Skip to main content

JsonIndexer

cipherstash_client::encryption

Struct JsonIndexer 

pub struct JsonIndexer { /* private fields */ }
Expand description

Indexer for searchable encryption of JSON documents.

A JsonIndexer flattens a JSON value into path/value pairs, applies any configured term filters, and produces an [SteVecPendingEncryption] ready to be sealed with a data key. The same indexer (with the same key and prefix) is used on the query side to produce SteQueryVec, TokenizedSelector, and EncryptedSteVecTerm values that match the stored index.

Construct one with JsonIndexer::new from JsonIndexerOptions, or use Default for an indexer with an empty prefix, no term filters, and ArrayIndexMode::ALL.

Implementations§

§

impl JsonIndexer

pub fn new(opts: JsonIndexerOptions) -> Self

Create a new indexer from the given options.

pub fn index( &self, json: Value, index_key: &IndexKey, ) -> Result<SteVecPendingEncryption<16>, EncryptionError>

Generates an [SteVecPendingEncryption] from a JSON value. This represents the indexed form of the JSON, but with source plaintexts still present. This can then be encrypted into a final SteVec using a crate::zerokms::DataKeyWithTag with [SteVecPendingEncryption::encrypt].

Once encrypted, the resulting SteVec can be stored in a database column or some other storage.

§Example
use cipherstash_client::encryption::{JsonIndexer, JsonIndexerOptions, SteVec};
use cipherstash_client::zerokms::{DataKey, DataKeyWithTag, IndexKey};
use zerokms_protocol::cipherstash_config::column::ArrayIndexMode;
use serde_json::Value;

let opts = JsonIndexerOptions {
    prefix: "foo".to_string(),
    term_filters: Vec::new(),
    array_index_mode: ArrayIndexMode::ALL,
    ..Default::default()
};
let indexer = JsonIndexer::new(opts);
let index_key = IndexKey::from([0; 32]);
let json = serde_json::json!({ "a": 1, "b": { "c": 2 } });
let pending_encryption = indexer.index(json, &index_key).unwrap();

// Encrypt the pending entries with a DataKeyWithTag
// CAUTION: Always use a data key generated by Zerokms for production use.
// Attempting to generate your own keys will result in invalid tags and decryption failures.
let key = DataKey {
    iv: [0; 16],
    key: [0; 32],
};
let key_with_tag = DataKeyWithTag { key, tag: vec![0, 1, 2], decryption_policy: None };
let ste_vec: SteVec<16> = pending_encryption.encrypt(key_with_tag).unwrap();

pub fn query( &self, json: Value, index_key: &IndexKey, ) -> Result<SteQueryVec<16>, EncryptionError>

Generate an SteQueryVec from a JSON value.

This is useful for building containment queries (e.g. @> operator in Postgres). For example, given an SteVec column attrs, an SteQueryVec generated from a plaintext JSON value.

use cipherstash_client::encryption::{JsonIndexer, JsonIndexerOptions};
use cipherstash_client::zerokms::IndexKey;
use zerokms_protocol::cipherstash_config::column::ArrayIndexMode;

let opts = JsonIndexerOptions {
    prefix: "foo".to_string(),
    term_filters: Vec::new(),
    array_index_mode: ArrayIndexMode::ALL,
    ..Default::default()
};
let indexer = JsonIndexer::new(opts);
let index_key = IndexKey::from([0; 32]);
let json = serde_json::json!({ "a": 1, "b": { "c": 2 } });
let q = indexer.query(json, &index_key).unwrap();

This can then be used in a query like:

-- $1 is the query parameter, q
-- Example: q = [["aaa...", "bbb..."], ["ccc...", "ddd..."]]
SELECT * FROM table WHERE attrs @> $1;

pub fn generate_selector( &self, selector: Selector, index_key: &IndexKey, ) -> TokenizedSelector<16>

Generate a TokenizedSelector from a JSON path. This is useful for building queries that target specific paths in a JSON document.

For example, given an SteVec column attrs, a TokenizedSelector generated from a JSON path.

use cipherstash_client::encryption::{JsonIndexer, JsonIndexerOptions};
use cipherstash_client::zerokms::IndexKey;
use cipherstash_client::ejsonpath::Selector;
use zerokms_protocol::cipherstash_config::column::ArrayIndexMode;

let opts = JsonIndexerOptions { prefix: "foo".to_string(), term_filters: Vec::new(), array_index_mode: ArrayIndexMode::ALL, ..Default::default() };
let indexer = JsonIndexer::new(opts);
let index_key = IndexKey::from([0; 32]);
let json = serde_json::json!({ "a": 1, "b": { "c": 2 } });
let selector = Selector::parse("$.b.c").unwrap();
let tokenized_selector = indexer.generate_selector(selector, &index_key);

This can then be used in a query like:

-- $1 is the tokenized selector
-- Example: "4eb62fb72d75cb53a309b3b091923daf"
SELECT jsonb_path_query(attrs, '$ ? (exists(@ ? (@[0] == $1)))[2]') FROM table;

This is equivalent to the unencrypted query:

SELECT attrs->'b'->'c' FROM table WHERE attrs->'b'->'c' IS NOT NULL;

Trait Implementations§

§

impl Default for JsonIndexer

§

fn default() -> Self

Returns the “default value” for a type. Read more
§

impl IndexerInit for JsonIndexer

§

type Args = JsonIndexerOptions

§

type Error = EncryptionError

§

fn try_init<A>(args: A) -> Result<Self, Self::Error>
where Self::Args: TryFrom<A, Error = Self::Error>,

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> AuthStrategyBounds for T
where T: Send + Sync + 'static,

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> Fake for T

Source§

fn fake<U>(&self) -> U
where Self: FakeBase<U>,

Source§

fn fake_with_rng<U, R>(&self, rng: &mut R) -> U
where R: Rng + ?Sized, Self: FakeBase<U>,

Source§

impl<T> Fake for T

Source§

fn fake<U>(&self) -> U
where Self: FakeBase<U>,

Source§

fn fake_with_rng<U, R>(&self, rng: &mut R) -> U
where R: Rng + ?Sized, Self: FakeBase<U>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<D> OwoColorize for D

Source§

fn fg<C>(&self) -> FgColorDisplay<'_, C, Self>
where C: Color,

Set the foreground color generically Read more
Source§

fn bg<C>(&self) -> BgColorDisplay<'_, C, Self>
where C: Color,

Set the background color generically. Read more
Source§

fn black(&self) -> FgColorDisplay<'_, Black, Self>

Change the foreground color to black
Source§

fn on_black(&self) -> BgColorDisplay<'_, Black, Self>

Change the background color to black
Source§

fn red(&self) -> FgColorDisplay<'_, Red, Self>

Change the foreground color to red
Source§

fn on_red(&self) -> BgColorDisplay<'_, Red, Self>

Change the background color to red
Source§

fn green(&self) -> FgColorDisplay<'_, Green, Self>

Change the foreground color to green
Source§

fn on_green(&self) -> BgColorDisplay<'_, Green, Self>

Change the background color to green
Source§

fn yellow(&self) -> FgColorDisplay<'_, Yellow, Self>

Change the foreground color to yellow
Source§

fn on_yellow(&self) -> BgColorDisplay<'_, Yellow, Self>

Change the background color to yellow
Source§

fn blue(&self) -> FgColorDisplay<'_, Blue, Self>

Change the foreground color to blue
Source§

fn on_blue(&self) -> BgColorDisplay<'_, Blue, Self>

Change the background color to blue
Source§

fn magenta(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to magenta
Source§

fn on_magenta(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to magenta
Source§

fn purple(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to purple
Source§

fn on_purple(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to purple
Source§

fn cyan(&self) -> FgColorDisplay<'_, Cyan, Self>

Change the foreground color to cyan
Source§

fn on_cyan(&self) -> BgColorDisplay<'_, Cyan, Self>

Change the background color to cyan
Source§

fn white(&self) -> FgColorDisplay<'_, White, Self>

Change the foreground color to white
Source§

fn on_white(&self) -> BgColorDisplay<'_, White, Self>

Change the background color to white
Source§

fn default_color(&self) -> FgColorDisplay<'_, Default, Self>

Change the foreground color to the terminal default
Source§

fn on_default_color(&self) -> BgColorDisplay<'_, Default, Self>

Change the background color to the terminal default
Source§

fn bright_black(&self) -> FgColorDisplay<'_, BrightBlack, Self>

Change the foreground color to bright black
Source§

fn on_bright_black(&self) -> BgColorDisplay<'_, BrightBlack, Self>

Change the background color to bright black
Source§

fn bright_red(&self) -> FgColorDisplay<'_, BrightRed, Self>

Change the foreground color to bright red
Source§

fn on_bright_red(&self) -> BgColorDisplay<'_, BrightRed, Self>

Change the background color to bright red
Source§

fn bright_green(&self) -> FgColorDisplay<'_, BrightGreen, Self>

Change the foreground color to bright green
Source§

fn on_bright_green(&self) -> BgColorDisplay<'_, BrightGreen, Self>

Change the background color to bright green
Source§

fn bright_yellow(&self) -> FgColorDisplay<'_, BrightYellow, Self>

Change the foreground color to bright yellow
Source§

fn on_bright_yellow(&self) -> BgColorDisplay<'_, BrightYellow, Self>

Change the background color to bright yellow
Source§

fn bright_blue(&self) -> FgColorDisplay<'_, BrightBlue, Self>

Change the foreground color to bright blue
Source§

fn on_bright_blue(&self) -> BgColorDisplay<'_, BrightBlue, Self>

Change the background color to bright blue
Source§

fn bright_magenta(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright magenta
Source§

fn on_bright_magenta(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright magenta
Source§

fn bright_purple(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright purple
Source§

fn on_bright_purple(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright purple
Source§

fn bright_cyan(&self) -> FgColorDisplay<'_, BrightCyan, Self>

Change the foreground color to bright cyan
Source§

fn on_bright_cyan(&self) -> BgColorDisplay<'_, BrightCyan, Self>

Change the background color to bright cyan
Source§

fn bright_white(&self) -> FgColorDisplay<'_, BrightWhite, Self>

Change the foreground color to bright white
Source§

fn on_bright_white(&self) -> BgColorDisplay<'_, BrightWhite, Self>

Change the background color to bright white
Source§

fn bold(&self) -> BoldDisplay<'_, Self>

Make the text bold
Source§

fn dimmed(&self) -> DimDisplay<'_, Self>

Make the text dim
Source§

fn italic(&self) -> ItalicDisplay<'_, Self>

Make the text italicized
Source§

fn underline(&self) -> UnderlineDisplay<'_, Self>

Make the text underlined
Make the text blink
Make the text blink (but fast!)
Source§

fn reversed(&self) -> ReversedDisplay<'_, Self>

Swap the foreground and background colors
Source§

fn hidden(&self) -> HiddenDisplay<'_, Self>

Hide the text
Source§

fn strikethrough(&self) -> StrikeThroughDisplay<'_, Self>

Cross out the text
Source§

fn color<Color>(&self, color: Color) -> FgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the foreground color at runtime. Only use if you do not know which color will be used at compile-time. If the color is constant, use either OwoColorize::fg or a color-specific method, such as OwoColorize::green, Read more
Source§

fn on_color<Color>(&self, color: Color) -> BgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the background color at runtime. Only use if you do not know what color to use at compile-time. If the color is constant, use either OwoColorize::bg or a color-specific method, such as OwoColorize::on_yellow, Read more
Source§

fn fg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> FgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the foreground color to a specific RGB value.
Source§

fn bg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> BgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the background color to a specific RGB value.
Source§

fn truecolor(&self, r: u8, g: u8, b: u8) -> FgDynColorDisplay<'_, Rgb, Self>

Sets the foreground color to an RGB value.
Source§

fn on_truecolor(&self, r: u8, g: u8, b: u8) -> BgDynColorDisplay<'_, Rgb, Self>

Sets the background color to an RGB value.
Source§

fn style(&self, style: Style) -> Styled<&Self>

Apply a runtime-determined style
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more