You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by gi...@git.apache.org on 2017/08/31 01:54:35 UTC

[GitHub] rdhabalia commented on a change in pull request #731: End to End Encryption Support - Java client

rdhabalia commented on a change in pull request #731: End to End Encryption Support - Java client
URL: https://github.com/apache/incubator-pulsar/pull/731#discussion_r136227626
 
 

 ##########
 File path: pulsar-client/src/main/java/org/apache/pulsar/client/impl/ConsumerImpl.java
 ##########
 @@ -932,8 +935,52 @@ private void increaseAvailablePermits(ClientCnx currentCnx, int delta) {
         }
     }
 
+    private ByteBuf decryptPayloadIfNeeded(MessageIdData messageId, MessageMetadata msgMetadata, ByteBuf payload,
+            ClientCnx currentCnx) {
+
+        if (msgMetadata.getEncryptionKeysCount() == 0) {
+            return payload.retain();
+        }
+
+        // If KeyReader is not configured throw exception based on config param
+        if (conf.getCryptoKeyReader() == null) {
+
+            if (conf.getCryptoFailureAction() == ConsumerCryptoFailureAction.CONSUME) {
+                log.warn("CryptoKeyReader interface is not implemented. Consuming encrypted message.");
+                return payload.retain();
+            } else if (conf.getCryptoFailureAction() == ConsumerCryptoFailureAction.DISCARD) {
+                log.warn(
+                        "Skipping decryption since CryptoKeyReader interface is not implemented and config is set to discard");
+                discardMessage(messageId, currentCnx, ValidationError.DecryptionError);
+            }
+            return null;
+        }
+
+        // Create msgCrypto if not created already
+        if (this.msgCrypto == null) {
+            this.msgCrypto = new MessageCrypto(false);
+        }
+
+        ByteBuf decryptedData = this.msgCrypto.decrypt(msgMetadata, payload, conf.getCryptoKeyReader());
+        if (decryptedData != null) {
+            return decryptedData;
+        }
+
+        log.error("[{}][{}] Failed to decrypt message {}", topic, subscription, messageId);
+        if (conf.getCryptoFailureAction() == ConsumerCryptoFailureAction.CONSUME) {
 
 Review comment:
   as this logic is duplicate, so should we create a method with this logic?
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services