Package org.gridgain.internal.encryption.reencryption

Interface ReencryptionStorage

public interface ReencryptionStorage

Storage interface for managing page re-encryption operations during encryption key rotation.

This interface provides methods to track and manage the re-encryption process when a Data Encryption Key (DEK) is rotated. It maintains the state and progress of re-encryption operations across multiple partitions within a group.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static enum	ReencryptionStorage.FinishReason	Enumeration of reasons for finishing a re-encryption operation.

Method Summary

Modifier and Type	Method	Description
void	finishReencryption(int groupId, int keyId, ReencryptionStorage.FinishReason reason)	Marks a re-encryption operation as finished with the specified reason.
@Nullable ReencryptionStatus	groupReencryptionStatus(int groupId, int keyId)	Retrieves the status of a specific re-encryption operation identified by group and key ID.
@Nullable ReencryptionStatus	lastKeyReencryptionStatus(int groupId)	Retrieves the status of the most recent re-encryption operation for the specified group.
void	registerReencryption(int groupId, int keyId, boolean backgroundEnabled)	Registers a new re-encryption operation for the specified group with a new encryption key.
void	setCount(int groupId, int keyId, int partitionId, int count)	Sets the total page count for a specific partition in a re-encryption operation.
void	updateProgress(int groupId, int keyId, int partitionId, int index)	Updates the progress of a re-encryption operation for a specific partition.

Method Details

registerReencryption

void registerReencryption(int groupId,
 int keyId,
 boolean backgroundEnabled)

Registers a new re-encryption operation for the specified group with a new encryption key.

This method initiates tracking of a re-encryption process. If there is an ongoing re-encryption operation, it may be canceled and replaced with the new operation.

Parameters:

groupId - The identifier of the group to be re-encrypted.

keyId - The identifier of the new encryption key to be used for re-encryption.

backgroundEnabled - Whether background re-encryption is enabled. If false, the re-encryption status will be set to BACKGROUND_DISABLED.

lastKeyReencryptionStatus

@Nullable
@Nullable ReencryptionStatus lastKeyReencryptionStatus(int groupId)

Retrieves the status of the most recent re-encryption operation for the specified group.

The returned status includes the encryption key ID, current state (in progress, completed, or canceled), and the progress information for each partition.

Parameters:

groupId - The identifier of the group whose re-encryption status is requested.

Returns:

The ReencryptionStatus containing the current state and progress information, or null if no re-encryption has been registered for this group.

groupReencryptionStatus

@Nullable
@Nullable ReencryptionStatus groupReencryptionStatus(int groupId,
 int keyId)

Retrieves the status of a specific re-encryption operation identified by group and key ID.

Unlike lastKeyReencryptionStatus(int), which returns only the most recent re-encryption status for a group, this method allows retrieval of any historical re-encryption operation by its specific encryption key ID. This is useful for tracking the history of multiple key rotations over time.

The returned status includes the encryption key ID, state (in progress, completed, or canceled), and the progress information for each partition at the time of that specific re-encryption operation.

Parameters:

groupId - The identifier of the group whose re-encryption status is requested.

keyId - The identifier of the encryption key used for the specific re-encryption operation.

Returns:

The ReencryptionStatus for the specified group and key combination, or null if no re-encryption with this key has been registered for the group.

updateProgress

void updateProgress(int groupId,
 int keyId,
 int partitionId,
 int index)

Updates the progress of a re-encryption operation for a specific partition.

This method records the last successfully processed page index for the given partition. Progress tracking allows the re-encryption process to resume from the last known position in case of interruption.

Parameters:

groupId - The identifier of the group being re-encrypted.

keyId - The identifier of the encryption key being used for re-encryption.

partitionId - The identifier of the partition whose progress is being updated.

index - The index of the last successfully re-encrypted page in the partition.

setCount

void setCount(int groupId,
 int keyId,
 int partitionId,
 int count)

Sets the total page count for a specific partition in a re-encryption operation.

This method records the total number of pages in a partition that need to be re-encrypted. This information is used to track overall progress and calculate completion percentage for the re-encryption operation.

Parameters:

groupId - The identifier of the group being re-encrypted.

keyId - The identifier of the encryption key being used for re-encryption.

partitionId - The identifier of the partition whose total page count is being set.

count - The total number of pages in the partition.

finishReencryption

void finishReencryption(int groupId,
 int keyId,
 ReencryptionStorage.FinishReason reason)

Marks a re-encryption operation as finished with the specified reason.

This method finalizes the re-encryption operation, transitioning it to a terminal state. The operation can finish either due to successful completion or due to a new DEK rotation being initiated.

Parameters:

groupId - The identifier of the group whose re-encryption is being finished.

keyId - The identifier of the encryption key used in the re-encryption operation.

reason - The reason for finishing the re-encryption operation.