UNPKG

@confluentinc/schemaregistry

Version:

Node.js client for Confluent Schema Registry

github.com/confluentinc/confluent-kafka-javascript

confluentinc/confluent-kafka-javascript

78 lines (77 loc) 3.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { FieldContext, FieldRuleExecutor, FieldTransform, FieldType, RuleContext } from "../../serde/serde"; import { DekClient, Dek, Kek } from "./dekregistry/dekregistry-client"; import { ClientConfig } from "../../rest-service"; export declare enum DekFormat { AES128_GCM = "AES128_GCM", AES256_GCM = "AES256_GCM", AES256_SIV = "AES256_SIV" } interface KekId { name: string; deleted: boolean; } interface DekId { kekName: string; subject: string; version: number | null; algorithm: string; deleted: boolean; } export declare class Clock { now(): number; } export declare class FieldEncryptionExecutor extends FieldRuleExecutor { client: DekClient | null; clock: Clock; /** * Register the field encryption executor with the rule registry. */ static register(): FieldEncryptionExecutor; static registerWithClock(clock: Clock): FieldEncryptionExecutor; constructor(clock?: Clock); configure(clientConfig: ClientConfig, config: Map<string, string>): void; type(): string; newTransform(ctx: RuleContext): FieldTransform; close(): Promise<void>; private getCryptor; private getKekName; private getDekExpiryDays; } export declare class Cryptor { static readonly EMPTY_AAD: Buffer<ArrayBuffer>; dekFormat: DekFormat; isDeterministic: boolean; constructor(dekFormat: DekFormat); private keySize; generateKey(): Buffer; encrypt(dek: Buffer, plaintext: Buffer): Promise<Buffer>; decrypt(dek: Buffer, ciphertext: Buffer): Promise<Buffer>; encryptWithAesSiv(key: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>; decryptWithAesSiv(key: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>; encryptWithAesGcm(key: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>; decryptWithAesGcm(key: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>; } export declare class FieldEncryptionExecutorTransform implements FieldTransform { private executor; private cryptor; private kekName; private kek; private dekExpiryDays; constructor(executor: FieldEncryptionExecutor, cryptor: Cryptor, kekName: string, dekExpiryDays: number); isDekRotated(): boolean; getKek(ctx: RuleContext): Promise<Kek>; getOrCreateKek(ctx: RuleContext): Promise<Kek>; retrieveKekFromRegistry(key: KekId): Promise<Kek | null>; storeKekToRegistry(key: KekId, kmsType: string, kmsKeyId: string, shared: boolean): Promise<Kek | null>; getOrCreateDek(ctx: RuleContext, version: number | null): Promise<Dek>; createDek(dekId: DekId, newVersion: number | null, encryptedDek: Buffer | null): Promise<Dek>; retrieveDekFromRegistry(key: DekId): Promise<Dek | null>; storeDekToRegistry(key: DekId, encryptedDek: Buffer | null): Promise<Dek | null>; isExpired(ctx: RuleContext, dek: Dek | null): boolean; transform(ctx: RuleContext, fieldCtx: FieldContext, fieldValue: any): Promise<any>; prefixVersion(version: number, ciphertext: Buffer): Buffer; extractVersion(ciphertext: Buffer): number | null; toBytes(type: FieldType, value: any): Buffer | null; toObject(type: FieldType, value: Buffer): any; } export {};