Documentation

TenantSecurityRequest
in package

Class used to communicate with the Tenant Security Proxy.

Not intended to be used by consumers of the SDK.

Table of Contents

BATCH_UNWRAP_ENDPOINT  = "document/batch-unwrap"
BATCH_WRAP_ENDPOINT  = "document/batch-wrap"
REKEY_ENDPOINT  = "document/rekey"
SECURITY_EVENT_ENDPOINT  = "event/security-event"
TENANT_KEY_DERIVE_ENDPOINT  = "key/derive"
TSP_API_PREFIX  = "/api/1/"
UNWRAP_ENDPOINT  = "document/unwrap"
WRAP_ENDPOINT  = "document/wrap"
$apiKey  : string
$ch  : CurlHandle
$tspAddress  : string
__construct()  : mixed
batchUnwrapKeys()  : BatchUnwrapKeyResponse
Requests the TSP to unwrap multiple EDEKs.
batchWrapKeys()  : BatchWrapKeyResponse
Requests the TSP to generate multiple DEK/EDEK pairs.
logSecurityEvent()  : void
Request to the security event endpoint with the provided event and metadata.
makeJsonRequest()  : string
Makes a POST request to a Tenant Security Proxy endpoint with the provided JSON payload.
rekey()  : RekeyResponse
Requests the TSP to re-key an EDEK.
unwrapKey()  : UnwrapKeyResponse
Requests the TSP to unwrap an EDEK.
wrapKey()  : WrapKeyResponse
Requests the TSP to generate a DEK and an EDEK.

Constants

Properties

$apiKey

private string $apiKey

Secret key used to communicate with the Tenant Security Proxy

Methods

__construct()

protected __construct(string $tspAddress, string $apiKey) : mixed
Parameters
$tspAddress : string

URL of the Tenant Security Proxy

$apiKey : string

Secret key needed to communicate with the Tenant Security Proxy

Return values
mixed

batchUnwrapKeys()

Requests the TSP to unwrap multiple EDEKs.

protected batchUnwrapKeys(array<string|int, Bytes$edeks, RequestMetadata $metadata) : BatchUnwrapKeyResponse
Parameters
$edeks : array<string|int, Bytes>

Map from document IDs to EDEKs to unwrap

$metadata : RequestMetadata

Metadata about the requesting user/service

Tags
throws
TenantSecurityException

if the request to the TSP fails.

Return values
BatchUnwrapKeyResponse

The unwrapped DEKs, as well as any failures

batchWrapKeys()

Requests the TSP to generate multiple DEK/EDEK pairs.

protected batchWrapKeys(array<string|int, string> $documentIds, RequestMetadata $metadata) : BatchWrapKeyResponse
Parameters
$documentIds : array<string|int, string>

Document IDs to generate DEK/EDEK for.

$metadata : RequestMetadata

Metadata about the requesting user/service

Tags
throws
TenantSecurityException

if the request to the TSP fails.

Return values
BatchWrapKeyResponse

The generated DEKs and EDEKs, as well as any failures

logSecurityEvent()

Request to the security event endpoint with the provided event and metadata.

protected logSecurityEvent(SecurityEvent $event, EventMetadata $metadata) : void
Parameters
$event : SecurityEvent

Security event representing the action to be logged.

$metadata : EventMetadata

Metadata associated with the security event.

Return values
void

Failures come back as exceptions

makeJsonRequest()

Makes a POST request to a Tenant Security Proxy endpoint with the provided JSON payload.

protected makeJsonRequest(string $endpoint, string $jsonEncodedData) : string
Parameters
$endpoint : string

Tenant Security Proxy endpoint to make a request to

$jsonEncodedData : string

Payload to send to the Tenant Security Proxy

Tags
throws
TenantSecurityException

if the request to the Tenant Security Proxy fails

Return values
string

The response from the Tenant Security Proxy

rekey()

Requests the TSP to re-key an EDEK.

protected rekey(Bytes $edek, string $newTenantId, RequestMetadata $metadata) : RekeyResponse
Parameters
$edek : Bytes

The encrypted document key to re-key

$newTenantId : string

Tenant ID to re-key to

$metadata : RequestMetadata

Metadata about the requesting user/service

Tags
throws
TenantSecurityException

if the TSP responds with an error or if the request to the TSP fails.

Return values
RekeyResponse

The new DEK and EDEK

Search results