Re: [PR] Manifest list encryption [iceberg]

Tue, 30 Jul 2024 21:12:17 -0700 


ggershinsky commented on code in PR #7770:
URL: https://github.com/apache/iceberg/pull/7770#discussion_r1697872635


##########
core/src/main/java/org/apache/iceberg/SnapshotParser.java:
##########
@@ -147,6 +169,42 @@ static Snapshot fromJson(JsonNode node) {
     if (node.has(MANIFEST_LIST)) {
       // the manifest list is stored in a manifest list file
       String manifestList = JsonUtil.getString(MANIFEST_LIST, node);
+
+      ByteBuffer manifestListKeyMetadata = null;
+      ByteBuffer wrappedManifestListKeyMetadata = null;
+      String wrappedKeyEncryptionKey = null;
+
+      // Manifest list can be encrypted
+      if (node.has(MANIFEST_LIST_KEY_METADATA)) {
+        // Decode and decrypt manifest list key with metadata key
+        String manifestListKeyMetadataString = 
JsonUtil.getString(MANIFEST_LIST_KEY_METADATA, node);
+        wrappedManifestListKeyMetadata =
+            
ByteBuffer.wrap(Base64.getDecoder().decode(manifestListKeyMetadataString));
+
+        NativeEncryptionKeyMetadata nativeWrappedKeyMetadata =
+            EncryptionUtil.parseKeyMetadata(wrappedManifestListKeyMetadata);
+        ByteBuffer wrappedManifestListKey = 
nativeWrappedKeyMetadata.encryptionKey();
+        Preconditions.checkState(
+            encryption instanceof StandardEncryptionManager,
+            "Can't decrypt manifest list key - encryption manager %s is not 
instance of StandardEncryptionManager",
+            encryption.getClass());
+        StandardEncryptionManager standardEncryptionManager =
+            (StandardEncryptionManager) encryption;
+        byte[] keyEncryptionKey = standardEncryptionManager.keyEncryptionKey();

Review Comment:
   Per our discussion, we'll use a key cache for this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to