Open
Conversation
giarc3
reviewed
Jan 22, 2026
Comment on lines
+190
to
+200
| private CompletableFuture<PlaintextDocument> decryptFields(Map<String, byte[]> document, | ||
| String documentEdek) { | ||
| // Check closed/expired state again before starting decryption | ||
| if (closed.get()) { | ||
| return CompletableFuture.failedFuture(new TscException( | ||
| TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, "CachedKeyDecryptor has been closed")); | ||
| } | ||
| if (isExpired()) { | ||
| return CompletableFuture.failedFuture(new TscException( | ||
| TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, "CachedKeyDecryptor has expired")); | ||
| } |
Member
There was a problem hiding this comment.
Re-checking these feels really unnecessary to me. If you're following the calls from decrypt, there's not really any code between the check and the re-check, right? Or we could remove the checks from decrypt and only have them here
Comment on lines
+202
to
+215
| // Parallel decrypt each field | ||
| Map<String, CompletableFuture<byte[]>> decryptOps = document.entrySet().stream() | ||
| .collect(Collectors.toMap(Map.Entry::getKey, | ||
| entry -> CompletableFuture.supplyAsync( | ||
| () -> CryptoUtils.decryptDocument(entry.getValue(), dek).join(), | ||
| encryptionExecutor))); | ||
|
|
||
| // Join all futures and build result | ||
| return CompletableFutures.tryCatchNonFatal(() -> { | ||
| Map<String, byte[]> decryptedBytes = decryptOps.entrySet().stream() | ||
| .collect(Collectors.toMap(Map.Entry::getKey, entry -> entry.getValue().join())); | ||
| return new PlaintextDocument(decryptedBytes, documentEdek); | ||
| }); | ||
| } |
Member
There was a problem hiding this comment.
It's a bummer that this has to just be duplicated code
Comment on lines
+165
to
+180
| if (closed.get()) { | ||
| return CompletableFuture.failedFuture(new TscException( | ||
| TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, "CachedKeyDecryptor has been closed")); | ||
| } | ||
| if (isExpired()) { | ||
| return CompletableFuture.failedFuture(new TscException( | ||
| TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, "CachedKeyDecryptor has expired")); | ||
| } | ||
|
|
||
| // Validate EDEK matches | ||
| if (!this.edek.equals(edek)) { | ||
| return CompletableFuture | ||
| .failedFuture(new TscException(TenantSecurityErrorCodes.DOCUMENT_DECRYPT_FAILED, | ||
| "Provided EDEK does not match the cached EDEK. " | ||
| + "This decryptor can only decrypt documents with matching EDEKs.")); | ||
| } |
Member
There was a problem hiding this comment.
These checks should probably move to a function
src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityClient.java
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a strawman implementation of the idea of caching a DEK for reuse for a short period of time.
TODO: