Package org.apache.parquet.crypto
Class FileDecryptionProperties.Builder
- java.lang.Object
-
- org.apache.parquet.crypto.FileDecryptionProperties.Builder
-
- Enclosing class:
- FileDecryptionProperties
public static class FileDecryptionProperties.Builder extends Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description FileDecryptionPropertiesbuild()FileDecryptionProperties.BuilderwithAADPrefix(byte[] aadPrefixBytes)Explicitly supply the file AAD prefix.FileDecryptionProperties.BuilderwithAADPrefixVerifier(AADPrefixVerifier aadPrefixVerifier)Set callback for verification of AAD Prefixes stored in file.FileDecryptionProperties.BuilderwithColumnKeys(Map<org.apache.parquet.hadoop.metadata.ColumnPath,ColumnDecryptionProperties> columnProperties)Set explicit column keys (decryption properties).FileDecryptionProperties.BuilderwithFooterKey(byte[] footerKey)Set an explicit footer key.FileDecryptionProperties.BuilderwithKeyRetriever(DecryptionKeyRetriever keyRetriever)Set a key retriever callback.FileDecryptionProperties.BuilderwithoutFooterSignatureVerification()Skip integrity verification of plaintext footers.FileDecryptionProperties.BuilderwithPlaintextFilesAllowed()By default, reading plaintext (unencrypted) files is not allowed when using a decryptor - in order to detect files that were not encrypted by mistake.
-
-
-
Method Detail
-
withFooterKey
public FileDecryptionProperties.Builder withFooterKey(byte[] footerKey)
Set an explicit footer key. If applied on a file that contains footer key metadata - the metadata will be ignored, the footer will be decrypted/verified with this key. If explicit key is not set, footer key will be fetched from key retriever.- Parameters:
footerKey- Key length must be either 16, 24 or 32 bytes.- Returns:
- Builder
-
withColumnKeys
public FileDecryptionProperties.Builder withColumnKeys(Map<org.apache.parquet.hadoop.metadata.ColumnPath,ColumnDecryptionProperties> columnProperties)
Set explicit column keys (decryption properties). Its also possible to set a key retriever on this file decryption properties object. Upon reading, availability of explicit keys is checked before invocation of the retriever callback. If an explicit key is available for a footer or a column, its key metadata will be ignored.- Parameters:
columnProperties- Explicit column decryption keys- Returns:
- Builder
-
withKeyRetriever
public FileDecryptionProperties.Builder withKeyRetriever(DecryptionKeyRetriever keyRetriever)
Set a key retriever callback. It is also possible to set explicit footer or column keys on this file property object. Upon file decryption, availability of explicit keys is checked before invocation of the retriever callback. If an explicit key is available for a footer or a column, its key metadata will be ignored.- Parameters:
keyRetriever- Key retriever object- Returns:
- Builder
-
withoutFooterSignatureVerification
public FileDecryptionProperties.Builder withoutFooterSignatureVerification()
Skip integrity verification of plaintext footers. If not called, integrity of plaintext footers will be checked in runtime, and an exception will be thrown in the following situations: - footer signing key is not available (not passed, or not found by key retriever) - footer content doesn't match the signature- Returns:
- Builder
-
withAADPrefix
public FileDecryptionProperties.Builder withAADPrefix(byte[] aadPrefixBytes)
Explicitly supply the file AAD prefix. A must when a prefix is used for file encryption, but not stored in file. If AAD prefix is stored in file, it will be compared to the explicitly supplied value and an exception will be thrown if they differ.- Parameters:
aadPrefixBytes- AAD Prefix- Returns:
- Builder
-
withAADPrefixVerifier
public FileDecryptionProperties.Builder withAADPrefixVerifier(AADPrefixVerifier aadPrefixVerifier)
Set callback for verification of AAD Prefixes stored in file.- Parameters:
aadPrefixVerifier- AAD prefix verification object- Returns:
- Builder
-
withPlaintextFilesAllowed
public FileDecryptionProperties.Builder withPlaintextFilesAllowed()
By default, reading plaintext (unencrypted) files is not allowed when using a decryptor - in order to detect files that were not encrypted by mistake. However, the default behavior can be overriden by calling this method. The caller should use then a different method to ensure encryption of files with sensitive data.- Returns:
- Builder
-
build
public FileDecryptionProperties build()
-
-