Interface ContentEncryptionService
-
- All Known Implementing Classes:
DefaultContentEncryptionService
public interface ContentEncryptionService
It is a security service for protecting content from an access in plain data. The service provides the encryption and the decryption of content by using a symmetric-key cryptographic algorithm for which it manages the key.The implementation of this service must be accessible within an IoC container under the name "contentEncryptionService".
This service doesn't maintain the knowledge of the contents that were encrypted; it is not of its responsibility. Therefore, when the encryption key is created or updated, it is the responsibility of the content management services to provide this service the encrypted contents they manage. For doing, it provides them an interface to register a content provider in the form of an
EncryptionContentIterator
object. These iterators will be then used directly by the content encryption service to create or to renew their cipher when the key is created or updated.When the encryption key is created or updated, all of the encryption and decryption capabilities are then locked. If a call is performed to one of this service's methods, an
IllegalStateException
is thrown.- Author:
- mmoquillon
-
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Modifier and Type Method Description String[]
decryptContent(String... encryptedContentParts)
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.Map<String,String>
decryptContent(Map<String,String> encryptedContent)
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.void
decryptContents(EncryptionContentIterator... iterators)
Decrypts the encrypted contents provided by the specified iterators.String[]
encryptContent(String... contentParts)
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.Map<String,String>
encryptContent(Map<String,String> content)
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.void
encryptContents(EncryptionContentIterator... iterators)
Encrypts the contents provided by the specified iterators.static ContentEncryptionService
get()
Gets an instance of aContentEncryptionService
.boolean
isCipherKeyDefined()
Checks if a key is defined and so if content can be encryptedvoid
registerForContentCiphering(EncryptionContentIterator iterator)
Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.void
renewCipherOfContents(EncryptionContentIterator... iterators)
Renews explicitly the cipher of the contents provided by the specified iterators.void
updateCipherKey(String key)
Updates the key to use to encrypt and to decrypt the enciphered content.
-
-
-
Method Detail
-
get
static ContentEncryptionService get()
Gets an instance of aContentEncryptionService
.- Returns:
- a
ContentEncryptionService
object.
-
decryptContent
String[] decryptContent(String... encryptedContentParts) throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.- Parameters:
encryptedContentParts
- either the different part of an encrypted content to decrypt or several single encrypted textual contents to decrypt.If the encryption key is in being updated, an IllegalStateException is thrown.
- Returns:
- an array with the different parts of the decrypted content in the same order they were passed as argument of this method.
- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of one of the encrypted content (or content part) failed
-
decryptContent
Map<String,String> decryptContent(Map<String,String> encryptedContent) throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.The encrypted content is here in the form of a Map instance in which each entry represents a field or a property of the encrypted content. The method returns also a Map with, for each entry, the field or the property decrypted.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Parameters:
encryptedContent
- the content to decrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to decrypt.- Returns:
- a Map with the different field/property of the content decrypted.
- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
decryptContents
void decryptContents(EncryptionContentIterator... iterators) throws CryptoException
Decrypts the encrypted contents provided by the specified iterators.This method is for decrypting in batch several and possibly different encrypted contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Parameters:
iterators
- the iterators on the contents to decrypt.- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
encryptContent
String[] encryptContent(String... contentParts) throws CryptoException
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.- Parameters:
contentParts
- either the different part of a content to encrypt or several single textual contents to encrypt.If the encryption key is is being updated, an IllegalStateException is thrown.
- Returns:
- an array with the different parts of the content, encrypted and in base64, in the same order they were passed as argument of this method.
- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of one of the contents (or content part) failed.
-
encryptContent
Map<String,String> encryptContent(Map<String,String> content) throws CryptoException
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.The content is here in the form of a Map instance in which each entry represents a field or a property of the content. The method returns also a Map with, for each entry, the field or the property encrypted and in base64.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Parameters:
content
- the content to encrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to encrypt.- Returns:
- a Map with the different field/property of the content encrypted.
- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
encryptContents
void encryptContents(EncryptionContentIterator... iterators) throws CryptoException
Encrypts the contents provided by the specified iterators.This method is for encrypting in batch several and possibly different contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Parameters:
iterators
- the iterators on the contents to encrypt.- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
registerForContentCiphering
void registerForContentCiphering(EncryptionContentIterator iterator)
Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.This method is dedicated to the content management service for providing to the content encryption services a way to access the encrypted contents they manage in order to renew their cipher when the encryption key is updated.
- Parameters:
iterator
- a provider of encrypted content in the form of aEncryptionContentIterator
iterator.
-
renewCipherOfContents
void renewCipherOfContents(EncryptionContentIterator... iterators) throws CryptoException
Renews explicitly the cipher of the contents provided by the specified iterators.This method is mainly for encrypted contents for which the renew of their cipher has failed when the encryption key has been updated.
The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.
If it doesn't exist a previous encryption key required to decrypt the contents before encrypting them with the actual encryption key, then nothing is performed by this method and it will return silently.
- Parameters:
iterators
- the iterators on the encrypted contents for which their cipher has to be renewed.- Throws:
CipherKeyUpdateException
- if the replace of the cipher key has failed.CryptoException
- if an error while renewing the cipher of the encrypted contents with the new cipher key.
-
updateCipherKey
void updateCipherKey(String key) throws CryptoException
Updates the key to use to encrypt and to decrypt the enciphered content. The key must be in hexadecimal otherwise an AssertionError will be thrown. If no previous key existed, then the cipher key will be created with this specified one and it will be used to encrypt and to decrypt at the demand the content in Silverpeas.The update of the key triggers automatically the renew of the cipher of the encrypted contents in Silverpeas with the new cipher key. If one of the cipher renew of one of the encrypted content failed, the key update is rolled-back (the key isn't updated) and a
CryptoException
is thrown.The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.
- Parameters:
key
- the new symmetric key in hexadecimal.- Throws:
CipherKeyUpdateException
- if the update of the cipher key has failed.CryptoException
- if an error while renewing the cipher of the encrypted contents with the new cipher key.
-
isCipherKeyDefined
boolean isCipherKeyDefined()
Checks if a key is defined and so if content can be encrypted- Returns:
- true if the key exist and it is valid
-
-