-
Notifications
You must be signed in to change notification settings - Fork 0
Wiring up encryption metadata to the DBPA remote and local agents. #167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 6 commits
9aded37
58fc43d
53926fc
02023d2
3d793f0
dc9a956
f9f1740
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -41,7 +41,7 @@ namespace dbps::external { | |
| class DBPS_EXPORT LocalEncryptionResult : public EncryptionResult { | ||
| public: | ||
| // Constructor for successful encryption | ||
| LocalEncryptionResult(std::vector<uint8_t> ciphertext); | ||
| LocalEncryptionResult(std::vector<uint8_t> ciphertext, const std::map<std::string, std::string>& encryption_metadata = {}); | ||
|
|
||
| // Constructor for failed encryption | ||
| LocalEncryptionResult(const std::string& error_stage, const std::string& error_message); | ||
|
|
@@ -50,6 +50,7 @@ class DBPS_EXPORT LocalEncryptionResult : public EncryptionResult { | |
| span<const uint8_t> ciphertext() const override; | ||
| std::size_t size() const override; | ||
| bool success() const override; | ||
| const std::optional<std::map<std::string, std::string>> encryption_metadata() const override; | ||
| const std::string& error_message() const override; | ||
| const std::map<std::string, std::string>& error_fields() const override; | ||
|
|
||
|
|
@@ -58,6 +59,7 @@ class DBPS_EXPORT LocalEncryptionResult : public EncryptionResult { | |
| private: | ||
| std::vector<uint8_t> ciphertext_; | ||
| bool success_; | ||
| std::map<std::string, std::string> encryption_metadata_; | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not sure if it should be in this header file or in another, but can you add a comment with an example of what may be contained in here?
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added comments on the dbpa_interface.h file. |
||
| std::string error_message_; | ||
| std::map<std::string, std::string> error_fields_; | ||
| }; | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -47,24 +47,39 @@ bool RemoteEncryptionResult::success() const { | |
| return response_ && response_->Success(); | ||
| } | ||
|
|
||
| const std::optional<std::map<std::string, std::string>> RemoteEncryptionResult::encryption_metadata() const { | ||
| if (!parsed_encryption_metadata_.has_value() && response_ && response_->Success()) { | ||
| const auto& response_attrs = response_->GetResponseAttributes(); | ||
| // For the RemoteEncryptionResult, encryption_metadata_ is forwarded from the API response. | ||
| // The attribute in the API response is also named encryption_metadata. | ||
| // If the API reponse is empty, the parsed value is set to NULL for compatibility with the class interface. | ||
| if (!response_attrs.encryption_metadata_.empty()) { | ||
| parsed_encryption_metadata_ = response_attrs.encryption_metadata_; | ||
| } else { | ||
| parsed_encryption_metadata_ = std::nullopt; | ||
| } | ||
|
Comment on lines
+52
to
+60
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. let's document what's going on here - it's a bit hard to grasp
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. You can let me know if the comment is sufficient and I can expand more if needed.
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it's a clearer, thanks - but the whole concept of 'cached metadata' is a bit confusing. maybe let's add a short note on that? (in particular, why is it 'cached' ?)
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. thank you! it's much clearer now. |
||
| } | ||
| return parsed_encryption_metadata_; | ||
| } | ||
|
|
||
| const std::string& RemoteEncryptionResult::error_message() const { | ||
| if (cached_error_message_.empty() && response_) { | ||
| if (parsed_error_message_.empty() && response_) { | ||
| if (!response_->Success()) { | ||
| cached_error_message_ = response_->ErrorMessage(); | ||
| parsed_error_message_ = response_->ErrorMessage(); | ||
| } else { | ||
| cached_error_message_ = "Successful encryption"; | ||
| parsed_error_message_ = "Successful encryption"; | ||
| } | ||
| } | ||
| return cached_error_message_; | ||
| return parsed_error_message_; | ||
| } | ||
|
|
||
| const std::map<std::string, std::string>& RemoteEncryptionResult::error_fields() const { | ||
| if (cached_error_fields_.empty() && response_) { | ||
| if (parsed_error_fields_.empty() && response_) { | ||
| if (!response_->Success()) { | ||
| cached_error_fields_ = response_->ErrorFields(); | ||
| parsed_error_fields_ = response_->ErrorFields(); | ||
| } | ||
| } | ||
| return cached_error_fields_; | ||
| return parsed_error_fields_; | ||
| } | ||
|
|
||
| RemoteDecryptionResult::RemoteDecryptionResult(std::unique_ptr<DecryptApiResponse> response) | ||
|
|
@@ -90,23 +105,23 @@ bool RemoteDecryptionResult::success() const { | |
| } | ||
|
|
||
| const std::string& RemoteDecryptionResult::error_message() const { | ||
| if (cached_error_message_.empty() && response_) { | ||
| if (parsed_error_message_.empty() && response_) { | ||
| if (!response_->Success()) { | ||
| cached_error_message_ = response_->ErrorMessage(); | ||
| parsed_error_message_ = response_->ErrorMessage(); | ||
| } else { | ||
| cached_error_message_ = "Successful decryption"; | ||
| parsed_error_message_ = "Successful decryption"; | ||
| } | ||
| } | ||
| return cached_error_message_; | ||
| return parsed_error_message_; | ||
| } | ||
|
|
||
| const std::map<std::string, std::string>& RemoteDecryptionResult::error_fields() const { | ||
| if (cached_error_fields_.empty() && response_) { | ||
| if (parsed_error_fields_.empty() && response_) { | ||
| if (!response_->Success()) { | ||
| cached_error_fields_ = response_->ErrorFields(); | ||
| parsed_error_fields_ = response_->ErrorFields(); | ||
| } | ||
| } | ||
| return cached_error_fields_; | ||
| return parsed_error_fields_; | ||
| } | ||
|
|
||
| // Helper functions for validating that fields of the request <> response match. | ||
|
|
@@ -318,7 +333,9 @@ std::unique_ptr<DecryptionResult> RemoteDataBatchProtectionAgent::Decrypt(span<c | |
| compression_type_, | ||
| column_key_id_, | ||
| user_id_, | ||
| app_context_ | ||
| app_context_, | ||
| // For the Decrypt use case, column_encryption_metadata_ will be set on the constructor, however adding a default empty map for type safety. | ||
| column_encryption_metadata_.value_or(std::map<std::string, std::string>{}) | ||
| ); | ||
|
|
||
| // Validate that response fields match request fields | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.