Documentation
¶
Index ¶
- Constants
- Variables
- func DeletePlaceholderSettingsFromClientSession(session decryptor.ClientSession)
- func DeleteQueryDataItemsFromClientSession(session decryptor.ClientSession)
- func EmptyCheckFunction(setting config.ColumnEncryptionSetting) bool
- func EncryptionSettingFromContext(ctx context.Context) (config.ColumnEncryptionSetting, bool)
- func NewContextWithEncryptionSetting(ctx context.Context, setting config.ColumnEncryptionSetting) context.Context
- func PlaceholderSettingsFromClientSession(session decryptor.ClientSession) map[int]config.ColumnEncryptionSetting
- func SaveQueryDataItemsToClientSession(session decryptor.ClientSession, items []*QueryDataItem)
- func StandaloneAcraBlockEncryptorFilterFunction(setting config.ColumnEncryptionSetting) bool
- func StandaloneAcraStructEncryptorFilterFunction(setting config.ColumnEncryptionSetting) bool
- type AcrawriterDataEncryptor
- type AliasToTableMap
- type AliasedTableName
- type ChainDataEncryptor
- type CheckFunction
- type ColumnInfo
- type ConfigStorage
- type DBDataCoder
- type DataEncryptor
- type DataEncryptorContext
- type QueryDataItem
- type SearchableQueryFilterMode
Constants ¶
const ( QueryFilterModeSearchableEncryption = iota QueryFilterModeConsistentTokenization )
QueryFilterModeSearchableEncryption list of supported modes for filtering comparisons for searchable and tokenized values
const PlaceholdersSettingKey = "bind_encryption_settings"
PlaceholdersSettingKey represent a key for storing placeholders in session
Variables ¶
var ErrInconsistentPlaceholder = errors.New("inconsistent placeholder usage")
ErrInconsistentPlaceholder is returned when a placeholder refers to multiple different columns.
var ErrInvalidPlaceholder = errors.New("invalid placeholder value")
ErrInvalidPlaceholder is returned when Acra cannot parse SQL placeholder expression.
var ErrUnsupportedExpression = errors.New("unsupported expression")
ErrUnsupportedExpression unsupported type of literal to binary encode/decode
Functions ¶
func DeletePlaceholderSettingsFromClientSession ¶
func DeletePlaceholderSettingsFromClientSession(session decryptor.ClientSession)
DeletePlaceholderSettingsFromClientSession delete items from ClientSession
func DeleteQueryDataItemsFromClientSession ¶
func DeleteQueryDataItemsFromClientSession(session decryptor.ClientSession)
DeleteQueryDataItemsFromClientSession delete items from ClientSession
func EmptyCheckFunction ¶
func EmptyCheckFunction(setting config.ColumnEncryptionSetting) bool
EmptyCheckFunction always return false
func EncryptionSettingFromContext ¶
func EncryptionSettingFromContext(ctx context.Context) (config.ColumnEncryptionSetting, bool)
EncryptionSettingFromContext extracts column encryption settings for a context, or returns "nil" if there the context does not contain it.
func NewContextWithEncryptionSetting ¶
func NewContextWithEncryptionSetting(ctx context.Context, setting config.ColumnEncryptionSetting) context.Context
NewContextWithEncryptionSetting makes a new context containing column encryption settings.
func PlaceholderSettingsFromClientSession ¶
func PlaceholderSettingsFromClientSession(session decryptor.ClientSession) map[int]config.ColumnEncryptionSetting
PlaceholderSettingsFromClientSession return stored in client session ColumnEncryptionSettings related to placeholders or create new and save in session
func SaveQueryDataItemsToClientSession ¶
func SaveQueryDataItemsToClientSession(session decryptor.ClientSession, items []*QueryDataItem)
SaveQueryDataItemsToClientSession save slice of QueryDataItem into ClientSession
func StandaloneAcraBlockEncryptorFilterFunction ¶
func StandaloneAcraBlockEncryptorFilterFunction(setting config.ColumnEncryptionSetting) bool
StandaloneAcraBlockEncryptorFilterFunction return true if operation should be applied only if setting configured for encryption without any other operations like tokenization/masking
func StandaloneAcraStructEncryptorFilterFunction ¶
func StandaloneAcraStructEncryptorFilterFunction(setting config.ColumnEncryptionSetting) bool
StandaloneAcraStructEncryptorFilterFunction return true if operation should be applied only if setting configured for encryption without any other operations like tokenization/masking
Types ¶
type AcrawriterDataEncryptor ¶
type AcrawriterDataEncryptor struct {
// contains filtered or unexported fields
}
AcrawriterDataEncryptor implement DataEncryptor and encrypt data with AcraStructs
func NewAcrawriterDataEncryptor ¶
func NewAcrawriterDataEncryptor(keystore keystore.PublicKeyStore) (*AcrawriterDataEncryptor, error)
NewAcrawriterDataEncryptor return new AcrawriterDataEncryptor initialized with keystore
func NewStandaloneDataEncryptor ¶
func NewStandaloneDataEncryptor(keystore keystore.PublicKeyStore) (*AcrawriterDataEncryptor, error)
NewStandaloneDataEncryptor return new DataEncryptor that uses AcraStruct to encrypt data as separate OnColumn processor and checks that passed setting configured only for transparent AcraStruct encryption
func (*AcrawriterDataEncryptor) EncryptWithClientID ¶
func (encryptor *AcrawriterDataEncryptor) EncryptWithClientID(clientID, data []byte, setting config.ColumnEncryptionSetting) ([]byte, error)
EncryptWithClientID encrypt with explicit client id
type AliasToTableMap ¶
AliasToTableMap store table alias as key and table name as value
func NewAliasToTableMapFromTables ¶
func NewAliasToTableMapFromTables(tables []*AliasedTableName) AliasToTableMap
NewAliasToTableMapFromTables create AliasToTableMap from slice of aliased tables
type AliasedTableName ¶
type AliasedTableName struct {
TableName sqlparser.TableName
As sqlparser.TableIdent
}
AliasedTableName store TableName and related As value together
type ChainDataEncryptor ¶
type ChainDataEncryptor struct {
// contains filtered or unexported fields
}
ChainDataEncryptor implements DataEncryptor and pass data to all encryptors on each call All encryptors should return untouched data if don't do anything with data
func NewChainDataEncryptor ¶
func NewChainDataEncryptor(encryptors ...DataEncryptor) *ChainDataEncryptor
NewChainDataEncryptor return new ChainDataEncryptor
func (*ChainDataEncryptor) EncryptWithClientID ¶
func (chainEncryptor *ChainDataEncryptor) EncryptWithClientID(clientID, data []byte, setting config.ColumnEncryptionSetting) ([]byte, error)
EncryptWithClientID encrypt with explicit client id
type CheckFunction ¶
type CheckFunction func(setting config.ColumnEncryptionSetting) bool
CheckFunction return true if operation should be skipped
type ColumnInfo ¶
ColumnInfo info object that represent column data
type ConfigStorage ¶
type ConfigStorage interface {
filesystem.Storage
GetEncryptorConfigPath() string
}
ConfigStorage describe main Storage interface for loading encryptor config from different sources
type DBDataCoder ¶
type DBDataCoder interface {
Decode(sqlparser.Expr, config.ColumnEncryptionSetting) ([]byte, error)
Encode(sqlparser.Expr, []byte, config.ColumnEncryptionSetting) ([]byte, error)
}
DBDataCoder encode/decode binary data to correct string form for specific db
type DataEncryptor ¶
type DataEncryptor interface {
// EncryptWithClientID encrypt with explicit client id
EncryptWithClientID(clientID, data []byte, setting config.ColumnEncryptionSetting) ([]byte, error)
}
DataEncryptor replace raw data in queries with encrypted
type DataEncryptorContext ¶
type DataEncryptorContext struct {
Keystore keystore.DataEncryptorKeyStore
Context context.Context
}
DataEncryptorContext store data for DataEncryptor
type QueryDataItem ¶
type QueryDataItem struct {
// contains filtered or unexported fields
}
QueryDataItem stores information about table column and encryption setting
func NewQueryDataItem ¶
func NewQueryDataItem(setting config.ColumnEncryptionSetting, tableName, columnName, columnAlias string) *QueryDataItem
NewQueryDataItem create new QueryDataItem
func QueryDataItemsFromClientSession ¶
func QueryDataItemsFromClientSession(session decryptor.ClientSession) []*QueryDataItem
QueryDataItemsFromClientSession return QueryDataItems from ClientSession if saved otherwise nil
func (*QueryDataItem) ColumnAlias ¶
func (q *QueryDataItem) ColumnAlias() string
ColumnAlias if matched as alias to any data item
func (*QueryDataItem) ColumnName ¶
func (q *QueryDataItem) ColumnName() string
ColumnName return column name if it was matched to any
func (*QueryDataItem) Setting ¶
func (q *QueryDataItem) Setting() config.ColumnEncryptionSetting
Setting return associated ColumnEncryptionSetting or nil if not found
func (*QueryDataItem) TableName ¶
func (q *QueryDataItem) TableName() string
TableName return table name associated with item or empty string if it is not related to any table, or not recognized
type SearchableQueryFilterMode ¶
type SearchableQueryFilterMode int
SearchableQueryFilterMode represent the mode work of SearchableQueryFilter
Source Files
Directories