Package org.springframework.vault.core
Class ReactiveVaultTransitTemplate
java.lang.Object
org.springframework.vault.core.ReactiveVaultTransitTemplate
- All Implemented Interfaces:
ReactiveVaultTransitOperations
Default implementation of
ReactiveVaultTransitOperations.- Since:
- 3.1
- Author:
- James Luke
-
Constructor Summary
ConstructorsConstructorDescriptionReactiveVaultTransitTemplate(ReactiveVaultOperations reactiveVaultOperations, String path) -
Method Summary
Modifier and TypeMethodDescriptionconfigureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration) Create a new named encryption key given aname.Create a new named encryption key given aname.createKey(String keyName, VaultTransitKeyCreationRequest createKeyRequest) Create a new named encryption key given anameandVaultTransitKeyCreationRequest.Decrypts the provided plain text using the named key.Mono<byte[]>decrypt(String keyName, String ciphertext, VaultTransitContext transitContext) Decrypts the providedciphertextusing the named key.decrypt(String keyName, List<Ciphertext> batchRequest) Decrypts the provided batch of cipher text using the named key and context.decrypt(String keyName, Ciphertext ciphertext) Decrypts the provided cipher text using the named key.Deletes a named encryption key.encrypt(String keyName, byte[] plaintext, VaultTransitContext transitContext) Encrypts the providedplaintextusing the named key.Encrypts the provided plain text using the named key.Encrypts the provided batch ofplaintextusing the named key and context.Encrypts the providedplaintextusing the named key.exportKey(String keyName, TransitKeyType type) Returns the value of the named encryption key.Create a HMAC usingkeyNameof givenPlaintextusing the default hash algorithm.getHmac(String keyName, VaultHmacRequest hmacRequest) Create a HMAC usingkeyNameof givenVaultHmacRequestusing the default hash algorithm.Return information about a named encryption key.getKeys()Get aFluxof transit key names.Rewrap the provided cipher text using the latest version of the named key.rewrap(String keyName, String ciphertext, VaultTransitContext transitContext) Rewrap the provided cipher text using the latest version of the named key.rewrap(String keyName, List<Ciphertext> batchRequest) Rewrap the provided batch of cipher text using the latest version of the named key.Rotates the version of the named key.Create a cryptographic signature usingkeyNameof the givenPlaintextand the default hash algorithm.sign(String keyName, VaultSignRequest signRequest) Create a cryptographic signature usingkeyNameof the givenVaultSignRequestand the specified hash algorithm.verify(String keyName, VaultSignatureVerificationRequest verificationRequest) Verify the cryptographic signature usingkeyNameof the givenVaultSignRequest.
-
Constructor Details
-
ReactiveVaultTransitTemplate
-
-
Method Details
-
createKey
Description copied from interface:ReactiveVaultTransitOperationsCreate a new named encryption key given aname.- Specified by:
createKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.
-
createKey
Description copied from interface:ReactiveVaultTransitOperationsCreate a new named encryption key given anameandVaultTransitKeyCreationRequest. The key options set here cannot be changed after key creation.- Specified by:
createKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.createKeyRequest- must not be null.
-
rotate
Description copied from interface:ReactiveVaultTransitOperationsRotates the version of the named key. After rotation, new plain text requests will be encrypted with the new version of the key. To upgrade ciphertext to be encrypted with the latest version of the key, useReactiveVaultTransitOperations.rewrap(String, String).- Specified by:
rotatein interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.- See Also:
-
encrypt
Description copied from interface:ReactiveVaultTransitOperationsEncrypts the provided plain text using the named key. The givenplaintextis encoded into bytes using thedefault charset. UseReactiveVaultTransitOperations.encrypt(String, org.springframework.vault.support.Plaintext)to construct aPlaintextobject from bytes to avoidCharsetmismatches.- Specified by:
encryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.- Returns:
- cipher text.
-
configureKey
Description copied from interface:ReactiveVaultTransitOperationsCreate a new named encryption key given aname.- Specified by:
configureKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.keyConfiguration- must not be null.
-
deleteKey
Description copied from interface:ReactiveVaultTransitOperationsDeletes a named encryption key. It will no longer be possible to decrypt any data encrypted with the named key.- Specified by:
deleteKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.
-
getKeys
Description copied from interface:ReactiveVaultTransitOperationsGet aFluxof transit key names.- Specified by:
getKeysin interfaceReactiveVaultTransitOperations- Returns:
Fluxof transit key names.
-
encrypt
Description copied from interface:ReactiveVaultTransitOperationsEncrypts the providedplaintextusing the named key.- Specified by:
encryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
-
encrypt
Description copied from interface:ReactiveVaultTransitOperationsEncrypts the providedplaintextusing the named key.- Specified by:
encryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be null.- Returns:
- cipher text.
-
decrypt
Description copied from interface:ReactiveVaultTransitOperationsDecrypts the provided plain text using the named key. The decodedplaintextis decoded intoStringthedefault charset. UseReactiveVaultTransitOperations.decrypt(String, org.springframework.vault.support.Ciphertext)to obtain aCiphertextobject that allows to control theCharsetfor later consumption.- Specified by:
decryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.- Returns:
- plain text.
-
decrypt
Description copied from interface:ReactiveVaultTransitOperationsDecrypts the provided cipher text using the named key.- Specified by:
decryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be null.- Returns:
- plain text.
-
decrypt
Description copied from interface:ReactiveVaultTransitOperationsDecrypts the providedciphertextusing the named key.- Specified by:
decryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
-
rewrap
Description copied from interface:ReactiveVaultTransitOperationsRewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.- Specified by:
rewrapin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.- Returns:
- cipher text.
- See Also:
-
rewrap
Description copied from interface:ReactiveVaultTransitOperationsRewrap the provided cipher text using the latest version of the named key. Because this never returns plain text, it is possible to delegate this functionality to untrusted users or scripts.- Specified by:
rewrapin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.ciphertext- must not be empty or null.transitContext- must not be null. UseVaultTransitContext.empty()if no request options provided.- Returns:
- cipher text.
- See Also:
-
rewrap
Description copied from interface:ReactiveVaultTransitOperationsRewrap the provided batch of cipher text using the latest version of the named key.- Specified by:
rewrapin interfaceReactiveVaultTransitOperationsbatchRequest- a list ofCiphertextwhich includes cipher text and a context- Returns:
- the rewrapped result in the order of
batchRequestciphertexts. - See Also:
-
encrypt
Description copied from interface:ReactiveVaultTransitOperationsEncrypts the provided batch ofplaintextusing the named key and context. The encryption is done using transit backend's batch operation.- Specified by:
encryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.batchRequest- a list ofPlaintextwhich includes plain text and an optional context.- Returns:
- the encrypted result in the order of
batchRequestplaintexts.
-
decrypt
Description copied from interface:ReactiveVaultTransitOperationsDecrypts the provided batch of cipher text using the named key and context. The* decryption is done using transit backend's batch operation.- Specified by:
decryptin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.batchRequest- a list ofCiphertextwhich includes plain text and an optional context.- Returns:
- the decrypted result in the order of
batchRequestciphertexts.
-
getHmac
Description copied from interface:ReactiveVaultTransitOperationsCreate a HMAC usingkeyNameof givenPlaintextusing the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, the latest (current) version will be used.- Specified by:
getHmacin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be null.- Returns:
- the digest of given data the default hash algorithm and the named key.
-
getHmac
Description copied from interface:ReactiveVaultTransitOperationsCreate a HMAC usingkeyNameof givenVaultHmacRequestusing the default hash algorithm. The key can be of any type supported by transit; the raw key will be marshaled into bytes to be used for the HMAC function. If the key is of a type that supports rotation, configuredVaultHmacRequest.getKeyVersion()will be used.- Specified by:
getHmacin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.hmacRequest- theVaultHmacRequest, must not be null.- Returns:
- the digest of given data the default hash algorithm and the named key.
-
sign
Description copied from interface:ReactiveVaultTransitOperationsCreate a cryptographic signature usingkeyNameof the givenPlaintextand the default hash algorithm. The key must be of a type that supports signing.- Specified by:
signin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be empty or null.- Returns:
- Signature for
Plaintext.
-
sign
Description copied from interface:ReactiveVaultTransitOperationsCreate a cryptographic signature usingkeyNameof the givenVaultSignRequestand the specified hash algorithm. The key must be of a type that supports signing.- Specified by:
signin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.signRequest-VaultSignRequestmust not be empty or null.- Returns:
- Signature for
VaultSignRequest.
-
verify
Description copied from interface:ReactiveVaultTransitOperations- Specified by:
verifyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.plaintext- must not be null.signature- Signature to be verified, must not be null.- Returns:
- true if the signature is valid, false otherwise.
-
verify
public Mono<SignatureValidation> verify(String keyName, VaultSignatureVerificationRequest verificationRequest) Description copied from interface:ReactiveVaultTransitOperationsVerify the cryptographic signature usingkeyNameof the givenVaultSignRequest.- Specified by:
verifyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.verificationRequest-VaultSignatureVerificationRequestmust not be null.- Returns:
- the resulting
SignatureValidation.
-
exportKey
Description copied from interface:ReactiveVaultTransitOperationsReturns the value of the named encryption key. Depending on the type of key, different information may be returned. The key must be exportable to support this operation.- Specified by:
exportKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.type- must not be null.- Returns:
- the
RawTransitKey. Empty if key does not exist
-
getKey
Description copied from interface:ReactiveVaultTransitOperationsReturn information about a named encryption key.- Specified by:
getKeyin interfaceReactiveVaultTransitOperations- Parameters:
keyName- must not be empty or null.- Returns:
- the
VaultTransitKey. Empty if key does not exist.
-