dlmarion commented on code in PR #2197:
URL: https://github.com/apache/accumulo/pull/2197#discussion_r844344622
##########
core/src/main/java/org/apache/accumulo/core/spi/crypto/AESCryptoService.java:
##########
@@ -132,11 +134,11 @@ public FileEncrypter getFileEncrypter(CryptoEnvironment
environment) {
@Override
public FileDecrypter getFileDecrypter(CryptoEnvironment environment) {
CryptoModule cm;
- byte[] decryptionParams = environment.getDecryptionParams();
- if (decryptionParams == null || checkNoCrypto(decryptionParams))
+ var decryptionParams = environment.getDecryptionParams();
+ if (decryptionParams.isEmpty() || checkNoCrypto(decryptionParams.get()))
return new NoFileDecrypter();
- ParsedCryptoParameters parsed = parseCryptoParameters(decryptionParams);
+ ParsedCryptoParameters parsed =
parseCryptoParameters(decryptionParams.get());
Key kek = loadDecryptionKek(parsed);
Review Comment:
From what I can tell, loadDecryptionKek is only called once, and inside of
the method it only parses and stores one key for decryption in the variable
`decryptingKeys`. However, `decryptingKeys` is a Map, which makes sense because
IIRC you will only use 1 current un-expired key for encrypting, but you may
need the current and all historical keys (the expired or rotated ones) for
decrypting.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@accumulo.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
