Packages

trait Kms extends FlagCloseable

Represents a KMS interface and allows symmetric encryption/decryption with keys stored in the KMS.

Linear Supertypes
FlagCloseable, AutoCloseable, AnyRef, Any
Known Subclasses
SymbolicKms, AwsKms, GcpKms
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Kms
  2. FlagCloseable
  3. AutoCloseable
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Type Members

  1. abstract type CreateKeySpec <: KmsCreateKeySpec
  2. case class ReaderState(count: Int, readers: MultiSet[String]) extends Product with Serializable
    Definition Classes
    FlagCloseable

Abstract Value Members

  1. abstract def config: KmsConfig
  2. abstract def decryptAsymmetricInternal(keyId: KmsKeyId, data: ByteString256, encryptionKeyScheme: EncryptionKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString190]
    Attributes
    protected
  3. abstract def decryptSymmetricInternal(keyId: KmsKeyId, data: ByteString6144)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString4096]
    Attributes
    protected
  4. abstract def deleteKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
    Attributes
    protected
  5. abstract def encryptSymmetricInternal(keyId: KmsKeyId, data: ByteString4096)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString6144]
    Attributes
    protected
  6. abstract def generateAsymmetricEncryptionKeyPairInternal(encryptionKeyScheme: EncryptionKeyScheme, createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
    Attributes
    protected
  7. abstract def generateSigningKeyPairInternal(signingKeyScheme: SigningKeyScheme, createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
    Attributes
    protected
  8. abstract def generateSymmetricEncryptionKeyInternal(createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
    Attributes
    protected
  9. abstract def getPublicEncryptionKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, EncryptionPublicKey]
    Attributes
    protected
  10. abstract def getPublicSigningKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, SigningPublicKey]
    Attributes
    protected
  11. abstract def keyExistsAndIsActiveInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
    Attributes
    protected
  12. abstract def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    FlagCloseable
  13. abstract def signInternal(keyId: KmsKeyId, data: ByteString4096, signingKeyScheme: SigningKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString]
    Attributes
    protected
  14. abstract def timeouts: ProcessingTimeout
    Attributes
    protected
    Definition Classes
    FlagCloseable

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  6. final def close(): Unit

    Blocks until all earlier tasks have completed and then prevents further tasks from being run.

    Blocks until all earlier tasks have completed and then prevents further tasks from being run.

    Definition Classes
    FlagCloseable → AutoCloseable
    Annotations
    @SuppressWarnings()
  7. def closingTimeout: FiniteDuration
    Attributes
    protected
    Definition Classes
    FlagCloseable
  8. def decryptAsymmetric(keyId: KmsKeyId, data: ByteString256, encryptionKeyScheme: EncryptionKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString190]

    Asymmetrically decrypt the data passed as a byte array using a KMS private key.

    Asymmetrically decrypt the data passed as a byte array using a KMS private key.

    keyId

    key identifier (e.g. AWS key ARN)

    data

    byte string to decrypt. The higher bound on the data size we can decrypt is 256bytes (i.e. the ciphertext length for RSA2048-OAEP-SHA256 encryption; when using RSAES-OAEP the ciphertext size is always equal to the size of the Modulus).

    encryptionKeyScheme

    the encryption algorithm that was used to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.

    returns

    a decrypted byte string or an error if it fails to decrypt

  9. def decryptSymmetric(keyId: KmsKeyId, data: ByteString6144)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString4096]

    Symmetrically decrypt the data passed as a byte array using a KMS symmetric key.

    Symmetrically decrypt the data passed as a byte array using a KMS symmetric key.

    keyId

    key identifier (e.g. AWS key ARN)

    data

    byte string to decrypt. The higher bound on the data size we can decrypt is 6144 bytes (i.e. maximum accepted input size for the external KMSs that we support).

    returns

    a decrypted byte string or an error if it fails to decrypt

  10. def deleteKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]

    Schedule a deletion of a KMS key (takes between 7-30 days)

    Schedule a deletion of a KMS key (takes between 7-30 days)

    keyId

    key identifier (e.g. AWS key ARN)

    returns

    an error if it fails to schedule a deletion of a key

  11. def encryptSymmetric(keyId: KmsKeyId, data: ByteString4096)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString6144]

    Symmetrically encrypt the data passed as a byte string using a KMS symmetric key.

    Symmetrically encrypt the data passed as a byte string using a KMS symmetric key.

    keyId

    key identifier (e.g. AWS key ARN)

    data

    byte string to encrypt. The higher bound on the data size we can encrypt is 4kb (i.e. maximum accepted input size for the external KMSs that we support).

    returns

    an encrypted byte string or an error if it fails to encrypt

  12. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  13. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  14. def generateAsymmetricEncryptionKeyPair(encryptionKeyScheme: EncryptionKeyScheme, createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]

    Creates a new (asymmetric) encryption key pair in the KMS and returns a key identifier.

    Creates a new (asymmetric) encryption key pair in the KMS and returns a key identifier.

    encryptionKeyScheme

    defines the encryption key scheme to which the key is going to be used for.

    createKeySpec

    defines an optional create key specification (e.g. for AWS we can a select a new key to be multi-region). If we use None we use the default specification (e.g. for AWS multiRegion = false).

    name

    an optional name to identify the key.

    returns

    a key id or an error if it fails to create a key

  15. def generateSigningKeyPair(signingKeyScheme: SigningKeyScheme, createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]

    Creates a new signing key pair in the KMS and returns its key identifier.

    Creates a new signing key pair in the KMS and returns its key identifier.

    signingKeyScheme

    defines the signing key scheme to which the key is going to be used for.

    createKeySpec

    defines an optional create key specification (e.g. for AWS we can a select a new key to be multi-region). If we use None we use the default specification (e.g. for AWS multiRegion = false).

    name

    an optional name to identify the key.

    returns

    a key id or an error if it fails to create a key

  16. def generateSymmetricEncryptionKey(createKeySpec: Option[CreateKeySpec] = None, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]

    Creates a new symmetric encryption key in the KMS and returns its key identifier.

    Creates a new symmetric encryption key in the KMS and returns its key identifier. The specific encryption scheme is not necessary (default is taken) because this is intended to be used to generate a KMS wrapper key.

    createKeySpec

    defines an optional create key specification (e.g. for AWS we can a select a new key to be multi-region). If we use None we use the default specification (e.g. for AWS multiRegion = false).

    name

    an optional name to identify the key.

    returns

    a key id or an error if it fails to create a key

  17. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  18. def getPublicEncryptionKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, EncryptionPublicKey]

    Get public key for encryption from KMS given a KMS key identifier.

    Get public key for encryption from KMS given a KMS key identifier.

    keyId

    key identifier (e.g. AWS key ARN)

    returns

    the public encryption key for that keyId

  19. def getPublicSigningKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, SigningPublicKey]

    Get public key for signing from KMS given a KMS key identifier.

    Get public key for signing from KMS given a KMS key identifier.

    keyId

    key identifier (e.g. AWS key ARN)

    returns

    the public signing key for that keyId

  20. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  21. def internalPerformUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): UnlessShutdown[Future[A]]
    Attributes
    protected
    Definition Classes
    FlagCloseable
  22. def isClosing: Boolean

    Check whether we're closing.

    Check whether we're closing. Susceptible to race conditions; unless you're using using this as a flag to the retry lib or you really know what you're doing, prefer performUnlessClosing and friends.

    Definition Classes
    FlagCloseable
  23. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  24. def keepTrackOfOpenFutures: Boolean

    track running futures on shutdown

    track running futures on shutdown

    set to true to get detailed information about all futures that did not complete during shutdown. if set to false, we don't do anything.

    Attributes
    protected
    Definition Classes
    FlagCloseable
  25. def keyExistsAndIsActive(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]

    Checks that a key identified by keyId exists in the KMS and is not deleted or disabled, and therefore can be used.

    Checks that a key identified by keyId exists in the KMS and is not deleted or disabled, and therefore can be used.

    keyId

    key identifier (e.g. AWS key ARN)

    returns

    error if it fails to find key

  26. def maxSleepMillis: Long
    Attributes
    protected
    Definition Classes
    FlagCloseable
  27. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  28. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  29. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  30. def onCloseFailure(e: Throwable): Unit
    Attributes
    protected
    Definition Classes
    FlagCloseable
  31. def onClosed(): Unit
    Attributes
    protected
    Definition Classes
    FlagCloseable
  32. def performUnlessClosing[A](name: String)(f: => A)(implicit traceContext: TraceContext): UnlessShutdown[A]

    Performs the task given by f unless a shutdown has been initiated.

    Performs the task given by f unless a shutdown has been initiated. The shutdown will only begin after f completes, but other tasks may execute concurrently with f, if started using this function, or one of the other variants (performUnlessClosingF and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of f, because it will result in a deadlock.

    f

    The task to perform

    returns

    scala.None$ if a shutdown has been initiated. Otherwise the result of the task.

    Definition Classes
    FlagCloseable
  33. def performUnlessClosingCheckedT[A, N, R](name: String, onClosing: => Checked[A, N, R])(etf: => CheckedT[Future, A, N, R])(implicit ec: ExecutionContext, traceContext: TraceContext): CheckedT[Future, A, N, R]
    Definition Classes
    FlagCloseable
  34. def performUnlessClosingEitherT[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, R]

    Performs the EitherT[Future] given by etf unless a shutdown has been initiated, in which case the provided error is returned instead.

    Performs the EitherT[Future] given by etf unless a shutdown has been initiated, in which case the provided error is returned instead. Both etf and the error are lazy; etf is only evaluated if there is no shutdown, the error only if we're shutting down. The shutdown will only begin after etf completes, but other tasks may execute concurrently with etf, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingF). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of etf, because it will result in a deadlock.

    etf

    The task to perform

    Definition Classes
    FlagCloseable
  35. def performUnlessClosingEitherTF[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, Future[R]])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, Future[R]]
    Definition Classes
    FlagCloseable
  36. def performUnlessClosingEitherU[E, R](name: String)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
    Definition Classes
    FlagCloseable
  37. def performUnlessClosingEitherUSF[E, R](name: String)(etf: => EitherT[FutureUnlessShutdown, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
    Definition Classes
    FlagCloseable
  38. def performUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]

    Performs the Future given by f unless a shutdown has been initiated.

    Performs the Future given by f unless a shutdown has been initiated. The future is lazy and not evaluated during shutdown. The shutdown will only begin after f completes, but other tasks may execute concurrently with f, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of f, because it will result in a deadlock.

    f

    The task to perform

    returns

    The future completes with com.digitalasset.canton.lifecycle.UnlessShutdown.AbortedDueToShutdown if a shutdown has been initiated. Otherwise the result of the task wrapped in com.digitalasset.canton.lifecycle.UnlessShutdown.Outcome.

    Definition Classes
    FlagCloseable
  39. def performUnlessClosingUSF[A](name: String)(f: => FutureUnlessShutdown[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
    Definition Classes
    FlagCloseable
  40. def runOnShutdown[T](task: RunOnShutdown)(implicit traceContext: TraceContext): Unit

    Register a task to run when shutdown is initiated.

    Register a task to run when shutdown is initiated.

    You can use this for example to register tasks that cancel long-running computations, whose termination you can then wait for in "closeAsync".

    Definition Classes
    FlagCloseable
  41. def runStateChanged(waitingState: Boolean = false): Unit
    Attributes
    protected
    Definition Classes
    FlagCloseable
    Annotations
    @VisibleForTesting()
  42. def sign(keyId: KmsKeyId, data: ByteString4096, signingKeyScheme: SigningKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString]

    Sign the data passed as a byte string using a KMS key.

    Sign the data passed as a byte string using a KMS key.

    keyId

    key identifier (e.g. AWS key ARN)

    data

    byte string to sign. The higher bound on the data size we can sign is 4kb (i.e. maximum accepted input size for the external KMSs that we support).

    signingKeyScheme

    the signing algorithm to use to generate the signature

    returns

    a byte string corresponding to the signature of the data

  43. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  44. def toString(): String
    Definition Classes
    AnyRef → Any
  45. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  46. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  47. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  48. def waitForActive(kmsKeyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]

    Helper method waiting for a key to exist and be active

  49. def waitForActiveAndGetAs[A](kmsKeyId: KmsKeyId)(task: (KmsKeyId) => EitherT[Future, KmsError, A])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, A]

    Helper method to get a key just after its creation, retrying if necessary until it's available

  50. def withRetries[T](description: String)(task: => EitherT[Future, KmsError, T])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, T]
    Attributes
    protected
  51. object ReaderState extends Serializable
    Definition Classes
    FlagCloseable

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

Inherited from FlagCloseable

Inherited from AutoCloseable

Inherited from AnyRef

Inherited from Any

Ungrouped