/root/doris/cloud/src/common/kms.h

Source
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

#pragma once

#include <alibabacloud/core/CommonClient.h>

#include <memory>
#include <string>
#include <string_view>

namespace doris::cloud {

struct KmsConf {
    std::string ak;
    std::string sk;
    std::string endpoint;
    std::string region;
    std::string cmk;
    std::string provider;
};

class KmsClient {
public:
    KmsClient(KmsConf&& conf) : conf_(std::move(conf)) {}
    virtual ~KmsClient() = default;

    const KmsConf& conf() const { return conf_; }

    // returns 0 for success otherwise error
    virtual int init() = 0;

    /**
    * @brief This function encrypts the plaintext.
    *
    * @param plaintext The plaintext (base64-encoded)  to be encrypted.
    * @param output Output the ciphertext (base64-encoded).
    * @return int Returns 0 on success and -1 on failure.
    */
    virtual int encrypt(const std::string& plaintext, std::string* output) = 0;

    /**
    * @brief This function decrypts the ciphertext.
    *
    * @param ciphertext The ciphertext (base64-encoded) to be decrypted.
    * @param output Output the decrypted (base64-encoded) plaintext.
    * @return int Returns 0 on success and -1 on failure.
    */
    virtual int decrypt(const std::string& ciphertext, std::string* output) = 0;

    /**
     * @brief This function generate data key
     * 
     * @param ciphertext return ciphertext (base64-encoded)
     * @param plaintext  return plaintext (base64-encoded)
     * @return int Returns 0 on success and -1 on failure. 
     */
    virtual int generate_data_key(std::string* ciphertext, std::string* plaintext) = 0;

protected:
    KmsConf conf_;
};

int create_kms_client(KmsConf&& conf, std::unique_ptr<KmsClient>* kms_client);

class AliKmsClient : public KmsClient {
public:
    explicit AliKmsClient(KmsConf&& conf);
    ~AliKmsClient() override;

    // returns 0 for success otherwise error
    int init() override;

    /**
    * @brief This function encrypts the plaintext.
    *
    * @param plaintext The plaintext (base64-encoded)  to be encrypted.
    * @param output Output the ciphertext (base64-encoded).
    * @return int Returns 0 on success and -1 on failure.
    */
    int encrypt(const std::string& plaintext, std::string* output) override;

    /**
    * @brief This function decrypts the ciphertext.
    *
    * @param ciphertext The ciphertext (base64-encoded) to be decrypted.
    * @param output Output the decrypted (base64-encoded) plaintext.
    * @return int Returns 0 on success and -1 on failure.
    */
    int decrypt(const std::string& ciphertext, std::string* output) override;

    /**
     * @brief This function generate data key
     * 
     * @param ciphertext return ciphertext (base64-encoded)
     * @param plaintext  return plaintext (base64-encoded)
     * @return int Returns 0 on success and -1 on failure. 
     */
    int generate_data_key(std::string* ciphertext, std::string* plaintext) override;

private:
    std::unique_ptr<AlibabaCloud::CommonClient> kms_client_;
};

} // namespace doris::cloud

Line	Count	Source
1		// Licensed to the Apache Software Foundation (ASF) under one
2		// or more contributor license agreements. See the NOTICE file
3		// distributed with this work for additional information
4		// regarding copyright ownership. The ASF licenses this file
5		// to you under the Apache License, Version 2.0 (the
6		// "License"); you may not use this file except in compliance
7		// with the License. You may obtain a copy of the License at
8		//
9		// http://www.apache.org/licenses/LICENSE-2.0
10		//
11		// Unless required by applicable law or agreed to in writing,
12		// software distributed under the License is distributed on an
13		// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14		// KIND, either express or implied. See the License for the
15		// specific language governing permissions and limitations
16		// under the License.
17
18		#pragma once
19
20		#include <alibabacloud/core/CommonClient.h>
21
22		#include <memory>
23		#include <string>
24		#include <string_view>
25
26		namespace doris::cloud {
27
28		struct KmsConf {
29		std::string ak;
30		std::string sk;
31		std::string endpoint;
32		std::string region;
33		std::string cmk;
34		std::string provider;
35		};
36
37		class KmsClient {
38		public:
39	7	KmsClient(KmsConf&& conf) : conf_(std::move(conf)) {}
40	7	virtual ~KmsClient() = default;
41
42	6	const KmsConf& conf() const { return conf_; }
43
44		// returns 0 for success otherwise error
45		virtual int init() = 0;
46
47		/**
48		* @brief This function encrypts the plaintext.
49		*
50		* @param plaintext The plaintext (base64-encoded) to be encrypted.
51		* @param output Output the ciphertext (base64-encoded).
52		* @return int Returns 0 on success and -1 on failure.
53		*/
54		virtual int encrypt(const std::string& plaintext, std::string* output) = 0;
55
56		/**
57		* @brief This function decrypts the ciphertext.
58		*
59		* @param ciphertext The ciphertext (base64-encoded) to be decrypted.
60		* @param output Output the decrypted (base64-encoded) plaintext.
61		* @return int Returns 0 on success and -1 on failure.
62		*/
63		virtual int decrypt(const std::string& ciphertext, std::string* output) = 0;
64
65		/**
66		* @brief This function generate data key
67		*
68		* @param ciphertext return ciphertext (base64-encoded)
69		* @param plaintext return plaintext (base64-encoded)
70		* @return int Returns 0 on success and -1 on failure.
71		*/
72		virtual int generate_data_key(std::string* ciphertext, std::string* plaintext) = 0;
73
74		protected:
75		KmsConf conf_;
76		};
77
78		int create_kms_client(KmsConf&& conf, std::unique_ptr<KmsClient>* kms_client);
79
80		class AliKmsClient : public KmsClient {
81		public:
82		explicit AliKmsClient(KmsConf&& conf);
83		~AliKmsClient() override;
84
85		// returns 0 for success otherwise error
86		int init() override;
87
88		/**
89		* @brief This function encrypts the plaintext.
90		*
91		* @param plaintext The plaintext (base64-encoded) to be encrypted.
92		* @param output Output the ciphertext (base64-encoded).
93		* @return int Returns 0 on success and -1 on failure.
94		*/
95		int encrypt(const std::string& plaintext, std::string* output) override;
96
97		/**
98		* @brief This function decrypts the ciphertext.
99		*
100		* @param ciphertext The ciphertext (base64-encoded) to be decrypted.
101		* @param output Output the decrypted (base64-encoded) plaintext.
102		* @return int Returns 0 on success and -1 on failure.
103		*/
104		int decrypt(const std::string& ciphertext, std::string* output) override;
105
106		/**
107		* @brief This function generate data key
108		*
109		* @param ciphertext return ciphertext (base64-encoded)
110		* @param plaintext return plaintext (base64-encoded)
111		* @return int Returns 0 on success and -1 on failure.
112		*/
113		int generate_data_key(std::string* ciphertext, std::string* plaintext) override;
114
115		private:
116		std::unique_ptr<AlibabaCloud::CommonClient> kms_client_;
117		};
118
119		} // namespace doris::cloud

Coverage Report

Created: 2025-05-13 13:38