Package org.nuxeo.ecm.core.blob
Class AESBlobProvider
java.lang.Object
org.nuxeo.ecm.core.blob.AbstractBlobProvider
org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
org.nuxeo.ecm.core.blob.LocalBlobProvider
org.nuxeo.ecm.core.blob.AESBlobProvider
- All Implemented Interfaces:
BlobProvider
A blob provider that encrypts binaries on the filesystem using AES.
To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password
using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format
is described in AESBlobStore.EncryptingOutputStream
.
The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.
For keystore use, the following properties are available:
- keyStoreType: the keystore type, for instance JCEKS
- keyStoreFile: the path to the keystore, if applicable
- keyStorePassword: the keystore password
- keyAlias: the alias (name) of the key in the keystore
- keyPassword: the key password
And for PBKDF2 use:
- password: the password
For backward compatibility, the properties can also be included in the
<property name="key">prop1=value1,prop2=value2,...</property>
of the blob provider configuration.
- Since:
- 11.1
-
Nested Class Summary
Nested classes/interfaces inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
BlobStoreBlobProvider.AutoDeleteFileInputStream
-
Field Summary
Fields inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
config, STORE_SCROLL_NAME
Fields inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
DIGEST_KEY_STRATEGY, KEY_STRATEGY_PROPERTY, MANAGED_KEY_STRATEGY, store
Fields inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
blobProviderId, properties
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected BlobStore
getBlobStore
(String blobProviderId, Map<String, String> properties) protected BlobStore
newBlobStore
(String name, KeyStrategy keyStrategy, PathStrategy pathStrategy) Methods inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
close, getDigestAlgorithm, getStorageDir, getStoreScrollName
Methods inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
allowDirectDownload, deleteBlob, fixupDigest, getBinaryGarbageCollector, getFile, getKeyStrategy, getStream, getStream, initialize, isValidKey, readBlob, stripBlobKeyPrefix, stripBlobKeyVersionSuffix, supportsSync, updateBlob, writeBlob, writeBlob
Methods inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
allowByteRange, getProperties, hasCreateFromKeyPermission, isColdStorageMode, isRecordMode, isTransactional, isTransient, supportsUserUpdate, supportsUserUpdateDefaultFalse, supportsUserUpdateDefaultTrue
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.nuxeo.ecm.core.blob.BlobProvider
canConvert, getAppLinks, getAvailableConversions, getBinaryManager, getStatus, getThumbnail, getURI, isVersion, performsExternalAccessControl, readBlob
-
Field Details
-
aesConfig
-
-
Constructor Details
-
AESBlobProvider
public AESBlobProvider()
-
-
Method Details
-
getBlobStore
protected BlobStore getBlobStore(String blobProviderId, Map<String, String> properties) throws IOException- Overrides:
getBlobStore
in classLocalBlobProvider
- Throws:
IOException
-
newBlobStore
- Overrides:
newBlobStore
in classLocalBlobProvider
-