Package org.nuxeo.ecm.core.blob

Class AESBlobStoreConfiguration

java.lang.Object

org.nuxeo.ecm.core.blob.PropertyBasedConfiguration

org.nuxeo.ecm.core.blob.AESBlobStoreConfiguration

public class AESBlobStoreConfiguration
extends PropertyBasedConfiguration

Configuration for the AES-encrypted storage of files.

Since:

11.1

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	AES
protected static final String	AES_CBC_PKCS5_PADDING
protected static final String	AES_GCM_NOPADDING
final String	keyAlias
final String	keyPassword
final String	keyStoreFile
final String	keyStorePassword
final String	keyStoreType
final String	password
protected static final int	PBKDF2_ITERATIONS
protected static final int	PBKDF2_KEY_LENGTH
protected static final String	PBKDF2_WITH_HMAC_SHA1
static final String	PROP_COMPAT_KEY
static final String	PROP_KEY_ALIAS
static final String	PROP_KEY_PASSWORD
static final String	PROP_KEY_STORE_FILE
static final String	PROP_KEY_STORE_PASSWORD
static final String	PROP_KEY_STORE_TYPE
static final String	PROP_KEY_USE_INSECURE_CIPHER	If true, use the insecure AES/CBC/PKCS5Padding for encryption.
static final String	PROP_PASSWORD
final boolean	useInsecureCipher
final boolean	usePBKDF2

Fields inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration

properties, systemPropertyPrefix

Constructor Summary

Constructors

Constructor	Description
AESBlobStoreConfiguration(Map<String,String> properties)

Method Summary

Modifier and Type	Method	Description
protected Key	generateSecretKey(byte[] salt)	Generates an AES key from the password using PBKDF2.
protected Cipher	getCipher()
protected AlgorithmParameterSpec	getParameterSpec(byte[] iv)
protected Key	getSecretKey()	Gets the AES key from the keystore.
protected void	parseCompat()

Methods inherited from class org.nuxeo.ecm.core.blob.PropertyBasedConfiguration

getBooleanProperty, getIntProperty, getIntProperty, getLongProperty, getProperty, getProperty

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AES

protected static final String AES

See Also:

• Constant Field Values

PBKDF2_WITH_HMAC_SHA1

protected static final String PBKDF2_WITH_HMAC_SHA1

See Also:

• Constant Field Values

PBKDF2_ITERATIONS

protected static final int PBKDF2_ITERATIONS

See Also:

• Constant Field Values

PBKDF2_KEY_LENGTH

protected static final int PBKDF2_KEY_LENGTH

See Also:

• Constant Field Values

AES_CBC_PKCS5_PADDING

protected static final String AES_CBC_PKCS5_PADDING

See Also:

• Constant Field Values

AES_GCM_NOPADDING

protected static final String AES_GCM_NOPADDING

See Also:

• Constant Field Values

PROP_COMPAT_KEY

public static final String PROP_COMPAT_KEY

See Also:

• Constant Field Values

PROP_PASSWORD

public static final String PROP_PASSWORD

See Also:

• Constant Field Values

PROP_KEY_STORE_TYPE

public static final String PROP_KEY_STORE_TYPE

See Also:

• Constant Field Values

PROP_KEY_STORE_FILE

public static final String PROP_KEY_STORE_FILE

See Also:

• Constant Field Values

PROP_KEY_STORE_PASSWORD

public static final String PROP_KEY_STORE_PASSWORD

See Also:

• Constant Field Values

PROP_KEY_ALIAS

public static final String PROP_KEY_ALIAS

See Also:

• Constant Field Values

PROP_KEY_PASSWORD

public static final String PROP_KEY_PASSWORD

See Also:

• Constant Field Values

PROP_KEY_USE_INSECURE_CIPHER

public static final String PROP_KEY_USE_INSECURE_CIPHER

If true, use the insecure AES/CBC/PKCS5Padding for encryption. The default is false, to use AES/GCM/NoPadding.

See Also:

• Constant Field Values

usePBKDF2

public final boolean usePBKDF2

password

public final String password

keyStoreType

public final String keyStoreType

keyStoreFile

public final String keyStoreFile

keyStorePassword

public final String keyStorePassword

keyAlias

public final String keyAlias

keyPassword

public final String keyPassword

useInsecureCipher

public final boolean useInsecureCipher

Constructor Details

AESBlobStoreConfiguration

public AESBlobStoreConfiguration(Map<String,String> properties)
                          throws IOException

Throws:

IOException

Method Details

parseCompat

protected void parseCompat()

generateSecretKey

protected Key generateSecretKey(byte[] salt)
                         throws GeneralSecurityException

Generates an AES key from the password using PBKDF2.

Parameters:

salt - the salt

Throws:

GeneralSecurityException

getSecretKey

protected Key getSecretKey()
                    throws GeneralSecurityException,
IOException

Gets the AES key from the keystore.

Throws:

GeneralSecurityException

IOException

getCipher

protected Cipher getCipher()
                    throws GeneralSecurityException

Throws:

GeneralSecurityException

getParameterSpec

protected AlgorithmParameterSpec getParameterSpec(byte[] iv)