public class AESBinaryManager extends LocalBinaryManager
The BinaryManagerDescriptor
configuration holds the keystore information to retrieve the AES key, or the
password that is used to generate a per-file key using PBKDF2. This configuration comes from the
<binaryManager key="...">
of the repository configuration.
The configuration has the form key1=value1,key2=value2,...
where the possible keys are, for keystore use:
And for PBKDF2 use:
To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password
using PBKDF2 (in which case each stored file contains a different salt for security reasons). The file format is
described in storeAndDigest(InputStream, OutputStream)
.
While the binary is being used by the application, a temporarily-decrypted file is held in a temporary directory. It is removed as soon as possible.
Note: if the Java Cryptographic Extension (JCE) is not configured for 256-bit key length, you may get an exception "java.security.InvalidKeyException: Illegal key size or default parameters". If this is the case, go to Oracle Java SE Downloads and download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK.
Modifier and Type | Class and Description |
---|---|
static class |
AESBinaryManager.CipherAndDigestOutputStream
A
CipherOutputStream that also does a digest of the original stream at
the same time. |
LocalBinaryManager.DefaultBinaryGarbageCollector
CONFIG_FILE, DATA, DEFAULT_PATH, TMP
DEFAULT_DEPTH, DEFAULT_DIGEST, MAX_BUF_SIZE, MIN_BUF_SIZE
Constructor and Description |
---|
AESBinaryManager() |
Modifier and Type | Method and Description |
---|---|
Binary |
getBinary(String digest)
Returns a
Binary corresponding to the given digest. |
void |
initialize(BinaryManagerDescriptor binaryManagerDescriptor)
Initializer.
|
String |
storeAndDigest(InputStream in,
OutputStream out)
Encrypts the given input stream into the given output stream, while also computing the digest of the input
stream.
|
close, getFileForDigest, getStorageDir, touch
getBinary, getGarbageCollector, toHexString
public void initialize(BinaryManagerDescriptor binaryManagerDescriptor) throws IOException
BinaryManager
initialize
in interface BinaryManager
initialize
in class LocalBinaryManager
IOException
public Binary getBinary(String digest)
BinaryManager
Binary
corresponding to the given digest.
A null
is returned if the digest could not be found.
getBinary
in interface BinaryManager
getBinary
in class LocalBinaryManager
digest
- the digest, or null
public String storeAndDigest(InputStream in, OutputStream out) throws IOException
File format version 1 (values are in network order):
in
- the input stream containing the datafile
- the file containing the encrypted dataIOException
Copyright © 2015 Nuxeo SA. All rights reserved.