Lint

lib/trino-parquet/src/main/java/io/trino/parquet/EncryptionUtils.java

@@ -32,6 +32,10 @@ private EncryptionUtils() {}
 
     public static Optional<InternalFileDecryptor> createDecryptor(ParquetReaderOptions parquetReaderOptions, Location filePath, TrinoFileSystem trinoFileSystem)
     {
+        if (parquetReaderOptions == null || filePath == null || trinoFileSystem == null) {
+            return Optional.empty();
+        }
+
         TrinoDecryptionPropertiesFactory cryptoFactory = loadDecryptionPropertiesFactory(parquetReaderOptions);
         FileDecryptionProperties fileDecryptionProperties = (cryptoFactory == null) ? null : cryptoFactory.getFileDecryptionProperties(parquetReaderOptions, filePath, trinoFileSystem);
         return (fileDecryptionProperties == null) ? Optional.empty() : Optional.of(new InternalFileDecryptor(fileDecryptionProperties));
@@ -42,6 +46,10 @@ private static TrinoDecryptionPropertiesFactory loadDecryptionPropertiesFactory(
         final Class<?> foundClass = TrinoCryptoConfigurationUtil.getClassFromConfig(
                 trinoParquetCryptoConfig.getCryptoFactoryClass(), TrinoDecryptionPropertiesFactory.class);
 
+        if (foundClass == null) {
+            return null;
+        }
+
         try {
             return (TrinoDecryptionPropertiesFactory) foundClass.getConstructor().newInstance();
         }

lib/trino-parquet/src/main/java/org/apache/parquet/crypto/TrinoCryptoConfigurationUtil.java

@@ -14,19 +14,22 @@
 package org.apache.parquet.crypto;
 
 import io.airlift.log.Logger;
-import io.trino.parquet.EncryptionUtils;
-import org.apache.parquet.hadoop.BadConfigurationException;
 
 public class TrinoCryptoConfigurationUtil
 {
     public static final Logger LOG = Logger.get(TrinoCryptoConfigurationUtil.class);
 
+    private TrinoCryptoConfigurationUtil()
+    {
+    }
+
     public static Class<?> getClassFromConfig(String className, Class<?> assignableFrom)
     {
         try {
             final Class<?> foundClass = Class.forName(className);
             if (!assignableFrom.isAssignableFrom(foundClass)) {
-                throw new IllegalArgumentException("class " + className + " is not a subclass of " + assignableFrom.getCanonicalName());
+                LOG.warn("class " + className + " is not a subclass of " + assignableFrom.getCanonicalName());
+                return null;
             }
             return foundClass;
         }

lib/trino-parquet/src/main/java/org/apache/parquet/crypto/TrinoDecryptionPropertiesFactory.java

@@ -1,62 +1,24 @@
 /*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 package org.apache.parquet.crypto;
 
 import io.trino.filesystem.Location;
 import io.trino.filesystem.TrinoFileSystem;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
-/**
- * DecryptionPropertiesFactory interface enables transparent activation of Parquet decryption.
- * <p>
- * Its customized implementations produce decryption properties for each Parquet file, using the input information
- * available in Parquet file readers: file path and Hadoop configuration properties that can pass custom parameters
- * required by a crypto factory. A factory implementation can use or ignore any of these inputs.
- * <p>
- * The example usage could be as below.
- * 1. Write a class to implement DecryptionPropertiesFactory.
- * 2. Set configuration of "parquet.crypto.factory.class" with the fully qualified name of this class.
- * For example, we can set the configuration in SparkSession as below.
- * SparkSession spark = SparkSession
- * .config("parquet.crypto.factory.class",
- * "xxx.xxx.DecryptionPropertiesClassLoaderImpl")
- * <p>
- * TODO(wyu): The implementation of this interface will be instantiated by {loadFactory(Configuration)}.
- */
 public interface TrinoDecryptionPropertiesFactory
 {
-
-  Logger LOG = LoggerFactory.getLogger(DecryptionPropertiesFactory.class);
-
-  /**
-   * Get FileDecryptionProperties object which is created by the implementation of this interface. Please see
-   * the unit test SampleDecryptionPropertiesFactory for example
-   *
-   * @param hadoopConfig Configuration that is used to pass the needed information, e.g. KMS uri
-   * @param filePath     File path of the parquet file
-   *                     Can be used for AAD prefix verification, part of key metadata etc
-   * @param trinoFileSystem
-   * @return object with class of FileDecryptionProperties. Null return value means no decryption properties
-   * are available for the file (not required for plaintext files. Or for plaintext columns in encrypted files with plaintext footer).
-   * @throws ParquetCryptoRuntimeException if there is an exception while creating the object
-   */
-  FileDecryptionProperties getFileDecryptionProperties(io.trino.parquet.ParquetReaderOptions hadoopConfig, Location filePath, TrinoFileSystem trinoFileSystem)
-      throws ParquetCryptoRuntimeException;
+    // TODO(wyu): maybe create a dedicate config class in org.apache.parquet and convert ParquetReaderOptions to this class?
+    FileDecryptionProperties getFileDecryptionProperties(io.trino.parquet.ParquetReaderOptions parquetReaderOptions, Location filePath, TrinoFileSystem trinoFileSystem)
+            throws ParquetCryptoRuntimeException;
 }

lib/trino-parquet/src/main/java/org/apache/parquet/crypto/keytools/TrinoParquetFileKeyUnwrapper.java → lib/trino-parquet/src/main/java/org/apache/parquet/crypto/keytools/TrinoFileKeyUnwrapper.java

@@ -30,31 +30,33 @@
 import static org.apache.parquet.crypto.keytools.TrinoKeyToolkit.KEK_READ_CACHE_PER_TOKEN;
 import static org.apache.parquet.crypto.keytools.TrinoKeyToolkit.KMS_CLIENT_CACHE_PER_TOKEN;
 
-public class TrinoParquetFileKeyUnwrapper
+public class TrinoFileKeyUnwrapper
         implements DecryptionKeyRetriever
 {
-    private static final Logger LOG = LoggerFactory.getLogger(FileKeyUnwrapper.class);
+    private static final Logger LOG = LoggerFactory.getLogger(TrinoFileKeyUnwrapper.class);
 
     //A map of KEK_ID -> KEK bytes, for the current token
     private final ConcurrentMap<String, byte[]> kekPerKekID;
-
-    private TrinoKeyToolkit.TrinoKmsClientAndDetails kmsClientAndDetails = null;
-    private TrinoHadoopFSKeyMaterialStore keyMaterialStore = null;
-    private boolean checkedKeyMaterialInternalStorage = false;
     private final Location parquetFilePath;
-    // TODO(wyu): shall we get it from Location or File?
+    // TODO(wyu): shall we get it from Location or File
     private final TrinoFileSystem trinoFileSystem;
     private final String accessToken;
     private final long cacheEntryLifetime;
     private final ParquetReaderOptions parquetReaderOptions;
+    private TrinoKeyToolkit.TrinoKmsClientAndDetails kmsClientAndDetails;
+    private TrinoHadoopFSKeyMaterialStore keyMaterialStore;
+    private boolean checkedKeyMaterialInternalStorage;
 
-    TrinoParquetFileKeyUnwrapper(ParquetReaderOptions conf, Location filePath, TrinoFileSystem trinoFileSystem)
+    TrinoFileKeyUnwrapper(ParquetReaderOptions conf, Location filePath, TrinoFileSystem trinoFileSystem)
     {
         this.trinoFileSystem = trinoFileSystem;
         this.parquetReaderOptions = conf;
         this.parquetFilePath = filePath;
         this.cacheEntryLifetime = 1000L * conf.getEncryptionCacheLifetimeSeconds();
         this.accessToken = conf.getEncryptionKeyAccessToken();
+        this.kmsClientAndDetails = null;
+        this.keyMaterialStore = null;
+        this.checkedKeyMaterialInternalStorage = false;
 
         // Check cache upon each file reading (clean once in cacheEntryLifetime)
         KMS_CLIENT_CACHE_PER_TOKEN.checkCacheForExpiredTokens(cacheEntryLifetime);
@@ -74,8 +76,7 @@ public byte[] getKey(byte[] keyMetadataBytes)
 
         if (!checkedKeyMaterialInternalStorage) {
             if (!keyMetadata.keyMaterialStoredInternally()) {
-                keyMaterialStore = new TrinoHadoopFSKeyMaterialStore(trinoFileSystem);
-                keyMaterialStore.initialize(parquetFilePath, false);
+                keyMaterialStore = new TrinoHadoopFSKeyMaterialStore(trinoFileSystem, parquetFilePath, false);
             }
             checkedKeyMaterialInternalStorage = true;
         }
@@ -126,8 +127,8 @@ KeyWithMasterID getDEKandMasterID(KeyMaterial keyMaterial)
             }
 
             // Decrypt the data key
-            byte[] AAD = Base64.getDecoder().decode(encodedKekID);
-            dataKey = TrinoKeyToolkit.decryptKeyLocally(encodedWrappedDEK, kekBytes, AAD);
+            byte[] aad = Base64.getDecoder().decode(encodedKekID);
+            dataKey = TrinoKeyToolkit.decryptKeyLocally(encodedWrappedDEK, kekBytes, aad);
         }
 
         return new KeyWithMasterID(dataKey, masterKeyID);