public class AESBinaryManager extends LocalBinaryManager
The BinaryManagerDescriptor
configuration holds the keystore
information to retrieve the AES key, or the password that is used to generate
a per-file key using PBKDF2. This configuration comes from the
<binaryManager key="...">
of the repository configuration.
The configuration has the form key1=value1,key2=value2,...
where the
possible keys are, for keystore use:
And for PBKDF2 use:
To encrypt a binary, an AES key is needed. This key can be retrieved from a
keystore, or generated from a password using PBKDF2 (in which case each
stored file contains a different salt for security reasons). The file format
is described in storeAndDigest(InputStream, OutputStream)
.
While the binary is being used by the application, a temporarily-decrypted file is held in a temporary directory. It is removed as soon as possible.
Note: if the Java Cryptographic Extension (JCE) is not configured for 256-bit key length, you may get an exception "java.security.InvalidKeyException: Illegal key size or default parameters". If this is the case, go to Oracle Java SE Downloads and download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK.
Modifier and Type | Class and Description |
---|---|
static class |
AESBinaryManager.CipherAndDigestOutputStream
A
CipherOutputStream that also
does a digest of the original stream at the same time. |
LocalBinaryManager.DefaultBinaryGarbageCollector
AbstractBinaryManager.NullBinaryScrambler, AbstractBinaryManager.ScrambledBinary, AbstractBinaryManager.ScrambledFileInputStream, AbstractBinaryManager.ScrambledStreamSource
CONFIG_FILE, DATA, DEFAULT_PATH, TMP
DEFAULT_DEPTH, DEFAULT_DIGEST, MAX_BUF_SIZE, MIN_BUF_SIZE
Constructor and Description |
---|
AESBinaryManager() |
Modifier and Type | Method and Description |
---|---|
Binary |
getBinary(InputStream in)
Saves the given input stream into a
Binary . |
Binary |
getBinary(String digest)
Returns a
Binary corresponding to the given digest. |
void |
initialize(BinaryManagerDescriptor binaryManagerDescriptor)
Initializer.
|
String |
storeAndDigest(InputStream in,
OutputStream out)
Encrypts the given input stream into the given output stream, while also
computing the digest of the input stream.
|
close, getFileForDigest, getStorageDir, touch
getGarbageCollector, toHexString
public void initialize(BinaryManagerDescriptor binaryManagerDescriptor) throws IOException
BinaryManager
initialize
in interface BinaryManager
initialize
in class LocalBinaryManager
IOException
public Binary getBinary(InputStream in) throws IOException
BinaryManager
Binary
.
Returns a Binary
representing the stream. The Binary
includes a digest that is a sufficient representation to persist it.
The stream is closed after use.
getBinary
in interface BinaryManager
getBinary
in class LocalBinaryManager
in
- the input streamIOException
public Binary getBinary(String digest)
BinaryManager
Binary
corresponding to the given digest.
A null
is returned if the digest could not be found.
getBinary
in interface BinaryManager
getBinary
in class LocalBinaryManager
digest
- the digest, or null
public String storeAndDigest(InputStream in, OutputStream out) throws IOException
File format version 1 (values are in network order):
in
- the input stream containing the datafile
- the file containing the encrypted dataIOException
Copyright © 2014 Nuxeo SA. All rights reserved.