/// <exception cref="System.IO.IOException"/>
/// <exception cref="GeneralSecurityException"/>
public virtual KeyProvider.KeyVersion DecryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion
encryptedKeyVersion)
{
CheckNotNull(encryptedKeyVersion.GetEncryptionKeyVersionName(), "versionName");
CheckNotNull(encryptedKeyVersion.GetEncryptedKeyIv(), "iv");
Preconditions.CheckArgument(encryptedKeyVersion.GetEncryptedKeyVersion().GetVersionName
().Equals(KeyProviderCryptoExtension.Eek), "encryptedKey version name must be '%s', is '%s'"
, KeyProviderCryptoExtension.Eek, encryptedKeyVersion.GetEncryptedKeyVersion().GetVersionName
());
CheckNotNull(encryptedKeyVersion.GetEncryptedKeyVersion(), "encryptedKey");
IDictionary <string, string> @params = new Dictionary <string, string>();
@params[KMSRESTConstants.EekOp] = KMSRESTConstants.EekDecrypt;
IDictionary <string, object> jsonPayload = new Dictionary <string, object>();
jsonPayload[KMSRESTConstants.NameField] = encryptedKeyVersion.GetEncryptionKeyName
();
jsonPayload[KMSRESTConstants.IvField] = Base64.EncodeBase64String(encryptedKeyVersion
.GetEncryptedKeyIv());
jsonPayload[KMSRESTConstants.MaterialField] = Base64.EncodeBase64String(encryptedKeyVersion
.GetEncryptedKeyVersion().GetMaterial());
Uri url = CreateURL(KMSRESTConstants.KeyVersionResource, encryptedKeyVersion.GetEncryptionKeyVersionName
(), KMSRESTConstants.EekSubResource, @params);
HttpURLConnection conn = CreateConnection(url, HttpPost);
conn.SetRequestProperty(ContentType, ApplicationJsonMime);
IDictionary response = Call <IDictionary>(conn, jsonPayload, HttpURLConnection.HttpOk
);
return(ParseJSONKeyVersion(response));
}
public static IDictionary ToJSON(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion
)
{
IDictionary json = new LinkedHashMap();
if (encryptedKeyVersion != null)
{
json[KMSRESTConstants.VersionNameField] = encryptedKeyVersion.GetEncryptionKeyVersionName
();
json[KMSRESTConstants.IvField] = Base64.EncodeBase64URLSafeString(encryptedKeyVersion
.GetEncryptedKeyIv());
json[KMSRESTConstants.EncryptedKeyVersionField] = ToJSON(encryptedKeyVersion.GetEncryptedKeyVersion
());
}
return(json);
}
/// <exception cref="System.IO.IOException"/>
private void VerifyKeyVersionBelongsToKey(KeyProviderCryptoExtension.EncryptedKeyVersion
ekv)
{
string kn = ekv.GetEncryptionKeyName();
string kvn = ekv.GetEncryptionKeyVersionName();
KeyProvider.KeyVersion kv = provider.GetKeyVersion(kvn);
if (kv == null)
{
throw new ArgumentException(string.Format("'%s' not found", kvn));
}
if (!kv.GetName().Equals(kn))
{
throw new ArgumentException(string.Format("KeyVersion '%s' does not belong to the key '%s'"
, kvn, kn));
}
}
/// <exception cref="System.Exception"/>
public Void Run()
{
KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf);
IDictionary <string, string> m = new Dictionary <string, string>();
m["key.acl.name"] = "testKey";
opt.SetAttributes(m);
KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt);
kpExt.RollNewVersion(kv.GetName());
kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16));
KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv
.GetName());
ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.CreateForDecryption(ekv.GetEncryptionKeyName
() + "x", ekv.GetEncryptionKeyVersionName(), ekv.GetEncryptedKeyIv(), ekv.GetEncryptedKeyVersion
().GetMaterial());
kpExt.DecryptEncryptedKey(ekv);
return(null);
}