Package org.nuxeo.ecm.core.blob
Class AESBlobProvider
- java.lang.Object
-
- org.nuxeo.ecm.core.blob.AbstractBlobProvider
-
- org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
-
- org.nuxeo.ecm.core.blob.LocalBlobProvider
-
- org.nuxeo.ecm.core.blob.AESBlobProvider
-
- All Implemented Interfaces:
BlobProvider
public class AESBlobProvider extends LocalBlobProvider
A blob provider that encrypts binaries on the filesystem using AES.To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format is described in
AESBlobStore.EncryptingOutputStream.The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.
For keystore use, the following properties are available:
- keyStoreType: the keystore type, for instance JCEKS
- keyStoreFile: the path to the keystore, if applicable
- keyStorePassword: the keystore password
- keyAlias: the alias (name) of the key in the keystore
- keyPassword: the key password
And for PBKDF2 use:
- password: the password
For backward compatibility, the properties can also be included in the
<property name="key">prop1=value1,prop2=value2,...</property>of the blob provider configuration.- Since:
- 11.1
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
BlobStoreBlobProvider.AutoDeleteFileInputStream
-
-
Field Summary
Fields Modifier and Type Field Description protected AESBlobStoreConfigurationaesConfig-
Fields inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
config, STORE_SCROLL_NAME
-
Fields inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
DIGEST_KEY_STRATEGY, KEY_STRATEGY_PROPERTY, MANAGED_KEY_STRATEGY, store
-
Fields inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
blobProviderId, properties
-
-
Constructor Summary
Constructors Constructor Description AESBlobProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected BlobStoregetBlobStore(String blobProviderId, Map<String,String> properties)protected BlobStorenewBlobStore(String name, KeyStrategy keyStrategy, PathStrategy pathStrategy)-
Methods inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
close, getDigestAlgorithm, getStorageDir, getStoreScrollName
-
Methods inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
allowDirectDownload, deleteBlob, fixupDigest, getBinaryGarbageCollector, getBinaryManager, getFile, getKeyStrategy, getStream, getStream, initialize, isValidKey, readBlob, stripBlobKeyPrefix, stripBlobKeyVersionSuffix, supportsSync, updateBlob, writeBlob, writeBlob
-
Methods inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
allowByteRange, getProperties, hasCreateFromKeyPermission, isColdStorageMode, isRecordMode, isTransactional, isTransient, supportsUserUpdate, supportsUserUpdateDefaultFalse, supportsUserUpdateDefaultTrue
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.nuxeo.ecm.core.blob.BlobProvider
canConvert, getAppLinks, getAvailableConversions, getStatus, getThumbnail, getURI, isVersion, performsExternalAccessControl, readBlob
-
-
-
-
Field Detail
-
aesConfig
protected AESBlobStoreConfiguration aesConfig
-
-
Method Detail
-
getBlobStore
protected BlobStore getBlobStore(String blobProviderId, Map<String,String> properties) throws IOException
- Overrides:
getBlobStorein classLocalBlobProvider- Throws:
IOException
-
newBlobStore
protected BlobStore newBlobStore(String name, KeyStrategy keyStrategy, PathStrategy pathStrategy)
- Overrides:
newBlobStorein classLocalBlobProvider
-
-