not sure , without testing, if I am stomping
on something else, or if this is efficient since the Decryptor was being
cached. **
### Previous Method:
```
std::shared_ptr<Decryptor> InternalFileDecryptor::GetColumnDecryptor(
const std::string& column_path, const std::string& column_key_metadata,
const std::string& aad, bool metadata) {
std::string column_key;
// first look if we already got the decryptor from before
if (metadata) {
if (column_metadata_map_.find(column_path) !=
column_metadata_map_.end()) {
auto res(column_metadata_map_.at(column_path));
res->UpdateAad(aad);
return res;
}
} else {
if (column_data_map_.find(column_path) != column_data_map_.end()) {
auto res(column_data_map_.at(column_path));
res->UpdateAad(aad);
return res;
}
}
column_key = properties_->column_key(column_path);
// No explicit column key given via API. Retrieve via key metadata.
if (column_key.empty() && !column_key_metadata.empty() &&
properties_->key_retriever() != nullptr) {
try {
column_key = properties_->key_retriever()->GetKey(column_key_metadata);
} catch (KeyAccessDeniedException& e) {
std::stringstream ss;
ss << "HiddenColumnException, path=" + column_path + " " << e.what()
<< "\n";
throw HiddenColumnException(ss.str());
}
}
if (column_key.empty()) {
throw HiddenColumnException("HiddenColumnException, path=" +
column_path);
}
// Create both data and metadata decryptors to avoid redundant retrieval
of key
// using the key_retriever.
int key_len = static_cast<int>(column_key.size());
auto aes_metadata_decryptor = encryption::AesDecryptor::Make(
algorithm_, key_len, /*metadata=*/true, &all_decryptors_);
auto aes_data_decryptor = encryption::AesDecryptor::Make(
algorithm_, key_len, /*metadata=*/false, &all_decryptors_);
column_metadata_map_[column_path] = std::make_shared<Decryptor>(
aes_metadata_decryptor, column_key, file_aad_, aad, pool_);
column_data_map_[column_path] =
std::make_shared<Decryptor>(aes_data_decryptor, column_key, file_aad_,
aad, pool_);
if (metadata) return column_metadata_map_[column_path];
return column_data_map_[column_path];
}
```
### Updated Method
```
std::shared_ptr<Decryptor> InternalFileDecryptor::GetColumnDecryptor(
const std::string& column_path, const std::string& column_key_metadata,
const std::string& aad, bool metadata) {
std::string column_key = properties_->column_key(column_path);
column_key = properties_->column_key(column_path);
// No explicit column key given via API. Retrieve via key metadata.
if (column_key.empty() && !column_key_metadata.empty() &&
properties_->key_retriever() != nullptr) {
try {
column_key = properties_->key_retriever()->GetKey(column_key_metadata);
} catch (KeyAccessDeniedException& e) {
std::stringstream ss;
ss << "HiddenColumnException, path=" + column_path + " " << e.what()
<< "\n";
throw HiddenColumnException(ss.str());
}
}
if (column_key.empty()) {
throw HiddenColumnException("HiddenColumnException, path=" +
column_path);
}
int key_len = static_cast<int>(column_key.size());
auto aes_decryptor =
encryption::AesDecryptor::Make(algorithm_, key_len, metadata,
&all_decryptors_);
return std::make_shared<Decryptor>(aes_decryptor, column_key, file_aad_,
aad, pool_);
```
}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
