-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CORE-16125: add Avro messages and topics for crypto key rotation (#1359)
Add initial versions of the Avro messages for crypto key rotation, and Kafka topics for them.
- Loading branch information
Showing
6 changed files
with
189 additions
and
1 deletion.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
...ources/avro/net/corda/data/crypto/wire/ops/key/rotation/IndividualKeyRotationRequest.avsc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"type": "record", | ||
"name": "IndividualKeyRotationRequest", | ||
"namespace": "net.corda.data.crypto.wire.ops.key.rotation", | ||
"doc": "Internal over-the-wire individual crypto key rotation operation request envelope.", | ||
"fields": [ | ||
{ | ||
"name": "requestId", | ||
"type": "string", | ||
"doc": "GUID allocated by client to control key rotation." | ||
}, | ||
{ | ||
"name": "tenantId", | ||
"type": "string", | ||
"doc": "Specifies the specific tenant that owns the old key." | ||
}, | ||
{ | ||
"name": "oldParentKeyAlias", | ||
"type": "string", | ||
"doc": "The key alias whose protected content will be re-wrapped with a new key." | ||
}, | ||
{ | ||
"name": "newParentKeyAlias", | ||
"type": "string", | ||
"doc": "The new wrapping key which oldParentKeyAlias' content will be re-wrapped with." | ||
}, | ||
{ | ||
"name": "targetKeyAlias", | ||
"type": "string", | ||
"doc": "Specifies the wrapped key to rotate." | ||
}, | ||
{ | ||
"name": "keyType", | ||
"type": { | ||
"type": "enum", | ||
"name": "KeyType", | ||
"symbols": ["MANAGED", "UNMANAGED"] | ||
}, | ||
"doc": "Type of the key to be rotated." | ||
} | ||
] | ||
} |
42 changes: 42 additions & 0 deletions
42
...c/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationRequest.avsc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"type": "record", | ||
"name": "KeyRotationRequest", | ||
"namespace": "net.corda.data.crypto.wire.ops.key.rotation", | ||
"doc": "Internal over-the-wire crypto key rotation operation request envelope.", | ||
"fields": [ | ||
{ | ||
"name": "requestId", | ||
"type": "string", | ||
"doc": "GUID allocated by client to control key rotation." | ||
}, | ||
{ | ||
"name": "managedKey", | ||
"type": { | ||
"type": "enum", | ||
"name": "KeyType", | ||
"symbols": ["MANAGED", "UNMANAGED"] | ||
}, | ||
"doc": "Type of the key to be rotated." | ||
}, | ||
{ | ||
"name": "oldParentKeyAlias", | ||
"type": ["null", "string"], | ||
"doc": "The key alias that should no longer be used, and all its protected content re-wrapped with a new key." | ||
}, | ||
{ | ||
"name": "newParentKeyAlias", | ||
"type": ["null", "string"], | ||
"doc": "The unmanaged key alias that should be used for material currently wrapped with old key. Only specified when rotating unmanaged keys." | ||
}, | ||
{ | ||
"name": "oldGeneration", | ||
"type": ["null", "int"], | ||
"doc": "Specifies the old generation number we should move away from. If absent, rotate all matching keys." | ||
}, | ||
{ | ||
"name": "tenantId", | ||
"type": ["null", "string"], | ||
"doc": "Only specified when targeting managed keys. Specifies the specific tenant that owns the old and new key." | ||
} | ||
] | ||
} |
73 changes: 73 additions & 0 deletions
73
...rc/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationStatus.avsc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{ | ||
"type": "record", | ||
"name": "KeyRotationStatus", | ||
"namespace": "net.corda.data.crypto.wire.ops.key.rotation", | ||
"doc": "Response for crypto's key rotation operation envelope", | ||
"fields": [ | ||
{ | ||
"name": "requestId", | ||
"type": "string", | ||
"doc": "GUID allocated by client and passed in StartRotation message." | ||
}, | ||
{ | ||
"name": "managedKey", | ||
"type": { | ||
"type": "enum", | ||
"name": "KeyType", | ||
"symbols": ["MANAGED", "UNMANAGED"] | ||
}, | ||
"doc": "Type of the key to be rotated." | ||
}, | ||
{ | ||
"name": "oldParentKeyAlias", | ||
"type": ["null", "string"], | ||
"doc": "The wrapping key alias that should no longer be used, and all its protected content re-wrapped with a new key." | ||
}, | ||
{ | ||
"name": "newParentKeyAlias", | ||
"type": ["null", "string"], | ||
"doc": "The wrapping key alias that should be used for material currently wrapped with old key. Only specified when rotating unmanaged keys." | ||
}, | ||
{ | ||
"name": "oldGeneration", | ||
"type": ["null", "int"], | ||
"doc": "Specifies the old generation number we should move away from. If absent, rotate all matching keys." | ||
}, | ||
{ | ||
"name": "tenantId", | ||
"type": ["null", "string"], | ||
"doc": "Only specified when targeting managed keys. Specifies the specific tenant that owns the old and new key." | ||
}, | ||
{ | ||
"name": "newGeneration", | ||
"type": ["null", "int"], | ||
"doc": "Set to the new generation number when rotating a single managed key, otherwise null." | ||
}, | ||
{ | ||
"name": "processedCount", | ||
"type": "int", | ||
"doc": "Number of wrapped keys rotated so far." | ||
}, | ||
{ | ||
"name": "expectedTotal", | ||
"type": "int", | ||
"doc": "Number of wrapped keys in total to re-wrap as part of this operation." | ||
}, | ||
{ | ||
"name": "createdTimestamp", | ||
"type": { | ||
"type": "long", | ||
"logicalType": "timestamp-millis" | ||
}, | ||
"doc": "The date and time the key rotation request was created." | ||
}, | ||
{ | ||
"name": "lastUpdateTimestamp", | ||
"type": { | ||
"type": "long", | ||
"logicalType": "timestamp-millis" | ||
}, | ||
"doc": "The date and time when the last individual key rotation operation has finished." | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters