in src/main/java/com/google/cloud/solutions/autotokenize/pipeline/EncryptionPipeline.java [288:336]
private ValueTokenizerFactory buildValueTokenizerFactory() {
try {
var encryptorFactoryClazz = Class.forName(options.getValueTokenizerFactoryFullClassName());
checkArgument(
ValueTokenizerFactory.class.isAssignableFrom(encryptorFactoryClazz),
"Class %s does extend ValueTokenizerFactory",
options.getValueTokenizerFactoryFullClassName());
var ctor = encryptorFactoryClazz.getConstructor(String.class, KeyMaterialType.class);
switch (options.getKeyMaterialType()) {
case TINK_GCP_KEYSET_JSON:
return (ValueTokenizerFactory)
ctor.newInstance(keySetExtractor.get(), options.getKeyMaterialType());
case RAW_BASE64_KEY:
case RAW_UTF8_KEY:
return (ValueTokenizerFactory)
ctor.newInstance(options.getKeyMaterial(), options.getKeyMaterialType());
case GCP_KMS_WRAPPED_KEY:
var cipherKey =
ByteString.copyFrom(BaseEncoding.base64().decode(options.getKeyMaterial()));
var cleartextKey =
kmsClient
.decrypt(options.getMainKmsKeyUri(), cipherKey)
.getPlaintext()
.toByteArray();
return (ValueTokenizerFactory)
ctor.newInstance(
BaseEncoding.base64().encode(cleartextKey), KeyMaterialType.RAW_BASE64_KEY);
case GCP_SECRET_KEY:
var encryptionKey = secretsClient.accessSecret(options.getKeyMaterial());
return (ValueTokenizerFactory)
ctor.newInstance(encryptionKey, KeyMaterialType.RAW_UTF8_KEY);
case UNRECOGNIZED:
case UNKNOWN_KEY_MATERIAL_TYPE:
throw new IllegalArgumentException("unkknown keymaterial type");
}
} catch (Exception e) {
throw new IllegalArgumentException("Error creating encryptionValueFactory", e);
}
throw new RuntimeException("error in instantiating ValueTokenizerFactory");
}