summaryrefslogtreecommitdiff
path: root/plugin/aws_key_management/aws_key_management_plugin.cc
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/aws_key_management/aws_key_management_plugin.cc')
-rw-r--r--plugin/aws_key_management/aws_key_management_plugin.cc29
1 files changed, 16 insertions, 13 deletions
diff --git a/plugin/aws_key_management/aws_key_management_plugin.cc b/plugin/aws_key_management/aws_key_management_plugin.cc
index b99beb0774d..eb330103291 100644
--- a/plugin/aws_key_management/aws_key_management_plugin.cc
+++ b/plugin/aws_key_management/aws_key_management_plugin.cc
@@ -106,6 +106,14 @@ static std::mutex mtx;
static Aws::KMS::KMSClient *client;
+static void print_kms_error(const char *func, const Aws::Client::AWSError<Aws::KMS::KMSErrors>& err)
+{
+ my_printf_error(ER_UNKNOWN_ERROR,
+ "AWS KMS plugin : KMS Client API '%s' failed : %s - %s",
+ ME_ERROR_LOG,
+ func, err.GetExceptionName().c_str(), err.GetMessage().c_str());
+}
+
#if WITH_AWS_MOCK
/*
Mock routines to test plugin without actual AWS KMS interaction
@@ -127,7 +135,7 @@ static int mock_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
}
-static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
/* We do not encrypt or decrypt in mock mode.*/
*output = input;
@@ -401,14 +409,14 @@ static unsigned int get_latest_key_version_nolock(unsigned int key_id)
}
/* Decrypt Byte buffer with AWS. */
-static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
DecryptRequest request;
request.SetCiphertextBlob(input);
DecryptOutcome outcome = client->Decrypt(request);
if (!outcome.IsSuccess())
{
- *errmsg = outcome.GetError().GetMessage();
+ print_kms_error("Decrypt", outcome.GetError());
return -1;
}
*output= outcome.GetResult().GetPlaintext();
@@ -416,13 +424,13 @@ static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* out
}
-static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
+static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
#if WITH_AWS_MOCK
if(mock)
- return mock_decrypt(input,output, errmsg);
+ return mock_decrypt(input,output);
#endif
- return aws_decrypt(input, output, errmsg);
+ return aws_decrypt(input, output);
}
/*
@@ -452,12 +460,9 @@ static int read_and_decrypt_key(const char *path, KEY_INFO *info)
Aws::Utils::ByteBuffer input((unsigned char *)contents.data(), pos);
Aws::Utils::ByteBuffer plaintext;
- Aws::String errmsg;
- if (decrypt(input, &plaintext, &errmsg))
+ if (decrypt(input, &plaintext))
{
- my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: Decrypt failed for %s : %s", ME_ERROR_LOG, path,
- errmsg.c_str());
return -1;
}
@@ -491,9 +496,7 @@ int aws_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
outcome= client->GenerateDataKeyWithoutPlaintext(request);
if (!outcome.IsSuccess())
{
- my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin : GenerateDataKeyWithoutPlaintext failed : %s - %s", ME_ERROR_LOG,
- outcome.GetError().GetExceptionName().c_str(),
- outcome.GetError().GetMessage().c_str());
+ print_kms_error("GenerateDataKeyWithoutPlaintext", outcome.GetError());
return(-1);
}
*result = outcome.GetResult().GetCiphertextBlob();