Skip to content

Commit

Permalink
Merge branch '7.4.x' into 7.5.x by rayokota
Browse files Browse the repository at this point in the history
  • Loading branch information
ConfluentSemaphore committed Oct 3, 2024
2 parents d2655d5 + bc2890a commit b4f6a17
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,9 @@ public void decodeMetadata(SchemaValue schema) {
byte[] plaintext = aead.decrypt(Base64.getDecoder().decode(value), EMPTY_AAD);
return new String(plaintext, StandardCharsets.UTF_8);
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Could not encrypt sensitive metadata", e);
log.error("Could not decrypt sensitive metadata for schema {}", schema, e);
// Just return the value as-is if we can't decrypt it
return value;
}
});
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.SortedMap;
import java.util.TreeMap;
import org.junit.Test;

public class MetadataEncoderServiceTest {
Expand Down Expand Up @@ -61,10 +63,26 @@ public void testEncoding() throws Exception {
assertNotEquals(schema.getMetadata().getProperties().get("sensitive"), "foo");
assertNotNull(schema.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));

encoderService.decodeMetadata(schema);
assertEquals(schema.getMetadata().getProperties().get("nonsensitive"), "foo");
SchemaValue schema2 = new SchemaValue(
"mysubject", null, null, null, null, null,
new io.confluent.kafka.schemaregistry.storage.Metadata(
schema.getMetadata().toMetadataEntity()), null, "true", false);
encoderService.decodeMetadata(schema2);
assertEquals(schema2.getMetadata().getProperties().get("nonsensitive"), "foo");
// the value of "sensitive" is decrypted
assertEquals(schema.getMetadata().getProperties().get("sensitive"), "foo");
assertNull(schema.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));
assertEquals(schema2.getMetadata().getProperties().get("sensitive"), "foo");
assertNull(schema2.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));

SortedMap<String, String> badProperties = new TreeMap<>(schema.getMetadata().getProperties());
badProperties.put("sensitive", "badValue");
SchemaValue schema3 = new SchemaValue(
"mysubject", null, null, null, null, null,
new io.confluent.kafka.schemaregistry.storage.Metadata(
new Metadata(null, badProperties, Collections.singleton("sensitive"))), null, "true", false);
encoderService.decodeMetadata(schema3);
assertEquals(schema3.getMetadata().getProperties().get("nonsensitive"), "foo");
// the value of "sensitive" is not decrypted
assertEquals(schema3.getMetadata().getProperties().get("sensitive"), "badValue");
assertNull(schema3.getMetadata().getProperties().get(SchemaValue.ENCODED_PROPERTY));
}
}

0 comments on commit b4f6a17

Please sign in to comment.