[DLP] Implemented Reidentify With Deterministic Encryption (GoogleCloudPlatform#7849)

bhavika-dhanwani · averikitsch · Sita04 · web-flow · commit fd02f1607906 · 2023-04-24T18:02:06.000+05:30
* implemented ReidentifyWithDeterministicEncryption.java

* resolved review comments

* resolved test error

* resolved review comments

---------

Co-authored-by: Averi Kitsch &lt;akitsch@google.com&gt;
Co-authored-by: Sita Lakshmi Sangameswaran &lt;sita1996@gmail.com&gt;
Co-authored-by: Shabir Mohamed Abdul Samadh &lt;7249208+Shabirmean@users.noreply.github.com&gt;
diff --git a/dlp/snippets/src/main/java/dlp/snippets/DeIdenitfyWithDeterministicEncryption.java b/dlp/snippets/src/main/java/dlp/snippets/DeIdenitfyWithDeterministicEncryption.java
@@ -58,7 +58,7 @@ public static void main(String[] args) throws Exception {
     deIdentifyWithDeterministicEncryption(projectId, textToDeIdentify, wrappedKey, kmsKeyName);
   }
 
-  public static void deIdentifyWithDeterministicEncryption(
+  public static String deIdentifyWithDeterministicEncryption(
       String projectId, String textToDeIdentify, String wrappedKey, String key) throws IOException {
     // Initialize client that will be used to send requests. This client only needs to be created
     // once, and can be reused for multiple requests. After completing all of your requests, call
@@ -131,6 +131,9 @@ public static void deIdentifyWithDeterministicEncryption(
       // Print the results.
       System.out.println(
           "Text after de-identification: " + response.getItem().getValue());
+
+      return response.getItem().getValue();
+
     }
   }
 }
diff --git a/dlp/snippets/src/main/java/dlp/snippets/ReidentifyWithDeterministicEncryption.java b/dlp/snippets/src/main/java/dlp/snippets/ReidentifyWithDeterministicEncryption.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package dlp.snippets;
+
+// [START dlp_reidentify_deterministic]
+
+import com.google.cloud.dlp.v2.DlpServiceClient;
+import com.google.privacy.dlp.v2.ContentItem;
+import com.google.privacy.dlp.v2.CryptoDeterministicConfig;
+import com.google.privacy.dlp.v2.CryptoKey;
+import com.google.privacy.dlp.v2.CustomInfoType;
+import com.google.privacy.dlp.v2.DeidentifyConfig;
+import com.google.privacy.dlp.v2.InfoType;
+import com.google.privacy.dlp.v2.InfoTypeTransformations;
+import com.google.privacy.dlp.v2.InspectConfig;
+import com.google.privacy.dlp.v2.KmsWrappedCryptoKey;
+import com.google.privacy.dlp.v2.LocationName;
+import com.google.privacy.dlp.v2.PrimitiveTransformation;
+import com.google.privacy.dlp.v2.ReidentifyContentRequest;
+import com.google.privacy.dlp.v2.ReidentifyContentResponse;
+import com.google.protobuf.ByteString;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import org.apache.commons.codec.binary.Base64;
+
+public class ReidentifyWithDeterministicEncryption {
+
+  public static void main(String[] args) throws Exception {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // The Google Cloud project id to use as a parent resource.
+    String projectId = "your-project-id";
+    // The string to de-identify.
+    String textToIdentify = "My SSN is 372819127";
+    // The encrypted ('wrapped') AES-256 key to use.
+    // This key should be encrypted using the Cloud KMS key specified by key_name.
+    String wrappedKey = "YOUR_ENCRYPTED_AES_256_KEY";
+    // The name of the Cloud KMS key used to encrypt ('wrap') the AES-256 key.
+    String kmsKeyName =
+        "projects/YOUR_PROJECT/"
+            + "locations/YOUR_KEYRING_REGION/"
+            + "keyRings/YOUR_KEYRING_NAME/"
+            + "cryptoKeys/YOUR_KEY_NAME";
+    // The string to re-identify.
+    String textToReIdentify =
+        DeIdenitfyWithDeterministicEncryption.deIdentifyWithDeterministicEncryption(
+            projectId, textToIdentify, wrappedKey, kmsKeyName);
+    reIdentifyWithDeterminsiticEncryption(projectId, textToReIdentify, wrappedKey, kmsKeyName);
+  }
+
+  public static void reIdentifyWithDeterminsiticEncryption(
+      String projectId, String textToReIdentify, String wrappedKey, String key) throws IOException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the "close" method on the client to safely clean up any remaining background resources.
+    try (DlpServiceClient dlp = DlpServiceClient.create()) {
+      // Specify what content you want the service to ReIdentify
+      ContentItem contentItem = ContentItem.newBuilder().setValue(textToReIdentify).build();
+
+      CustomInfoType.SurrogateType surrogateType =
+          CustomInfoType.SurrogateType.newBuilder().build();
+
+      // Specify the surrogate type used at time of de-identification.
+      InfoType surrogateInfoType = InfoType.newBuilder()
+              .setName("SSN_TOKEN")
+              .build();
+
+      CustomInfoType customInfoType = CustomInfoType.newBuilder()
+              .setInfoType(surrogateInfoType)
+              .setSurrogateType(surrogateType)
+              .build();
+
+      InspectConfig inspectConfig = InspectConfig.newBuilder()
+              .addCustomInfoTypes(customInfoType)
+              .build();
+
+      // Specify an encrypted AES-256 key and the name of the Cloud KMS key that encrypted it.
+      KmsWrappedCryptoKey unwrappedCryptoKey = KmsWrappedCryptoKey.newBuilder()
+              .setWrappedKey(
+                  ByteString.copyFrom(
+                          Base64.decodeBase64(wrappedKey.getBytes(StandardCharsets.UTF_8))))
+              .setCryptoKeyName(key)
+              .build();
+      CryptoKey cryptoKey = CryptoKey.newBuilder()
+              .setKmsWrapped(unwrappedCryptoKey)
+              .build();
+
+      CryptoDeterministicConfig cryptoDeterministicConfig = CryptoDeterministicConfig.newBuilder()
+              .setSurrogateInfoType(surrogateInfoType)
+              .setCryptoKey(cryptoKey)
+              .build();
+
+      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
+              .setCryptoDeterministicConfig(cryptoDeterministicConfig)
+              .build();
+
+      InfoTypeTransformations.InfoTypeTransformation infoTypeTransformation =
+          InfoTypeTransformations.InfoTypeTransformation.newBuilder()
+              .setPrimitiveTransformation(primitiveTransformation)
+              .build();
+
+      InfoTypeTransformations transformations = InfoTypeTransformations.newBuilder()
+              .addTransformations(infoTypeTransformation)
+              .build();
+
+      DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder()
+              .setInfoTypeTransformations(transformations)
+              .build();
+
+      // Combine configurations into a request for the service.
+      ReidentifyContentRequest request = ReidentifyContentRequest.newBuilder()
+              .setParent(LocationName.of(projectId, "global").toString())
+              .setItem(contentItem)
+              .setInspectConfig(inspectConfig)
+              .setReidentifyConfig(deidentifyConfig)
+              .build();
+
+      // Send the request and receive response from the service.
+      ReidentifyContentResponse response = dlp.reidentifyContent(request);
+
+      // Print the results.
+      System.out.println("Text after re-identification: " + response.getItem().getValue());
+    }
+  }
+}
+
+// [END dlp_reidentify_deterministic]
diff --git a/dlp/snippets/src/test/java/dlp/snippets/DeIdentificationTests.java b/dlp/snippets/src/test/java/dlp/snippets/DeIdentificationTests.java
@@ -555,6 +555,17 @@ public void testDeIdentifyWithDeterministicEncryption() throws IOException {
     assertThat(output).contains("Text after de-identification:");
   }
 
+  @Test
+  public void testReIdentifyWithDeterministicEncryption() throws IOException {
+    String textToReIdentify =
+        DeIdenitfyWithDeterministicEncryption.deIdentifyWithDeterministicEncryption(
+            PROJECT_ID, "My SSN is 372819127", WRAPPED_KEY, KMS_KEY_NAME);
+    ReidentifyWithDeterministicEncryption.reIdentifyWithDeterminsiticEncryption(
+        PROJECT_ID, textToReIdentify, WRAPPED_KEY, KMS_KEY_NAME);
+    String output = bout.toString();
+    assertThat(output).contains("Text after re-identification: My SSN is 372819127");
+  }
+  
   @Test
   public void testDeIdentifyWithFpeSurrogate() throws IOException, NoSuchAlgorithmException {
 

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public static void main(String[] args) throws Exception {`
`58`	`58`	`deIdentifyWithDeterministicEncryption(projectId, textToDeIdentify, wrappedKey, kmsKeyName);`
`59`	`59`	`}`
`60`	`60`
`61`		`- public static void deIdentifyWithDeterministicEncryption(`
	`61`	`+ public static String deIdentifyWithDeterministicEncryption(`
`62`	`62`	`String projectId, String textToDeIdentify, String wrappedKey, String key) throws IOException {`
`63`	`63`	`// Initialize client that will be used to send requests. This client only needs to be created`
`64`	`64`	`// once, and can be reused for multiple requests. After completing all of your requests, call`
`@@ -131,6 +131,9 @@ public static void deIdentifyWithDeterministicEncryption(`
`131`	`131`	`// Print the results.`
`132`	`132`	`System.out.println(`
`133`	`133`	`"Text after de-identification: " + response.getItem().getValue());`
	`134`	`+`
	`135`	`+ return response.getItem().getValue();`
	`136`	`+`
`134`	`137`	`}`
`135`	`138`	`}`
`136`	`139`	`}`