0

I have the following block in a java file (GcpEncrypt.java) that runs fine ( unit tests ).

However when I jar it up and call it from within a logstash Jruby input plugin, it hangs at the client create portion. 

public byte[] decryptWrappedKey(String wrappedKey, String cid)
      throws IOException {

    if (this.testMode) { logger.log(Level.INFO, "Decrypting wrapped key");}

    byte[] wrappedKeyBytes = Base64.decodeBase64(wrappedKey);

    // Create the KeyManagementServiceClient using try-with-resources to manage client cleanup.
    if (this.testMode) { logger.log(Level.INFO, "Creating KMS Client ...");}
    try {
      KeyManagementServiceClient client = KeyManagementServiceClient.create();
      logger.log(Level.INFO, "ENTERED KEY CREATION");
      String keyResourceName = CryptoKeyName.format(
        this.projectId,
        this.locationId,
        this.keyRingId,
        cid);

      // Decrypt the ciphertext with Cloud KMS.
      if (this.testMode) { logger.log(Level.INFO, "Decrypting KMS response"); }
      DecryptResponse response = client.decrypt(keyResourceName, ByteString.copyFrom(wrappedKeyBytes));
      if (this.testMode) { logger.log(Level.INFO, "Returning decrypted wraped key"); }
      client.close();
      logger.log(Level.INFO, "**************CLOSING KMS CLIENT ***********");
      return response.getPlaintext().toByteArray();
    }catch (Exception e) {
      throw new RuntimeException(e);
    }
  }

I can see the ENTERED KEY CREATION log and then it just hangs, how can I go debugging this?

EDIT

I was able to find the relevant by instantiating the KeyManagementServiceClient as an instance variable. It seems the 'com.google.cloud', 'google-cloud-kms', '0.81.0-beta' jar is missing the com/google/cloud/kms/v1/ListKeyRingsRequest class.

java.lang.NoClassDefFoundError: com/google/cloud/kms/v1/ListKeyRingsRequest
        at com.google.cloud.kms.v1.stub.GrpcKeyManagementServiceStub.<clinit>(com/google/cloud/kms/v1/stub/GrpcKeyManagementServiceStub.java:88)
        at com.google.cloud.kms.v1.stub.KeyManagementServiceStubSettings.createStub(com/google/cloud/kms/v1/stub/KeyManagementServiceStubSetting
s.java:292)
        at com.google.cloud.kms.v1.KeyManagementServiceClient.<init>(com/google/cloud/kms/v1/KeyManagementServiceClient.java:154)
        at com.google.cloud.kms.v1.KeyManagementServiceClient.create(com/google/cloud/kms/v1/KeyManagementServiceClient.java:135)
        at com.google.cloud.kms.v1.KeyManagementServiceClient.create(com/google/cloud/kms/v1/KeyManagementServiceClient.java:126)
ShahNewazKhan
  • 1,057
  • 1
  • 12
  • 26
  • I'm not able to reproduce your issue. Also, it looks like Logstash prefers plugins be written in Ruby: https://www.elastic.co/guide/en/logstash/current/_how_to_write_a_logstash_input_plugin.html. There's a Ruby KMS gem here: https://cloud.google.com/kms/docs/reference/libraries#client-libraries-install-ruby – sethvargo Feb 25 '19 at 15:07
  • @sethvargo thanks for the input, I am actually extending this https://www.elastic.co/guide/en/logstash/current/plugins-inputs-google_pubsub.html plugin by adding a decrypt logic for the payload in the current pubsub subscriber handler. Currently it is implemented as a jar file with the code above, I will look into implementing the decrypt logic direclty in Ruby. – ShahNewazKhan Feb 25 '19 at 19:04
  • Sorry - I don't have a good Java env for jruby setup for extensive testing, but your snippet worked fine for me after I filled in the properties with my values. – sethvargo Feb 26 '19 at 03:30
  • @sethvargo no worries, please check the EDIT to my original question as I was able to find more relevant logs. – ShahNewazKhan Feb 27 '19 at 00:57

0 Answers0