Add crypto

Author: siri-varma

sdk/src/main/java/io/dapr/client/DaprClientImpl.java

@@ -48,9 +48,11 @@
 import io.dapr.client.domain.ConversationTools;
 import io.dapr.client.domain.ConversationToolsFunction;
 import io.dapr.client.domain.DaprMetadata;
+import io.dapr.client.domain.DecryptRequestAlpha1;
 import io.dapr.client.domain.DeleteJobRequest;
 import io.dapr.client.domain.DeleteStateRequest;
 import io.dapr.client.domain.DropFailurePolicy;
+import io.dapr.client.domain.EncryptRequestAlpha1;
 import io.dapr.client.domain.ExecuteStateTransactionRequest;
 import io.dapr.client.domain.FailurePolicy;
 import io.dapr.client.domain.FailurePolicyType;
@@ -2071,4 +2073,194 @@ private AppConnectionPropertiesHealthMetadata getAppConnectionPropertiesHealth(
     return new AppConnectionPropertiesHealthMetadata(healthCheckPath, healthProbeInterval, healthProbeTimeout,
         healthThreshold);
   }
+
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  public Flux<byte[]> encrypt(EncryptRequestAlpha1 request) {
+    try {
+      if (request == null) {
+        throw new IllegalArgumentException("EncryptRequestAlpha1 cannot be null.");
+      }
+      if (request.getComponentName() == null || request.getComponentName().trim().isEmpty()) {
+        throw new IllegalArgumentException("Component name cannot be null or empty.");
+      }
+      if (request.getKeyName() == null || request.getKeyName().trim().isEmpty()) {
+        throw new IllegalArgumentException("Key name cannot be null or empty.");
+      }
+      if (request.getKeyWrapAlgorithm() == null || request.getKeyWrapAlgorithm().trim().isEmpty()) {
+        throw new IllegalArgumentException("Key wrap algorithm cannot be null or empty.");
+      }
+      if (request.getPlainTextStream() == null) {
+        throw new IllegalArgumentException("Plaintext stream cannot be null.");
+      }
+
+      return Flux.create(sink -> {
+        // Create response observer to receive encrypted data
+        StreamObserver<DaprProtos.EncryptResponse> responseObserver = new StreamObserver<DaprProtos.EncryptResponse>() {
+          @Override
+          public void onNext(DaprProtos.EncryptResponse response) {
+            if (response.hasPayload()) {
+              byte[] data = response.getPayload().getData().toByteArray();
+              if (data.length > 0) {
+                sink.next(data);
+              }
+            }
+          }
+
+          @Override
+          public void onError(Throwable t) {
+            sink.error(DaprException.propagate(new DaprException("ENCRYPT_ERROR", 
+                "Error during encryption: " + t.getMessage(), t)));
+          }
+
+          @Override
+          public void onCompleted() {
+            sink.complete();
+          }
+        };
+
+        // Get the request stream observer from gRPC
+        StreamObserver<DaprProtos.EncryptRequest> requestObserver = 
+            intercept(null, asyncStub).encryptAlpha1(responseObserver);
+
+        // Build options for the first message
+        DaprProtos.EncryptRequestOptions.Builder optionsBuilder = DaprProtos.EncryptRequestOptions.newBuilder()
+            .setComponentName(request.getComponentName())
+            .setKeyName(request.getKeyName())
+            .setKeyWrapAlgorithm(request.getKeyWrapAlgorithm());
+
+        if (request.getDataEncryptionCipher() != null && !request.getDataEncryptionCipher().isEmpty()) {
+          optionsBuilder.setDataEncryptionCipher(request.getDataEncryptionCipher());
+        }
+        optionsBuilder.setOmitDecryptionKeyName(request.isOmitDecryptionKeyName());
+        if (request.getDecryptionKeyName() != null && !request.getDecryptionKeyName().isEmpty()) {
+          optionsBuilder.setDecryptionKeyName(request.getDecryptionKeyName());
+        }
+
+        final DaprProtos.EncryptRequestOptions options = optionsBuilder.build();
+        final long[] sequenceNumber = {0};
+        final boolean[] firstMessage = {true};
+
+        // Subscribe to the plaintext stream and send chunks
+        request.getPlainTextStream()
+            .doOnNext(chunk -> {
+              DaprProtos.EncryptRequest.Builder reqBuilder = DaprProtos.EncryptRequest.newBuilder()
+                  .setPayload(CommonProtos.StreamPayload.newBuilder()
+                      .setData(ByteString.copyFrom(chunk))
+                      .setSeq(sequenceNumber[0]++)
+                      .build());
+
+              // Include options only in the first message
+              if (firstMessage[0]) {
+                reqBuilder.setOptions(options);
+                firstMessage[0] = false;
+              }
+
+              requestObserver.onNext(reqBuilder.build());
+            })
+            .doOnError(error -> {
+              requestObserver.onError(error);
+              sink.error(DaprException.propagate(new DaprException("ENCRYPT_ERROR", 
+                  "Error reading plaintext stream: " + error.getMessage(), error)));
+            })
+            .doOnComplete(() -> {
+              requestObserver.onCompleted();
+            })
+            .subscribe();
+      });
+    } catch (Exception ex) {
+      return DaprException.wrapFlux(ex);
+    }
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  public Flux<byte[]> decrypt(DecryptRequestAlpha1 request) {
+    try {
+      if (request == null) {
+        throw new IllegalArgumentException("DecryptRequestAlpha1 cannot be null.");
+      }
+      if (request.getComponentName() == null || request.getComponentName().trim().isEmpty()) {
+        throw new IllegalArgumentException("Component name cannot be null or empty.");
+      }
+      if (request.getCipherTextStream() == null) {
+        throw new IllegalArgumentException("Ciphertext stream cannot be null.");
+      }
+
+      return Flux.create(sink -> {
+        // Create response observer to receive decrypted data
+        StreamObserver<DaprProtos.DecryptResponse> responseObserver = new StreamObserver<DaprProtos.DecryptResponse>() {
+          @Override
+          public void onNext(DaprProtos.DecryptResponse response) {
+            if (response.hasPayload()) {
+              byte[] data = response.getPayload().getData().toByteArray();
+              if (data.length > 0) {
+                sink.next(data);
+              }
+            }
+          }
+
+          @Override
+          public void onError(Throwable t) {
+            sink.error(DaprException.propagate(new DaprException("DECRYPT_ERROR", 
+                "Error during decryption: " + t.getMessage(), t)));
+          }
+
+          @Override
+          public void onCompleted() {
+            sink.complete();
+          }
+        };
+
+        // Get the request stream observer from gRPC
+        StreamObserver<DaprProtos.DecryptRequest> requestObserver = 
+            intercept(null, asyncStub).decryptAlpha1(responseObserver);
+
+        // Build options for the first message
+        DaprProtos.DecryptRequestOptions.Builder optionsBuilder = DaprProtos.DecryptRequestOptions.newBuilder()
+            .setComponentName(request.getComponentName());
+
+        if (request.getKeyName() != null && !request.getKeyName().isEmpty()) {
+          optionsBuilder.setKeyName(request.getKeyName());
+        }
+
+        final DaprProtos.DecryptRequestOptions options = optionsBuilder.build();
+        final long[] sequenceNumber = {0};
+        final boolean[] firstMessage = {true};
+
+        // Subscribe to the ciphertext stream and send chunks
+        request.getCipherTextStream()
+            .doOnNext(chunk -> {
+              DaprProtos.DecryptRequest.Builder reqBuilder = DaprProtos.DecryptRequest.newBuilder()
+                  .setPayload(CommonProtos.StreamPayload.newBuilder()
+                      .setData(ByteString.copyFrom(chunk))
+                      .setSeq(sequenceNumber[0]++)
+                      .build());
+
+              // Include options only in the first message
+              if (firstMessage[0]) {
+                reqBuilder.setOptions(options);
+                firstMessage[0] = false;
+              }
+
+              requestObserver.onNext(reqBuilder.build());
+            })
+            .doOnError(error -> {
+              requestObserver.onError(error);
+              sink.error(DaprException.propagate(new DaprException("DECRYPT_ERROR", 
+                  "Error reading ciphertext stream: " + error.getMessage(), error)));
+            })
+            .doOnComplete(() -> {
+              requestObserver.onCompleted();
+            })
+            .subscribe();
+      });
+    } catch (Exception ex) {
+      return DaprException.wrapFlux(ex);
+    }
+  }
 }

sdk/src/main/java/io/dapr/client/DaprPreviewClient.java

@@ -21,7 +21,9 @@
 import io.dapr.client.domain.ConversationRequestAlpha2;
 import io.dapr.client.domain.ConversationResponse;
 import io.dapr.client.domain.ConversationResponseAlpha2;
+import io.dapr.client.domain.DecryptRequestAlpha1;
 import io.dapr.client.domain.DeleteJobRequest;
+import io.dapr.client.domain.EncryptRequestAlpha1;
 import io.dapr.client.domain.GetJobRequest;
 import io.dapr.client.domain.GetJobResponse;
 import io.dapr.client.domain.LockRequest;
@@ -32,6 +34,7 @@
 import io.dapr.client.domain.UnlockResponseStatus;
 import io.dapr.client.domain.query.Query;
 import io.dapr.utils.TypeRef;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
 import java.util.List;
@@ -325,4 +328,24 @@ <T> Subscription subscribeToEvents(
    * @return {@link ConversationResponseAlpha2}.
    */
   public Mono<ConversationResponseAlpha2> converseAlpha2(ConversationRequestAlpha2 conversationRequestAlpha2);
+
+  /**
+   * Encrypt data using the Dapr cryptography building block.
+   * This method uses streaming to handle large payloads efficiently.
+   *
+   * @param request The encryption request containing component name, key information, and plaintext stream.
+   * @return A Flux of encrypted byte arrays (ciphertext chunks).
+   * @throws IllegalArgumentException if required parameters are missing.
+   */
+  Flux<byte[]> encrypt(EncryptRequestAlpha1 request);
+
+  /**
+   * Decrypt data using the Dapr cryptography building block.
+   * This method uses streaming to handle large payloads efficiently.
+   *
+   * @param request The decryption request containing component name, optional key name, and ciphertext stream.
+   * @return A Flux of decrypted byte arrays (plaintext chunks).
+   * @throws IllegalArgumentException if required parameters are missing.
+   */
+  Flux<byte[]> decrypt(DecryptRequestAlpha1 request);
 }

sdk/src/main/java/io/dapr/client/domain/DecryptRequestAlpha1.java

@@ -0,0 +1,79 @@
+/*
+ * Copyright 2024 The Dapr Authors
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package io.dapr.client.domain;
+
+import reactor.core.publisher.Flux;
+
+/**
+ * Request to decrypt data using the Dapr Cryptography building block.
+ * Uses streaming to handle large payloads efficiently.
+ */
+public class DecryptRequestAlpha1 {
+
+  private final String componentName;
+  private final Flux<byte[]> cipherTextStream;
+  private String keyName;
+
+  /**
+   * Constructor for DecryptRequestAlpha1.
+   *
+   * @param componentName    Name of the cryptography component. Required.
+   * @param cipherTextStream Stream of ciphertext data to decrypt. Required.
+   */
+  public DecryptRequestAlpha1(String componentName, Flux<byte[]> cipherTextStream) {
+    this.componentName = componentName;
+    this.cipherTextStream = cipherTextStream;
+  }
+
+  /**
+   * Gets the cryptography component name.
+   *
+   * @return the component name
+   */
+  public String getComponentName() {
+    return componentName;
+  }
+
+  /**
+   * Gets the ciphertext data stream to decrypt.
+   *
+   * @return the ciphertext stream as Flux of byte arrays
+   */
+  public Flux<byte[]> getCipherTextStream() {
+    return cipherTextStream;
+  }
+
+  /**
+   * Gets the key name (or name/version) to use for decryption.
+   *
+   * @return the key name, or null if using the key embedded in the ciphertext
+   */
+  public String getKeyName() {
+    return keyName;
+  }
+
+  /**
+   * Sets the key name (or name/version) to decrypt the message.
+   * This overrides any key reference included in the message if present.
+   * This is required if the message doesn't include a key reference
+   * (i.e., was created with omitDecryptionKeyName set to true).
+   *
+   * @param keyName the key name to use for decryption
+   * @return this request instance for method chaining
+   */
+  public DecryptRequestAlpha1 setKeyName(String keyName) {
+    this.keyName = keyName;
+    return this;
+  }
+}