Package org.springframework.vault.core
Class VaultTransitTemplate
java.lang.Object
org.springframework.vault.core.VaultTransitTemplate
- All Implemented Interfaces:
VaultTransitOperations
Default implementation of
VaultTransitOperations.- Author:
- Mark Paluch, Sven Schürmann, Praveendra Singh, Luander Ribeiro, Mikko Koli, My-Lan Aragon, Nanne Baars
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidconfigureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration) Create a new named encryption key given aname.voidCreate a new named encryption key given aname.voidcreateKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest) Create a new named encryption key given anameandVaultTransitKeyCreationRequest.Decrypts the provided plain text using the named key.byte[]decrypt(String keyName, String ciphertext, VaultTransitContext transitContext) Decrypts the providedciphertextusing the named key.decrypt(String keyName, List<Ciphertext> batchRequest) Decrypts the provided barch of cipher text using the named key and context.decrypt(String keyName, Ciphertext ciphertext) Decrypts the provided cipher text using the named key.voidDeletes a named encryption key.encrypt(String keyName, byte[] plaintext, VaultTransitContext transitContext) Encrypts the providedplaintextusing the named key.Encrypts the provided plain text using the named key.Encrypts the provided batch ofplaintextusing the named key and context.Encrypts the providedplaintextusing the named key.exportKey(String keyName, TransitKeyType type) Returns the value of the named encryption key.Create a HMAC usingkeyNameof givenPlaintextusing the default hash algorithm.getHmac(String keyName, VaultHmacRequest hmacRequest) Create a HMAC usingkeyNameof givenVaultHmacRequestusing the default hash algorithm.Return information about a named encryption key.getKeys()Get aListof transit key names.Rewrap the provided cipher text using the latest version of the named key.rewrap(String keyName, String ciphertext, VaultTransitContext transitContext) Rewrap the provided cipher text using the latest version of the named key.voidRotates the version of the named key.Create a cryptographic signature usingkeyNameof the givenPlaintextand the default hash algorithm.sign(String keyName, VaultSignRequest signRequest) Create a cryptographic signature usingkeyNameof the givenVaultSignRequestand the specified hash algorithm.toString()booleanverify(String keyName, VaultSignatureVerificationRequest verificationRequest) Verify the cryptographic signature usingkeyNameof the givenVaultSignRequest.
-
Constructor Details
-
VaultTransitTemplate
- Parameters:
vaultOperations- must not be null.path- must not be empty or null.
-
-
Method Details
-
createKey
Description copied from interface:VaultTransitOperationsCreate a new named encryption key given aname.- Specified by:
createKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.
-
createKey
Description copied from interface:VaultTransitOperationsCreate a new named encryption key given anameandVaultTransitKeyCreationRequest. The key options set here cannot be changed after key creation.- Specified by:
createKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.createKeyRequest- must not be null.
-
getKeys
Description copied from interface:VaultTransitOperationsGet aListof transit key names.- Specified by:
getKeysin interfaceVaultTransitOperations- Returns:
Listof transit key names.
-
configureKey
Description copied from interface:VaultTransitOperationsCreate a new named encryption key given aname.- Specified by:
configureKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.keyConfiguration- must not be null.
-
exportKey
Description copied from interface:VaultTransitOperationsReturns the value of the named encryption key. Depending on the type of key, different information may be returned. The key must be exportable to support this operation.- Specified by:
exportKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.type- must not be null.- Returns:
- the
RawTransitKey.
-
getKey
Description copied from interface:VaultTransitOperationsReturn information about a named encryption key.- Specified by:
getKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.- Returns:
- the
VaultTransitKey.
-
deleteKey
Description copied from interface:VaultTransitOperationsDeletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.- Specified by:
deleteKeyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.
-
rotate
Description copied from interface:VaultTransitOperationsRotates the version of the named key. After rotation, new plain text requests will be encrypted with the new version of the key. To upgrade ciphertext to be encrypted with the latest version of the key, useVaultTransitOperations.rewrap(String, String).- Specified by:
rotatein interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.- See Also:
-
encrypt
Description copied from interface:VaultTransitOperationsEncrypts the provided plain text using the named key. The givenplaintextis encoded into bytes using thedefault charset. UseVaultTransitOperations.encrypt(String, org.springframework.vault.support.Plaintext)to construct aPlaintextobject from bytes to avoidCharsetmismatches.- Specified by:
encryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.- Returns:
- cipher text.
-
encrypt
Description copied from interface:VaultTransitOperationsEncrypts the providedplaintextusing the named key.- Specified by:
encryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be null.- Returns:
- cipher text.
-
encrypt
Description copied from interface:VaultTransitOperationsEncrypts the providedplaintextusing the named key.- Specified by:
encryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
-
encrypt
Description copied from interface:VaultTransitOperationsEncrypts the provided batch ofplaintextusing the named key and context. The encryption is done using transit backend's batch operation.- Specified by:
encryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.batchRequest- a list ofPlaintextwhich includes plain text and an optional context.- Returns:
- the encrypted result in the order of
batchRequestplaintexts.
-
decrypt
Description copied from interface:VaultTransitOperationsDecrypts the provided plain text using the named key. The decodedplaintextis decoded intoStringthedefault charset. UseVaultTransitOperations.decrypt(String, org.springframework.vault.support.Ciphertext)to obtain aCiphertextobject that allows to control theCharsetfor later consumption.- Specified by:
decryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.- Returns:
- plain text.
-
decrypt
Description copied from interface:VaultTransitOperationsDecrypts the provided cipher text using the named key.- Specified by:
decryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be null.- Returns:
- plain text.
-
decrypt
Description copied from interface:VaultTransitOperationsDecrypts the providedciphertextusing the named key.- Specified by:
decryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
-
decrypt
Description copied from interface:VaultTransitOperationsDecrypts the provided barch of cipher text using the named key and context. The* decryption is done using transit backend's batch operation.- Specified by:
decryptin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.batchRequest- a list ofCiphertextwhich includes plain text and an optional context.- Returns:
- the decrypted result in the order of
batchRequestciphertexts.
-
rewrap
Description copied from interface:VaultTransitOperationsRewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.- Specified by:
rewrapin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.- Returns:
- cipher text.
- See Also:
-
rewrap
Description copied from interface:VaultTransitOperationsRewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.- Specified by:
rewrapin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
- See Also:
-
getHmac
Description copied from interface:VaultTransitOperationsCreate a HMAC usingkeyNameof givenPlaintextusing the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, the latest (current) version will be used.- Specified by:
getHmacin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be null.- Returns:
- the digest of given data the default hash algorithm and the named key.
-
getHmac
Description copied from interface:VaultTransitOperationsCreate a HMAC usingkeyNameof givenVaultHmacRequestusing the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, configuredVaultHmacRequest.getKeyVersion()will be used.- Specified by:
getHmacin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.hmacRequest- theVaultHmacRequest, must not be null.- Returns:
- the digest of given data the default hash algorithm and the named key.
-
sign
Description copied from interface:VaultTransitOperationsCreate a cryptographic signature usingkeyNameof the givenPlaintextand the default hash algorithm. The key must be of a type that supports signing.- Specified by:
signin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.- Returns:
- Signature for
Plaintext.
-
sign
Description copied from interface:VaultTransitOperationsCreate a cryptographic signature usingkeyNameof the givenVaultSignRequestand the specified hash algorithm. The key must be of a type that supports signing.- Specified by:
signin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.signRequest-VaultSignRequestmust not be empty or null.- Returns:
- Signature for
VaultSignRequest.
-
verify
Description copied from interface:VaultTransitOperations- Specified by:
verifyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.plainText- must not be null.signature- Signature to be verified, must not be null.- Returns:
- true if the signature is valid, false otherwise.
-
verify
public SignatureValidation verify(String keyName, VaultSignatureVerificationRequest verificationRequest) Description copied from interface:VaultTransitOperationsVerify the cryptographic signature usingkeyNameof the givenVaultSignRequest.- Specified by:
verifyin interfaceVaultTransitOperations- Parameters:
keyName- must not be empty or null.verificationRequest-VaultSignatureVerificationRequestmust not be null.- Returns:
- the resulting
SignatureValidation.
-
toString
-