001/* 002 * (C) Copyright 2006-2019 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Florent Guillaume 018 */ 019package org.nuxeo.ecm.core.blob; 020 021import java.io.IOException; 022import java.util.Map; 023 024import org.nuxeo.ecm.core.blob.AESBlobStore.EncryptingOutputStream; 025 026/** 027 * A blob provider that encrypts binaries on the filesystem using AES. 028 * <p> 029 * To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password 030 * using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format 031 * is described in {@link EncryptingOutputStream}. 032 * <p> 033 * The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used 034 * to generate a per-file key using PBKDF2. 035 * <p> 036 * For keystore use, the following properties are available: 037 * <ul> 038 * <li>keyStoreType: the keystore type, for instance JCEKS 039 * <li>keyStoreFile: the path to the keystore, if applicable 040 * <li>keyStorePassword: the keystore password 041 * <li>keyAlias: the alias (name) of the key in the keystore 042 * <li>keyPassword: the key password 043 * </ul> 044 * <p> 045 * And for PBKDF2 use: 046 * <ul> 047 * <li>password: the password 048 * </ul> 049 * <p> 050 * For backward compatibility, the properties can also be included in the 051 * {@code <property name="key">prop1=value1,prop2=value2,...</property>} of the blob provider configuration. 052 * 053 * @since 11.1 054 */ 055public class AESBlobProvider extends LocalBlobProvider { 056 057 protected AESBlobStoreConfiguration aesConfig; 058 059 @Override 060 protected BlobStore getBlobStore(String blobProviderId, Map<String, String> properties) throws IOException { 061 aesConfig = new AESBlobStoreConfiguration(properties); 062 return super.getBlobStore(blobProviderId, properties); 063 } 064 065 @Override 066 protected BlobStore newBlobStore(String name, KeyStrategy keyStrategy, PathStrategy pathStrategy) { 067 return new AESBlobStore(name, keyStrategy, pathStrategy, aesConfig); 068 } 069 070}