public virtual Response DecryptEncryptedKey(string versionName, string eekOp, IDictionary jsonPayload) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(versionName, "versionName"); KMSClientProvider.CheckNotNull(eekOp, "eekOp"); string keyName = (string)jsonPayload[KMSRESTConstants.NameField]; string ivStr = (string)jsonPayload[KMSRESTConstants.IvField]; string encMaterialStr = (string)jsonPayload[KMSRESTConstants.MaterialField]; object retJSON; if (eekOp.Equals(KMSRESTConstants.EekDecrypt)) { AssertAccess(KMSACLs.Type.DecryptEek, user, KMS.KMSOp.DecryptEek, keyName); KMSClientProvider.CheckNotNull(ivStr, KMSRESTConstants.IvField); byte[] iv = Base64.DecodeBase64(ivStr); KMSClientProvider.CheckNotNull(encMaterialStr, KMSRESTConstants.MaterialField); byte[] encMaterial = Base64.DecodeBase64(encMaterialStr); KeyProvider.KeyVersion retKeyVersion = user.DoAs(new _PrivilegedExceptionAction_433 (this, keyName, versionName, iv, encMaterial)); retJSON = KMSServerJSONUtils.ToJSON(retKeyVersion); kmsAudit.Ok(user, KMS.KMSOp.DecryptEek, keyName, string.Empty); } else { throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be " + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt); } KMSWebApp.GetDecryptEEKCallsMeter().Mark(); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build()); }
public virtual Response GenerateEncryptedKeys(string name, string edekOp, int numKeys ) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(name, "name"); KMSClientProvider.CheckNotNull(edekOp, "eekOp"); object retJSON; if (edekOp.Equals(KMSRESTConstants.EekGenerate)) { AssertAccess(KMSACLs.Type.GenerateEek, user, KMS.KMSOp.GenerateEek, name); IList <KeyProviderCryptoExtension.EncryptedKeyVersion> retEdeks = new List <KeyProviderCryptoExtension.EncryptedKeyVersion >(); try { user.DoAs(new _PrivilegedExceptionAction_375(this, numKeys, retEdeks, name)); } catch (Exception e) { throw new IOException(e); } kmsAudit.Ok(user, KMS.KMSOp.GenerateEek, name, string.Empty); retJSON = new ArrayList(); foreach (KeyProviderCryptoExtension.EncryptedKeyVersion edek in retEdeks) { ((ArrayList)retJSON).AddItem(KMSServerJSONUtils.ToJSON(edek)); } } else { throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be " + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt); } KMSWebApp.GetGenerateEEKCallsMeter().Mark(); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build()); }