Class DefaultContentEncryptionService
- java.lang.Object
-
- org.silverpeas.core.security.encryption.DefaultContentEncryptionService
-
- All Implemented Interfaces:
ContentEncryptionService
@Service @Named("contentEncryptionService") public class DefaultContentEncryptionService extends Object implements ContentEncryptionService
It is the default implementation of theContentEncryptionService
interface in Silverpeas.This implementation manages the encryption of the content with the AES-256 cipher and it stores the cipher key into a file after encrypting it with another cryptographic algorithm, CAST-128 (a CAST5 cipher), in order to protect it. The two keys are set together in the key file which is located in an hidden directory. The key file is hidden and readonly.
It manages the cipher key by maintaining both the actual cipher key used to encrypt and decrypt the content and the previous one so that the cipher of some old contents can be renewed with the new key after decrypting them with the old key.
This implementation used two additional classes to perform its task: the
ConcurrentEncryptionTaskExecutor
class to ensure the execution of the different methods are done by following the concurrency policy expected by theContentEncryptionService
interface, and theCryptographicTask
class to represent a encryption or a decryption of contents provided by some content iterators (they implement theEncryptionContentIterator
interface).
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
DefaultContentEncryptionService()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String[]
decryptContent(String... encryptedContentParts)
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.Map<String,String>
decryptContent(Map<String,String> encryptedContent)
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.protected static Map<String,String>
decryptContent(Map<String,String> encryptedContent, Cipher cipher, CipherKey key)
Decrypts the specified content by using the specified cipher with the specified cipher key.void
decryptContents(EncryptionContentIterator... iterators)
Decrypts the encrypted contents provided by the specified iterators.String[]
encryptContent(String... contentParts)
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.Map<String,String>
encryptContent(Map<String,String> content)
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.protected static Map<String,String>
encryptContent(Map<String,String> content, Cipher cipher, CipherKey key)
Encrypts the specified content by using the specified cipher with the specified cipher key.void
encryptContents(EncryptionContentIterator... iterators)
Encrypts the contents provided by the specified iterators.protected static CipherKey
getActualCipherKey()
Gets the actual cipher key to use in the content encryption/decryption.protected static Cipher
getCipherForContentEncryption()
Gets the cipher to use to encrypt/decrypt a content.protected static CipherKey
getPreviousCipherKey()
Gets the previous cipher key that was used in the content encryption/decryption.boolean
isCipherKeyDefined()
Checks if a key is defined and so if content can be encryptedvoid
registerForContentCiphering(EncryptionContentIterator iterator)
Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.void
renewCipherOfContents(EncryptionContentIterator... iterators)
Renews explicitly the cipher of the contents provided by the specified iterators.void
updateCipherKey(String key)
Updates the key to use to encrypt and to decrypt the enciphered content.
-
-
-
Method Detail
-
registerForContentCiphering
public void registerForContentCiphering(EncryptionContentIterator iterator)
Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.This method is dedicated to the content management service for providing to the content encryption services a way to access the encrypted contents they manage in order to encrypt them (for a new encryption key) or to renew their cipher when the encryption key is updated.
- Specified by:
registerForContentCiphering
in interfaceContentEncryptionService
- Parameters:
iterator
- a provider of encrypted content in the form of aEncryptionContentIterator
iterator.
-
updateCipherKey
public void updateCipherKey(String key) throws CryptoException
Updates the key to use to encrypt and to decrypt the enciphered content. The key must be in hexadecimal and sized in 256 bits otherwise an AssertionError will be thrown. If no previous key existed, then the cipher key will be created with the specified one and it will be used to encrypt and to decrypt at the demand the content in Silverpeas.The update of the key triggers automatically the renew of the cipher of the encrypted contents in Silverpeas with the new cipher key. If one of the cipher renew of one of the encrypted content failed, the key update is rolled-back (the key isn't updated).
The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.
- Specified by:
updateCipherKey
in interfaceContentEncryptionService
- Parameters:
key
- the new symmetric key in hexadecimal.- Throws:
CryptoException
- if an error while renewing the cipher of the encrypted contents with the new cipher key.
-
encryptContent
public String[] encryptContent(String... contentParts) throws CryptoException
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.- Specified by:
encryptContent
in interfaceContentEncryptionService
- Parameters:
contentParts
- either the different part of a content to encrypt or several single textual contents to encrypt.If the encryption key is is being updated, an IllegalStateException is thrown.
- Returns:
- an array with the different parts of the content, encrypted and in base64, in the same order they were passed as argument of this method.
- Throws:
CryptoException
- the encryption of one of the content (or content part) failed.
-
encryptContent
public Map<String,String> encryptContent(Map<String,String> content) throws CryptoException
Encrypts the specified content by using the encryption key that was set with theupdateCipherKey(String)
method.The content is here in the form of a Map instance in which each entry represents a field or a property of the content. The method returns also a Map with, for each entry, the field or the property encrypted and in base64.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Specified by:
encryptContent
in interfaceContentEncryptionService
- Parameters:
content
- the content to encrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to encrypt.- Returns:
- a Map with the different field/property of the content encrypted.
- Throws:
CryptoException
- the encryption of the content failed.
-
encryptContents
public void encryptContents(EncryptionContentIterator... iterators) throws CryptoException
Encrypts the contents provided by the specified iterators.This method is for encrypting in batch several and possibly different contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Specified by:
encryptContents
in interfaceContentEncryptionService
- Parameters:
iterators
- the iterators on the contents to encrypt.- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
decryptContent
public String[] decryptContent(String... encryptedContentParts) throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.- Specified by:
decryptContent
in interfaceContentEncryptionService
- Parameters:
encryptedContentParts
- either the different part of an encrypted content to decrypt or several single encrypted textual contents to decrypt.If the encryption key is is being updated, an IllegalStateException is thrown.
- Returns:
- an array with the different parts of the decrypted content in the same order they were passed as argument of this method.
- Throws:
CryptoException
- the decryption of one of the encrypted content (or content part) failed.
-
decryptContent
public Map<String,String> decryptContent(Map<String,String> encryptedContent) throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with theupdateCipherKey(String)
method.The encrypted content is here in the form of a Map instance in which each entry represents a field or a property of the encrypted content. The method returns also a Map with, for each entry, the field or the property decrypted.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Specified by:
decryptContent
in interfaceContentEncryptionService
- Parameters:
encryptedContent
- the content to decrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to decrypt.- Returns:
- a Map with the different field/property of the content decrypted.
- Throws:
CryptoException
- the decryption of the content failed.
-
decryptContents
public void decryptContents(EncryptionContentIterator... iterators) throws CryptoException
Decrypts the encrypted contents provided by the specified iterators.This method is for decrypting in batch several and possibly different encrypted contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.
If the encryption key is is being updated, an IllegalStateException is thrown.
- Specified by:
decryptContents
in interfaceContentEncryptionService
- Parameters:
iterators
- the iterators on the contents to decrypt.- Throws:
CryptoException
- either no valid encryption key has been set or the decryption of the content failed.
-
renewCipherOfContents
public void renewCipherOfContents(EncryptionContentIterator... iterators) throws CryptoException
Renews explicitly the cipher of the contents provided by the specified iterators.This method is mainly for encrypted contents for which the renew of their cipher has failed when the encryption key has been updated.
The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.
If it doesn't exist a previous encryption key required to decrypt the contents before encrypting them with the actual encryption key, then nothing is performed by this method and it will return silently.
- Specified by:
renewCipherOfContents
in interfaceContentEncryptionService
- Parameters:
iterators
- the iterators on the encrypted contents for which their cipher has to be renewed.- Throws:
CryptoException
- if an error occurs while renewing the cipher of the contents with the actual encryption key.
-
encryptContent
protected static Map<String,String> encryptContent(Map<String,String> content, Cipher cipher, CipherKey key) throws CryptoException
Encrypts the specified content by using the specified cipher with the specified cipher key.- Parameters:
content
- the content to encrypt in the form of aMap
in which each entry is a property or a field of the content.cipher
- the cipher to encrypt the content.key
- the cipher key.- Returns:
- the encrypted content.
- Throws:
CryptoException
- if an error occurs while encrypting the content.
-
decryptContent
protected static Map<String,String> decryptContent(Map<String,String> encryptedContent, Cipher cipher, CipherKey key) throws CryptoException
Decrypts the specified content by using the specified cipher with the specified cipher key.- Parameters:
encryptedContent
- the encrypted content to decrypt in the form of aMap
in which each entry is a property or a field of the content.cipher
- the cipher to decrypt the content.key
- the cipher key.- Returns:
- the decrypted content.
- Throws:
CryptoException
- if an error occurs while decrypting the content.
-
getActualCipherKey
protected static CipherKey getActualCipherKey() throws CryptoException
Gets the actual cipher key to use in the content encryption/decryption.- Returns:
- the asked cipher key.
- Throws:
CryptoException
- if the cipher key cannot be get.
-
getPreviousCipherKey
protected static CipherKey getPreviousCipherKey() throws CryptoException
Gets the previous cipher key that was used in the content encryption/decryption.- Returns:
- the asked cipher key.
- Throws:
CryptoException
- if the cipher key cannot be get.
-
getCipherForContentEncryption
protected static Cipher getCipherForContentEncryption()
Gets the cipher to use to encrypt/decrypt a content.- Returns:
- the cipher used in the content encryption.
-
isCipherKeyDefined
public boolean isCipherKeyDefined()
Description copied from interface:ContentEncryptionService
Checks if a key is defined and so if content can be encrypted- Specified by:
isCipherKeyDefined
in interfaceContentEncryptionService
- Returns:
- true if the key exist and it is valid
-
-