public virtual Response DecryptEncryptedKey(string versionName, string eekOp, IDictionary
jsonPayload)
{
UserGroupInformation user = HttpUserGroupInformation.Get();
KMSClientProvider.CheckNotEmpty(versionName, "versionName");
KMSClientProvider.CheckNotNull(eekOp, "eekOp");
string keyName = (string)jsonPayload[KMSRESTConstants.NameField];
string ivStr = (string)jsonPayload[KMSRESTConstants.IvField];
string encMaterialStr = (string)jsonPayload[KMSRESTConstants.MaterialField];
object retJSON;
if (eekOp.Equals(KMSRESTConstants.EekDecrypt))
{
AssertAccess(KMSACLs.Type.DecryptEek, user, KMS.KMSOp.DecryptEek, keyName);
KMSClientProvider.CheckNotNull(ivStr, KMSRESTConstants.IvField);
byte[] iv = Base64.DecodeBase64(ivStr);
KMSClientProvider.CheckNotNull(encMaterialStr, KMSRESTConstants.MaterialField);
byte[] encMaterial = Base64.DecodeBase64(encMaterialStr);
KeyProvider.KeyVersion retKeyVersion = user.DoAs(new _PrivilegedExceptionAction_433
(this, keyName, versionName, iv, encMaterial));
retJSON = KMSServerJSONUtils.ToJSON(retKeyVersion);
kmsAudit.Ok(user, KMS.KMSOp.DecryptEek, keyName, string.Empty);
}
else
{
throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be "
+ KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt);
}
KMSWebApp.GetDecryptEEKCallsMeter().Mark();
return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build());
}
public virtual Response GenerateEncryptedKeys(string name, string edekOp, int numKeys
)
{
UserGroupInformation user = HttpUserGroupInformation.Get();
KMSClientProvider.CheckNotEmpty(name, "name");
KMSClientProvider.CheckNotNull(edekOp, "eekOp");
object retJSON;
if (edekOp.Equals(KMSRESTConstants.EekGenerate))
{
AssertAccess(KMSACLs.Type.GenerateEek, user, KMS.KMSOp.GenerateEek, name);
IList <KeyProviderCryptoExtension.EncryptedKeyVersion> retEdeks = new List <KeyProviderCryptoExtension.EncryptedKeyVersion
>();
try
{
user.DoAs(new _PrivilegedExceptionAction_375(this, numKeys, retEdeks, name));
}
catch (Exception e)
{
throw new IOException(e);
}
kmsAudit.Ok(user, KMS.KMSOp.GenerateEek, name, string.Empty);
retJSON = new ArrayList();
foreach (KeyProviderCryptoExtension.EncryptedKeyVersion edek in retEdeks)
{
((ArrayList)retJSON).AddItem(KMSServerJSONUtils.ToJSON(edek));
}
}
else
{
throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be "
+ KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt);
}
KMSWebApp.GetGenerateEEKCallsMeter().Mark();
return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build());
}
