java.lang.Object
- org.nuxeo.ecm.core.blob.PropertyBasedConfiguration
- - org.nuxeo.ecm.core.blob.AESBlobStoreConfiguration

public class AESBlobStoreConfiguration
extends PropertyBasedConfiguration

Configuration for the AES-encrypted storage of files.

Since:: 11.1

Field Summary

Fields
Modifier and Type	Field	Description
`protected static String`	`AES`
`protected static String`	`AES_CBC_PKCS5_PADDING`
`protected static String`	`AES_GCM_NOPADDING`
`String`	`keyAlias`
`String`	`keyPassword`
`String`	`keyStoreFile`
`String`	`keyStorePassword`
`String`	`keyStoreType`
`String`	`password`
`protected static int`	`PBKDF2_ITERATIONS`
`protected static int`	`PBKDF2_KEY_LENGTH`
`protected static String`	`PBKDF2_WITH_HMAC_SHA1`
`static String`	`PROP_COMPAT_KEY`
`static String`	`PROP_KEY_ALIAS`
`static String`	`PROP_KEY_PASSWORD`
`static String`	`PROP_KEY_STORE_FILE`
`static String`	`PROP_KEY_STORE_PASSWORD`
`static String`	`PROP_KEY_STORE_TYPE`
`static String`	`PROP_KEY_USE_INSECURE_CIPHER`	If `true`, use the insecure AES/CBC/PKCS5Padding for encryption.
`static String`	`PROP_PASSWORD`
`boolean`	`useInsecureCipher`
`boolean`	`usePBKDF2`

Fields inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration
properties, systemPropertyPrefix

Constructor Summary

Constructors
Constructor Description

AESBlobStoreConfiguration(Map<String,String> properties)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected Key`	`generateSecretKey(byte[] salt)`	Generates an AES key from the password using PBKDF2.
`protected Cipher`	`getCipher()`
`protected AlgorithmParameterSpec`	`getParameterSpec(byte[] iv)`
`protected Key`	`getSecretKey()`	Gets the AES key from the keystore.
`protected void`	`parseCompat()`

Methods inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration
getBooleanProperty, getIntProperty, getIntProperty, getLongProperty, getProperty, getProperty

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AES
```
protected static final String AES
```
See Also:

Constant Field Values

PBKDF2_WITH_HMAC_SHA1

protected static final String PBKDF2_WITH_HMAC_SHA1

See Also:: Constant Field Values

PBKDF2_ITERATIONS
```
protected static final int PBKDF2_ITERATIONS
```
See Also:

Constant Field Values

PBKDF2_KEY_LENGTH
```
protected static final int PBKDF2_KEY_LENGTH
```
See Also:

Constant Field Values

AES_CBC_PKCS5_PADDING

protected static final String AES_CBC_PKCS5_PADDING

See Also:: Constant Field Values

AES_GCM_NOPADDING

protected static final String AES_GCM_NOPADDING

See Also:: Constant Field Values

PROP_COMPAT_KEY

public static final String PROP_COMPAT_KEY

See Also:: Constant Field Values

PROP_PASSWORD

public static final String PROP_PASSWORD

See Also:: Constant Field Values

PROP_KEY_STORE_TYPE

public static final String PROP_KEY_STORE_TYPE

See Also:: Constant Field Values

PROP_KEY_STORE_FILE

public static final String PROP_KEY_STORE_FILE

See Also:: Constant Field Values

PROP_KEY_STORE_PASSWORD

public static final String PROP_KEY_STORE_PASSWORD

See Also:: Constant Field Values

PROP_KEY_ALIAS

public static final String PROP_KEY_ALIAS

See Also:: Constant Field Values

PROP_KEY_PASSWORD

public static final String PROP_KEY_PASSWORD

See Also:: Constant Field Values

PROP_KEY_USE_INSECURE_CIPHER
```
public static final String PROP_KEY_USE_INSECURE_CIPHER
```
If true, use the insecure AES/CBC/PKCS5Padding for encryption. The default is false, to use AES/GCM/NoPadding.

See Also:

Constant Field Values

usePBKDF2
```
public final boolean usePBKDF2
```

password
```
public final String password
```

keyStoreType
```
public final String keyStoreType
```

keyStoreFile
```
public final String keyStoreFile
```

keyStorePassword
```
public final String keyStorePassword
```

keyAlias
```
public final String keyAlias
```

keyPassword
```
public final String keyPassword
```

useInsecureCipher
```
public final boolean useInsecureCipher
```

Constructor Detail

AESBlobStoreConfiguration

public AESBlobStoreConfiguration(Map<String,String> properties)
                          throws IOException

Throws:: IOException

Method Detail

parseCompat
```
protected void parseCompat()
```

generateSecretKey
```
protected Key generateSecretKey(byte[] salt)
                         throws GeneralSecurityException
```
Generates an AES key from the password using PBKDF2.

Parameters:

salt - the salt

Throws:

GeneralSecurityException

getSecretKey

protected Key getSecretKey()
                    throws GeneralSecurityException,
                           IOException

Gets the AES key from the keystore.

Throws:: GeneralSecurityException; IOException

getCipher

protected Cipher getCipher()
                    throws GeneralSecurityException

Throws:: GeneralSecurityException

getParameterSpec

protected AlgorithmParameterSpec getParameterSpec(byte[] iv)

Class AESBlobStoreConfiguration

Field Summary

Fields inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration

Constructor Summary

Method Summary

Methods inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration

Methods inherited from class java.lang.Object

Field Detail

AES

PBKDF2_WITH_HMAC_SHA1

PBKDF2_ITERATIONS

PBKDF2_KEY_LENGTH

AES_CBC_PKCS5_PADDING

AES_GCM_NOPADDING

PROP_COMPAT_KEY

PROP_PASSWORD

PROP_KEY_STORE_TYPE

PROP_KEY_STORE_FILE

PROP_KEY_STORE_PASSWORD

PROP_KEY_ALIAS

PROP_KEY_PASSWORD

PROP_KEY_USE_INSECURE_CIPHER

usePBKDF2

password

keyStoreType

keyStoreFile

keyStorePassword

keyAlias

keyPassword

useInsecureCipher

Constructor Detail

AESBlobStoreConfiguration

Method Detail

parseCompat

generateSecretKey

getSecretKey

getCipher

getParameterSpec