org.apache.parquet.crypto.keytools

Class PropertiesDrivenCryptoFactory

java.lang.Object

org.apache.parquet.crypto.keytools.PropertiesDrivenCryptoFactory

All Implemented Interfaces:

DecryptionPropertiesFactory, EncryptionPropertiesFactory

public class PropertiesDrivenCryptoFactory
extends Object
implements EncryptionPropertiesFactory, DecryptionPropertiesFactory

Field Summary

Fields

Modifier and Type	Field and Description
static String	COLUMN_KEYS_PROPERTY_NAME List of columns to encrypt, with master key IDs (see HIVE-21848).
static boolean	COMPLETE_COLUMN_ENCRYPTION_DEFAULT
static String	COMPLETE_COLUMN_ENCRYPTION_PROPERTY_NAME Encrypt unlisted columns using footer key.
static String	ENCRYPTION_ALGORITHM_DEFAULT
static String	ENCRYPTION_ALGORITHM_PROPERTY_NAME Parquet encryption algorithm.
static String	FOOTER_KEY_PROPERTY_NAME Master key ID for footer encryption/signing.
static boolean	PLAINTEXT_FOOTER_DEFAULT
static String	PLAINTEXT_FOOTER_PROPERTY_NAME Write files with plaintext footer.
static String	UNIFORM_KEY_PROPERTY_NAME Master key ID for uniform encryption (same key for all columns and footer).

Fields inherited from interface org.apache.parquet.crypto.EncryptionPropertiesFactory

CRYPTO_FACTORY_CLASS_PROPERTY_NAME

Fields inherited from interface org.apache.parquet.crypto.DecryptionPropertiesFactory

CRYPTO_FACTORY_CLASS_PROPERTY_NAME

Constructor Summary

Constructors

Constructor and Description
PropertiesDrivenCryptoFactory()

Method Summary

Modifier and Type	Method and Description
FileDecryptionProperties	getFileDecryptionProperties(org.apache.hadoop.conf.Configuration hadoopConfig, org.apache.hadoop.fs.Path filePath) Get FileDecryptionProperties object which is created by the implementation of this interface.
FileEncryptionProperties	getFileEncryptionProperties(org.apache.hadoop.conf.Configuration fileHadoopConfig, org.apache.hadoop.fs.Path tempFilePath, WriteSupport.WriteContext fileWriteContext) Get FileEncryptionProperties object which is created by the implementation of this interface.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.parquet.crypto.EncryptionPropertiesFactory

loadFactory

Methods inherited from interface org.apache.parquet.crypto.DecryptionPropertiesFactory

loadFactory

Field Detail

COLUMN_KEYS_PROPERTY_NAME

public static final String COLUMN_KEYS_PROPERTY_NAME

List of columns to encrypt, with master key IDs (see HIVE-21848). Format: "masterKeyID:colName,colName;masterKeyID:colName...". Unlisted columns are not encrypted.

See Also:

Constant Field Values

FOOTER_KEY_PROPERTY_NAME

public static final String FOOTER_KEY_PROPERTY_NAME

Master key ID for footer encryption/signing.

See Also:

Constant Field Values

COMPLETE_COLUMN_ENCRYPTION_PROPERTY_NAME

public static final String COMPLETE_COLUMN_ENCRYPTION_PROPERTY_NAME

Encrypt unlisted columns using footer key. By default, false - unlisted columns are not encrypted.

See Also:

Constant Field Values

UNIFORM_KEY_PROPERTY_NAME

public static final String UNIFORM_KEY_PROPERTY_NAME

Master key ID for uniform encryption (same key for all columns and footer).

See Also:

Constant Field Values

ENCRYPTION_ALGORITHM_PROPERTY_NAME

public static final String ENCRYPTION_ALGORITHM_PROPERTY_NAME

Parquet encryption algorithm. Can be "AES_GCM_V1" (default), or "AES_GCM_CTR_V1".

See Also:

Constant Field Values

PLAINTEXT_FOOTER_PROPERTY_NAME

public static final String PLAINTEXT_FOOTER_PROPERTY_NAME

Write files with plaintext footer. By default, false - Parquet footers are encrypted.

See Also:

Constant Field Values

ENCRYPTION_ALGORITHM_DEFAULT

public static final String ENCRYPTION_ALGORITHM_DEFAULT

PLAINTEXT_FOOTER_DEFAULT

public static final boolean PLAINTEXT_FOOTER_DEFAULT

See Also:

Constant Field Values

COMPLETE_COLUMN_ENCRYPTION_DEFAULT

public static final boolean COMPLETE_COLUMN_ENCRYPTION_DEFAULT

See Also:

Constant Field Values

Constructor Detail

PropertiesDrivenCryptoFactory

public PropertiesDrivenCryptoFactory()

Method Detail

getFileEncryptionProperties

public FileEncryptionProperties getFileEncryptionProperties(org.apache.hadoop.conf.Configuration fileHadoopConfig,
                                                            org.apache.hadoop.fs.Path tempFilePath,
                                                            WriteSupport.WriteContext fileWriteContext)
                                                     throws ParquetCryptoRuntimeException

Description copied from interface: EncryptionPropertiesFactory

Get FileEncryptionProperties object which is created by the implementation of this interface. Please see the unit test SampleEncryptionPropertiesFactory for example

Specified by:

getFileEncryptionProperties in interface EncryptionPropertiesFactory

Parameters:

fileHadoopConfig - Configuration that is used to pass the needed information, e.g. KMS uri

tempFilePath - File path of the parquet file being written. Can be used for AAD prefix creation, key material management, etc. Implementations must not presume the path is permanent, as the file can be moved or renamed later

fileWriteContext - WriteContext to provide information like schema to build the FileEncryptionProperties

Returns:

object with class of FileEncryptionProperties. Null return value means the file should not be encrypted.

Throws:

ParquetCryptoRuntimeException - if there is an exception while creating the object

getFileDecryptionProperties

public FileDecryptionProperties getFileDecryptionProperties(org.apache.hadoop.conf.Configuration hadoopConfig,
                                                            org.apache.hadoop.fs.Path filePath)
                                                     throws ParquetCryptoRuntimeException

Description copied from interface: DecryptionPropertiesFactory

Get FileDecryptionProperties object which is created by the implementation of this interface. Please see the unit test SampleDecryptionPropertiesFactory for example

Specified by:

getFileDecryptionProperties in interface DecryptionPropertiesFactory

Parameters:

hadoopConfig - Configuration that is used to pass the needed information, e.g. KMS uri

filePath - File path of the parquet file Can be used for AAD prefix verification, part of key metadata etc

Returns:

object with class of FileDecryptionProperties. Null return value means no decryption properties are available for the file (not required for plaintext files. Or for plaintext columns in encrypted files with plaintext footer).

Throws:

ParquetCryptoRuntimeException - if there is an exception while creating the object