UNPKG

@confluentinc/schemaregistry

Version:

Node.js client for Confluent Schema Registry

github.com/confluentinc/confluent-kafka-javascript

confluentinc/confluent-kafka-javascript

110 lines (109 loc) 4.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import { FieldContext, FieldRuleExecutor, FieldTransform, FieldType, RuleContext, RuleExecutor } from "../../serde/serde"; import { DekClient, Dek, Kek } from "./dekregistry/dekregistry-client"; import { ClientConfig } from "../../rest-service"; import { KmsClient } from "./kms-registry"; export declare enum DekFormat { AES128_GCM = "AES128_GCM", AES256_GCM = "AES256_GCM", AES256_SIV = "AES256_SIV" } interface KekId { name: string; deleted: boolean; } interface DekId { kekName: string; subject: string; version: number | null; algorithm: string; deleted: boolean; } export declare class Clock { now(): number; } export declare class EncryptionExecutor implements RuleExecutor { config: Map<string, string> | null; client: DekClient | null; clock: Clock; /** * Register the field encryption executor with the rule registry. */ static register(): EncryptionExecutor; static registerWithClock(clock: Clock): EncryptionExecutor; constructor(clock?: Clock); configure(clientConfig: ClientConfig, config: Map<string, string>): void; type(): string; transform(ctx: RuleContext, msg: any): Promise<any>; newTransform(ctx: RuleContext): EncryptionExecutorTransform; close(): Promise<void>; private getCryptor; private getKekName; private getDekExpiryDays; } export declare class Cryptor { static readonly EMPTY_AAD: Uint8Array<ArrayBuffer>; dekFormat: DekFormat; isDeterministic: boolean; constructor(dekFormat: DekFormat); private keySize; generateKey(): Buffer; encrypt(dek: Buffer, plaintext: Buffer): Promise<Buffer>; decrypt(dek: Buffer, ciphertext: Buffer): Promise<Buffer>; encryptWithAesSiv(key: Uint8Array<ArrayBuffer>, plaintext: Uint8Array<ArrayBuffer>): Promise<Uint8Array<ArrayBuffer>>; decryptWithAesSiv(key: Uint8Array<ArrayBuffer>, ciphertext: Uint8Array<ArrayBuffer>): Promise<Uint8Array<ArrayBuffer>>; encryptWithAesGcm(key: Uint8Array<ArrayBuffer>, plaintext: Uint8Array<ArrayBuffer>): Promise<Uint8Array<ArrayBuffer>>; decryptWithAesGcm(key: Uint8Array<ArrayBuffer>, ciphertext: Uint8Array<ArrayBuffer>): Promise<Uint8Array<ArrayBuffer>>; } export declare class EncryptionExecutorTransform { private executor; private cryptor; private kekName; private kek; private dekExpiryDays; constructor(executor: EncryptionExecutor, cryptor: Cryptor, kekName: string, dekExpiryDays: number); isDekRotated(): boolean; getKek(ctx: RuleContext): Promise<Kek>; getOrCreateKek(ctx: RuleContext): Promise<Kek>; retrieveKekFromRegistry(key: KekId): Promise<Kek | null>; storeKekToRegistry(key: KekId, kmsType: string, kmsKeyId: string, shared: boolean): Promise<Kek | null>; getOrCreateDek(ctx: RuleContext, version: number | null): Promise<Dek>; createDek(dekId: DekId, newVersion: number | null, encryptedDek: Buffer | null): Promise<Dek>; retrieveDekFromRegistry(key: DekId): Promise<Dek | null>; storeDekToRegistry(key: DekId, encryptedDek: Buffer | null): Promise<Dek | null>; isExpired(ctx: RuleContext, dek: Dek | null): boolean; transform(ctx: RuleContext, fieldType: FieldType, fieldValue: any): Promise<any>; prefixVersion(version: number, ciphertext: Buffer): Buffer; extractVersion(ciphertext: Buffer): number | null; toBytes(type: FieldType, value: any): Buffer | null; toObject(type: FieldType, value: Buffer): any; } export declare class FieldEncryptionExecutor extends FieldRuleExecutor { executor: EncryptionExecutor; /** * Register the field encryption executor with the rule registry. */ static register(): FieldEncryptionExecutor; static registerWithClock(clock: Clock): FieldEncryptionExecutor; constructor(clock?: Clock); configure(clientConfig: ClientConfig, config: Map<string, string>): void; type(): string; newTransform(ctx: RuleContext): FieldTransform; close(): Promise<void>; } export declare class FieldEncryptionExecutorTransform implements FieldTransform { private executorTransform; constructor(executorTransform: EncryptionExecutorTransform); transform(ctx: RuleContext, fieldCtx: FieldContext, fieldValue: any): Promise<any>; } export declare class KmsClientWrapper implements KmsClient { private config; private kek; private kekId; private kmsKeyIds; constructor(config: Map<string, string>, kek: Kek); getKmsKeyIds(): string[]; supported(keyUri: string): boolean; encrypt(rawKey: Buffer): Promise<Buffer>; decrypt(encryptedKey: Buffer): Promise<Buffer>; } export {};