huaxingao commented on code in PR #14396:
URL: https://github.com/apache/iceberg/pull/14396#discussion_r2462322322
##########
core/src/main/java/org/apache/iceberg/encryption/StandardEncryptionManager.java:
##########
@@ -171,17 +174,30 @@ private String keyEncryptionKeyID() {
throw new IllegalStateException("Cannot return the current key after
serialization");
}
- if (!transientState.encryptionKeys.containsKey(KEY_ENCRYPTION_KEY_ID)) {
- ByteBuffer unwrapped = newKey();
- ByteBuffer wrapped = transientState.kmsClient.wrapKey(unwrapped,
tableKeyId);
- EncryptedKey key = new BaseEncryptedKey(KEY_ENCRYPTION_KEY_ID, wrapped,
tableKeyId, null);
-
- // update internal tracking
- transientState.unwrappedKeyCache.put(key.keyId(), unwrapped);
- transientState.encryptionKeys.put(key.keyId(), key);
+ // Find unexpired key encryption key
+ for (String keyID : transientState.encryptionKeys.keySet()) {
+ EncryptedKey key = transientState.encryptionKeys.get(keyID);
+ if (key.encryptedById().equals(tableKeyId)) { // this is a key
encryption key
+ String timestampProperty = key.properties().get(KEY_TIMESTAMP);
+ long keyTimestamp = Long.parseLong(timestampProperty);
+ if (keyTimestamp - System.currentTimeMillis() <
KEY_ENCRYPTION_KEY_LIFESPAN_MS) {
Review Comment:
Should this be `System.currentTimeMillis() - keyTimestamp`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
