public class VaultTransitTemplate extends Object implements VaultTransitOperations
VaultTransitOperations
.Constructor and Description |
---|
VaultTransitTemplate(VaultOperations vaultOperations,
String path)
|
Modifier and Type | Method and Description |
---|---|
void |
configureKey(String keyName,
VaultTransitKeyConfiguration keyConfiguration)
Create a new named encryption key given a
name . |
void |
createKey(String keyName)
Create a new named encryption key given a
name . |
void |
createKey(String keyName,
VaultTransitKeyCreationRequest createKeyRequest)
Create a new named encryption key given a
name and
VaultTransitKeyCreationRequest . |
Plaintext |
decrypt(String keyName,
Ciphertext ciphertext)
Decrypts the provided cipher text using the named key.
|
List<VaultDecryptionResult> |
decrypt(String keyName,
List<Ciphertext> batchRequest)
Decrypts the provided barch of cipher text using the named key and context.
|
String |
decrypt(String keyName,
String ciphertext)
Decrypts the provided plain text using the named key.
|
byte[] |
decrypt(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Decrypts the provided
ciphertext using the named key. |
void |
deleteKey(String keyName)
Deletes a named encryption key.
|
String |
encrypt(String keyName,
byte[] plaintext,
VaultTransitContext transitContext)
Encrypts the provided
plaintext using the named key. |
List<VaultEncryptionResult> |
encrypt(String keyName,
List<Plaintext> batchRequest)
Encrypts the provided batch of
plaintext using the named key and context. |
Ciphertext |
encrypt(String keyName,
Plaintext plaintext)
Encrypts the provided
plaintext using the named key. |
String |
encrypt(String keyName,
String plaintext)
Encrypts the provided plain text using the named key.
|
RawTransitKey |
exportKey(String keyName,
TransitKeyType type)
Returns the value of the named encryption key.
|
Hmac |
getHmac(String keyName,
Plaintext plaintext)
Create a HMAC using
keyName of given Plaintext using the default
hash algorithm. |
Hmac |
getHmac(String keyName,
VaultHmacRequest hmacRequest)
Create a HMAC using
keyName of given VaultHmacRequest using the
default hash algorithm. |
VaultTransitKey |
getKey(String keyName)
Return information about a named encryption key.
|
List<String> |
getKeys()
Get a
List of transit key names. |
String |
rewrap(String keyName,
String ciphertext)
Rewrap the provided cipher text using the latest version of the named key.
|
String |
rewrap(String keyName,
String ciphertext,
VaultTransitContext transitContext)
Rewrap the provided cipher text using the latest version of the named key.
|
void |
rotate(String keyName)
Rotates the version of the named key.
|
Signature |
sign(String keyName,
Plaintext plaintext)
Create a cryptographic signature using
keyName of the given
Plaintext and the default hash algorithm. |
Signature |
sign(String keyName,
VaultSignRequest signRequest)
Create a cryptographic signature using
keyName of the given
VaultSignRequest and the specified hash algorithm. |
String |
toString() |
boolean |
verify(String keyName,
Plaintext plainText,
Signature signature)
|
SignatureValidation |
verify(String keyName,
VaultSignatureVerificationRequest verificationRequest)
Verify the cryptographic signature using
keyName of the given
VaultSignRequest . |
public VaultTransitTemplate(VaultOperations vaultOperations, String path)
vaultOperations
- must not be null.path
- must not be empty or null.public void createKey(String keyName)
VaultTransitOperations
name
.createKey
in interface VaultTransitOperations
keyName
- must not be empty or null.public void createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest)
VaultTransitOperations
name
and
VaultTransitKeyCreationRequest
. The key options set here cannot be changed
after key creation.createKey
in interface VaultTransitOperations
keyName
- must not be empty or null.createKeyRequest
- must not be null.public List<String> getKeys()
VaultTransitOperations
List
of transit key names.getKeys
in interface VaultTransitOperations
List
of transit key names.public void configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration)
VaultTransitOperations
name
.configureKey
in interface VaultTransitOperations
keyName
- must not be empty or null.keyConfiguration
- must not be null.@Nullable public RawTransitKey exportKey(String keyName, TransitKeyType type)
VaultTransitOperations
exportKey
in interface VaultTransitOperations
keyName
- must not be empty or null.type
- must not be null.RawTransitKey
.@Nullable public VaultTransitKey getKey(String keyName)
VaultTransitOperations
getKey
in interface VaultTransitOperations
keyName
- must not be empty or null.VaultTransitKey
.public void deleteKey(String keyName)
VaultTransitOperations
deleteKey
in interface VaultTransitOperations
keyName
- must not be empty or null.public void rotate(String keyName)
VaultTransitOperations
VaultTransitOperations.rewrap(String, String)
.rotate
in interface VaultTransitOperations
keyName
- must not be empty or null.VaultTransitOperations.rewrap(String, String)
public String encrypt(String keyName, String plaintext)
VaultTransitOperations
plaintext
is encoded into bytes using the default charset
. Use
VaultTransitOperations.encrypt(String, org.springframework.vault.support.Plaintext)
to construct
a Plaintext
object
from bytes to avoid Charset
mismatches.encrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.plaintext
- must not be empty or null.public Ciphertext encrypt(String keyName, Plaintext plaintext)
VaultTransitOperations
plaintext
using the named key.encrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.plaintext
- must not be null.public String encrypt(String keyName, byte[] plaintext, VaultTransitContext transitContext)
VaultTransitOperations
plaintext
using the named key.encrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.plaintext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.public List<VaultEncryptionResult> encrypt(String keyName, List<Plaintext> batchRequest)
VaultTransitOperations
plaintext
using the named key and context.
The encryption is done using transit backend's batch operation.encrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.batchRequest
- a list of Plaintext
which includes plain text and an
optional context.batchRequest
plaintexts.public String decrypt(String keyName, String ciphertext)
VaultTransitOperations
plaintext
is decoded into String
the default charset
. Use
VaultTransitOperations.decrypt(String, org.springframework.vault.support.Ciphertext)
to obtain a
Ciphertext
object that allows to control
the Charset
for later consumption.decrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.ciphertext
- must not be empty or null.public Plaintext decrypt(String keyName, Ciphertext ciphertext)
VaultTransitOperations
decrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.ciphertext
- must not be null.public byte[] decrypt(String keyName, String ciphertext, VaultTransitContext transitContext)
VaultTransitOperations
ciphertext
using the named key.decrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.public List<VaultDecryptionResult> decrypt(String keyName, List<Ciphertext> batchRequest)
VaultTransitOperations
decrypt
in interface VaultTransitOperations
keyName
- must not be empty or null.batchRequest
- a list of Ciphertext
which includes plain text and an
optional context.batchRequest
ciphertexts.public String rewrap(String keyName, String ciphertext)
VaultTransitOperations
rewrap
in interface VaultTransitOperations
keyName
- must not be empty or null.ciphertext
- must not be empty or null.VaultTransitOperations.rotate(String)
public String rewrap(String keyName, String ciphertext, VaultTransitContext transitContext)
VaultTransitOperations
rewrap
in interface VaultTransitOperations
keyName
- must not be empty or null.ciphertext
- must not be empty or null.transitContext
- must not be null. Use
VaultTransitContext.empty()
if no request options provided.VaultTransitOperations.rotate(String)
public Hmac getHmac(String keyName, Plaintext plaintext)
VaultTransitOperations
keyName
of given Plaintext
using the default
hash algorithm. The key can be of any type supported by transit; the raw key will
be marshaled into bytes to be used for the HMAC function. If the key is of a type
that supports rotation, the latest (current) version will be used.getHmac
in interface VaultTransitOperations
keyName
- must not be empty or null.plaintext
- must not be null.public Hmac getHmac(String keyName, VaultHmacRequest hmacRequest)
VaultTransitOperations
keyName
of given VaultHmacRequest
using the
default hash algorithm. The key can be of any type supported by transit; the raw
key will be marshaled into bytes to be used for the HMAC function. If the key is of
a type that supports rotation, configured VaultHmacRequest.getKeyVersion()
will be used.getHmac
in interface VaultTransitOperations
keyName
- must not be empty or null.hmacRequest
- the VaultHmacRequest
, must not be null.public Signature sign(String keyName, Plaintext plaintext)
VaultTransitOperations
keyName
of the given
Plaintext
and the default hash algorithm. The key must be of a type that
supports signing.sign
in interface VaultTransitOperations
keyName
- must not be empty or null.plaintext
- must not be empty or null.Plaintext
.public Signature sign(String keyName, VaultSignRequest signRequest)
VaultTransitOperations
keyName
of the given
VaultSignRequest
and the specified hash algorithm. The key must be of a
type that supports signing.sign
in interface VaultTransitOperations
keyName
- must not be empty or null.signRequest
- VaultSignRequest
must not be empty or null.VaultSignRequest
.public boolean verify(String keyName, Plaintext plainText, Signature signature)
VaultTransitOperations
verify
in interface VaultTransitOperations
keyName
- must not be empty or null.plainText
- must not be null.signature
- Signature to be verified, must not be null.public SignatureValidation verify(String keyName, VaultSignatureVerificationRequest verificationRequest)
VaultTransitOperations
keyName
of the given
VaultSignRequest
.verify
in interface VaultTransitOperations
keyName
- must not be empty or null.verificationRequest
- VaultSignatureVerificationRequest
must not be
null.SignatureValidation
.Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.