MySQL 8.0.39
Source Code Documentation
|
Keyring reader with status service provides APIs to fetch sensitive data from keyring backend. More...
#include <keyring_reader_with_status.h>
Public Attributes | |
mysql_service_status_t(* | init )(const char *data_id, const char *auth_id, my_h_keyring_reader_object *reader_object) |
Initialize reader. More... | |
mysql_service_status_t(* | deinit )(my_h_keyring_reader_object reader_object) |
Deinitialize reader. More... | |
mysql_service_status_t(* | fetch_length )(my_h_keyring_reader_object reader_object, size_t *data_size, size_t *data_type_size) |
Fetch length of the data if it exists data_size and data_type_size must not be nullptr. More... | |
mysql_service_status_t(* | fetch )(my_h_keyring_reader_object reader_object, unsigned char *data_buffer, size_t data_buffer_length, size_t *data_size, char *data_type, size_t data_type_buffer_length, size_t *data_type_size) |
Fetches data if it exists. More... | |
Keyring reader with status service provides APIs to fetch sensitive data from keyring backend.
It is designed to be compatible with corresponding plugin method which returns state of the keyring as well.
Data stored within keyring should be uniquely identified using:
fetch and fetch_length APIs return a value indicating one of the 3 possible states.
Implementor can choose to: A. Read data from backend on each request B. Cache data in memory and server read requests from the cache
In case of B, care should be taken to keep cached data in sync with backend.
To go one step further, implementation may let user choose behavior (cached or otherwise) for read operation through configuration options.
mysql_service_status_t(* s_mysql_keyring_reader_with_status::deinit) (my_h_keyring_reader_object reader_object) |
Deinitialize reader.
[in] | reader_object | Reader object |
false | Success |
true | Failure |
mysql_service_status_t(* s_mysql_keyring_reader_with_status::fetch) (my_h_keyring_reader_object reader_object, unsigned char *data_buffer, size_t data_buffer_length, size_t *data_size, char *data_type, size_t data_type_buffer_length, size_t *data_type_size) |
Fetches data if it exists.
All pointer parameters must be non-null.
Data_type value is implementation specific. It associates type label with data which may be an important indicator for certain backends.
Minimum expectation: AES, SECRET
data_buffer size must be enough to hold data data_type size must be enough to hold datatype and a null-terminating character
[in] | reader_object | Reader object |
[out] | data_buffer | Out buffer for data. Byte string. |
[in] | data_buffer_length | Length of out buffer |
[out] | data_size | Size of fetched data |
[out] | data_type | Type of data. ASCII. Null terminated. |
[in] | data_type_buffer_length | Length of data type buffer |
[out] | data_type_size | Size of fetched datatype |
false | success |
true | failure |
mysql_service_status_t(* s_mysql_keyring_reader_with_status::fetch_length) (my_h_keyring_reader_object reader_object, size_t *data_size, size_t *data_type_size) |
Fetch length of the data if it exists data_size and data_type_size must not be nullptr.
Data_type value is implementation specific. It associates type label with data which may be an important indicator for certain backends.
Minimum expectation: AES, SECRET
[in] | reader_object | Reader object |
[out] | data_size | Size of fetched data in bytes |
[out] | data_type_size | Size of data type |
false | success |
true | failure |
mysql_service_status_t(* s_mysql_keyring_reader_with_status::init) (const char *data_id, const char *auth_id, my_h_keyring_reader_object *reader_object) |
Initialize reader.
[in] | data_id | Data Identifier. Byte string. |
[in] | auth_id | Authorization ID. Byte string. |
[out] | reader_object | Reader object |
If return value is false, here is how value of reader_object is interpreted: reader_object == nullptr implies key does not exist reader_object != nullptr implies key exists
false | Success - Does not mean that key is found. |
true | Failure |