Package org.nuxeo.ecm.core.blob
Class AESBlobProvider
java.lang.Object
org.nuxeo.ecm.core.blob.AbstractBlobProvider
org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
org.nuxeo.ecm.core.blob.LocalBlobProvider
org.nuxeo.ecm.core.blob.AESBlobProvider
- All Implemented Interfaces:
BlobProvider
A blob provider that encrypts binaries on the filesystem using AES.
To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password
using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format
is described in AESBlobStore.EncryptingOutputStream.
The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.
For keystore use, the following properties are available:
- keyStoreType: the keystore type, for instance JCEKS
- keyStoreFile: the path to the keystore, if applicable
- keyStorePassword: the keystore password
- keyAlias: the alias (name) of the key in the keystore
- keyPassword: the key password
And for PBKDF2 use:
- password: the password
For backward compatibility, the properties can also be included in the
<property name="key">prop1=value1,prop2=value2,...</property> of the blob provider configuration.
- Since:
- 11.1
-
Nested Class Summary
Nested classes/interfaces inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
BlobStoreBlobProvider.AutoDeleteFileInputStream -
Field Summary
FieldsFields inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
config, STORE_SCROLL_NAMEFields inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
DIGEST_KEY_STRATEGY, KEY_STRATEGY_PROPERTY, MANAGED_KEY_STRATEGY, storeFields inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
blobProviderId, properties -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected BlobStoregetBlobStore(String blobProviderId, Map<String, String> properties) protected BlobStorenewBlobStore(String name, KeyStrategy keyStrategy, PathStrategy pathStrategy) Methods inherited from class org.nuxeo.ecm.core.blob.LocalBlobProvider
close, getDigestAlgorithm, getStorageDir, getStoreScrollNameMethods inherited from class org.nuxeo.ecm.core.blob.BlobStoreBlobProvider
allowDirectDownload, deleteBlob, fixupDigest, getBinaryGarbageCollector, getFile, getKeyStrategy, getStream, getStream, initialize, isValidKey, readBlob, stripBlobKeyPrefix, stripBlobKeyVersionSuffix, supportsSync, updateBlob, writeBlob, writeBlobMethods inherited from class org.nuxeo.ecm.core.blob.AbstractBlobProvider
allowByteRange, getProperties, hasCreateFromKeyPermission, isColdStorageMode, isRecordMode, isTransactional, isTransient, supportsUserUpdate, supportsUserUpdateDefaultFalse, supportsUserUpdateDefaultTrueMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.nuxeo.ecm.core.blob.BlobProvider
canConvert, getAppLinks, getAvailableConversions, getBinaryManager, getStatus, getThumbnail, getURI, isVersion, performsExternalAccessControl, readBlob
-
Field Details
-
aesConfig
-
-
Constructor Details
-
AESBlobProvider
public AESBlobProvider()
-
-
Method Details
-
getBlobStore
protected BlobStore getBlobStore(String blobProviderId, Map<String, String> properties) throws IOException- Overrides:
getBlobStorein classLocalBlobProvider- Throws:
IOException
-
newBlobStore
- Overrides:
newBlobStorein classLocalBlobProvider
-