Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.silverpeas.util.security
Class DefaultContentEncryptionService

java.lang.Object
  extended by com.silverpeas.util.security.DefaultContentEncryptionService
All Implemented Interfaces:
ContentEncryptionService
@Named(value="contentEncryptionService")
public class DefaultContentEncryptionService
extends Object
implements ContentEncryptionService

It is the default implementation of the ContentEncryptionService interface in Silverpeas.

This implementation manages the encryption of the content with the AES-256 cipher and it stores the cipher key into a file after encrypting it with another cryptographic algorithm, CAST-128 (a CAST5 cipher), in order to protect it. The two keys are set together in the key file which is located in an hidden directory. The key file is hidden and readonly.

It manages the cipher key by maintening both the actual cipher key used to encrypt and decrypt the content and the previous one so that the cipher of some old contents can be renewed with the new key after decrypting them with the old key.

This implementation used two additional classes to perform its task: the ConcurrentEncryptionTaskExecutor class to ensure the execution of the different methods are done by following the concurrency policy expected by the ContentEncryptionService interface, and the CryptographicTask class to represent a encryption or a decryption of contents provided by some content iterators (they implement the EncryptionContentIterator interface).

Constructor Summary
protected DefaultContentEncryptionService()
           
 
Method Summary
 Map<String,String> decryptContent(Map<String,String> encryptedContent)
          Decrypts the specified encrypted content by using the encryption key that was set with the updateCipherKey(String) method.
protected static Map<String,String> decryptContent(Map<String,String> encryptedContent, Cipher cipher, CipherKey key)
          Decrypts the specified content by using the specified cipher with the specified cipher key.
 String[] decryptContent(String... encryptedContentParts)
          Decrypts the specified encrypted content by using the encryption key that was set with the updateCipherKey(String) method.
 void decryptContents(EncryptionContentIterator... iterators)
          Decrypts the encrypted contents provided by the specified iterators.
 Map<String,String> encryptContent(Map<String,String> content)
          Encrypts the specified content by using the encryption key that was set with the updateCipherKey(String) method.
protected static Map<String,String> encryptContent(Map<String,String> content, Cipher cipher, CipherKey key)
          Encrypts the specified content by using the specified cipher with the specified cipher key.
 String[] encryptContent(String... contentParts)
          Encrypts the specified content by using the encryption key that was set with the updateCipherKey(String) method.
 void encryptContents(EncryptionContentIterator... iterators)
          Encrypts the contents provided by the specified iterators.
protected static CipherKey getActualCipherKey()
          Gets the actual cipher key to use in the content encryption/decryption.
protected static Cipher getCipherForContentEncryption()
          Gets the cipher to use to encrypt/decrypt a content.
protected static CipherKey getPreviousCipherKey()
          Gets the previous cipher key that was used in the content encryption/decryption.
 boolean isCipherKeyDefined()
          Checks if a key is defined and so if content can be encrypted
 void registerForRenewingContentCipher(EncryptionContentIterator iterator)
          Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.
 void renewCipherOfContents(EncryptionContentIterator... iterators)
          Renews explicitly the cipher of the contents provided by the specified iterators.
 void updateCipherKey(String key)
          Updates the key to use to encrypt and to decrypt the enciphered content.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultContentEncryptionService

protected DefaultContentEncryptionService()
Method Detail

registerForRenewingContentCipher

public void registerForRenewingContentCipher(EncryptionContentIterator iterator)
Registers the specified iterator on some encrypted contents for which the cipher has to be renewed when the encryption key is updated.

This method is dedicated to the content management service for providing to the content encryption services a way to access the encrypted contents they manage in order to renew their cipher when the encryption key is updated.

Specified by:
registerForRenewingContentCipher in interface ContentEncryptionService
Parameters:
iterator - a provider of encrypted content in the form of a EncryptionContentIterator iterator.

updateCipherKey

public void updateCipherKey(String key)
                     throws CipherKeyUpdateException,
                            CryptoException
Updates the key to use to encrypt and to decrypt the enciphered content. The key must be in hexadecimal and sized in 256 bits otherwise an AssertionError will be thrown. If no previous key existed, then the cipher key will be created with the specified one and it will be used to encrypt and to decrypt at the demand the content in Silverpeas.

The update of the key triggers automatically the renew of the cipher of the encrypted contents in Silverpeas with the new cipher key. If one of the cipher renew of one of the encrypted content failed, the key update is rolled-back (the key isn't updated).

The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.

Specified by:
updateCipherKey in interface ContentEncryptionService
Parameters:
key - the new symmetric key in hexadecimal.
Throws:
CipherKeyUpdateException - if the replace of the cipher key has failed.
CryptoException - if an error while renewing the cipher of the encrypted contents with the new cipher key.

encryptContent

public String[] encryptContent(String... contentParts)
                        throws CryptoException
Encrypts the specified content by using the encryption key that was set with the updateCipherKey(String) method.

Specified by:
encryptContent in interface ContentEncryptionService
Parameters:
contentParts - either the different part of a content to encrypt or several single textual contents to encrypt.

If the encryption key is is being updated, an IllegalStateException is thrown.
Returns:
an array with the different parts of the content, encrypted and in base64, in the same order they were passed as argument of this method.
Throws:
CryptoException - the encryption of one of the content (or content part) failed.

encryptContent

public Map<String,String> encryptContent(Map<String,String> content)
                                  throws CryptoException
Encrypts the specified content by using the encryption key that was set with the updateCipherKey(String) method.

The content is here in the form of a Map instance in which each entry represents a field or a property of the content. The method returns also a Map with, for each entry, the field or the property encrypted and in base64.

If the encryption key is is being updated, an IllegalStateException is thrown.

Specified by:
encryptContent in interface ContentEncryptionService
Parameters:
content - the content to encrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to encrypt.
Returns:
a Map with the different field/property of the content encrypted.
Throws:
CryptoException - the encryption of the content failed.

encryptContents

public void encryptContents(EncryptionContentIterator... iterators)
                     throws CryptoException
Encrypts the contents provided by the specified iterators.

This method is for encrypting in batch several and possibly different contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.

If the encryption key is is being updated, an IllegalStateException is thrown.

Specified by:
encryptContents in interface ContentEncryptionService
Parameters:
iterators - the iterators on the contents to encrypt.
Throws:
CryptoException

decryptContent

public String[] decryptContent(String... encryptedContentParts)
                        throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with the updateCipherKey(String) method.

Specified by:
decryptContent in interface ContentEncryptionService
Parameters:
encryptedContentParts - either the different part of an encrypted content to decrypt or several single encrypted textual contents to decrypt.

If the encryption key is is being updated, an IllegalStateException is thrown.
Returns:
an array with the different parts of the decrypted content in the same order they were passed as argument of this method.
Throws:
CryptoException - the decryption of one of the encrypted content (or content part) failed.

decryptContent

public Map<String,String> decryptContent(Map<String,String> encryptedContent)
                                  throws CryptoException
Decrypts the specified encrypted content by using the encryption key that was set with the updateCipherKey(String) method.

The encrypted content is here in the form of a Map instance in which each entry represents a field or a property of the encrypted content. The method returns also a Map with, for each entry, the field or the property decrypted.

If the encryption key is is being updated, an IllegalStateException is thrown.

Specified by:
decryptContent in interface ContentEncryptionService
Parameters:
encryptedContent - the content to decrypt in the form of a Map instance. Each entry in the Map represents a field/property of the content to decrypt.
Returns:
a Map with the different field/property of the content decrypted.
Throws:
CryptoException - the decryption of the content failed.

decryptContents

public void decryptContents(EncryptionContentIterator... iterators)
                     throws CryptoException
Decrypts the encrypted contents provided by the specified iterators.

This method is for decrypting in batch several and possibly different encrypted contents. If there is more than one iterator on contents, each of them will be taken in charge concurrently by a pool of several threads.

If the encryption key is is being updated, an IllegalStateException is thrown.

Specified by:
decryptContents in interface ContentEncryptionService
Parameters:
iterators - the iterators on the contents to decrypt.
Throws:
CryptoException

renewCipherOfContents

public void renewCipherOfContents(EncryptionContentIterator... iterators)
                           throws CryptoException
Renews explicitly the cipher of the contents provided by the specified iterators.

This method is mainly for encrypted contents for which the renew of their cipher has failed when the encryption key has been updated.

The execution of this method will block any other call of the DefaultContentEncryptionService methods for all of its instances in order to prevent incoherent state of encrypted contents. Any attempts to execute one of the DefaultContentEncryptionService method, whereas this method is running, will raise an IllegalStateException exception.

If it doesn't exist a previous encryption key required to decrypt the contents before encrypting them with the actual encryption key, then nothing is performed by this method and it will return silently.

Specified by:
renewCipherOfContents in interface ContentEncryptionService
Parameters:
iterators - the iterators on the encrypted contents for which their cipher has to be renewed.
Throws:
CryptoException - if an error occurs while renewing the cipher of the contents with the actual encryption key.

encryptContent

protected static Map<String,String> encryptContent(Map<String,String> content,
                                                   Cipher cipher,
                                                   CipherKey key)
                                            throws CryptoException
Encrypts the specified content by using the specified cipher with the specified cipher key.

Parameters:
content - the content to encrypt in the form of a Map in which each entry is a property or a field of the content.
cipher - the cipher to encrypt the content.
key - the cipher key.
Returns:
the encrypted content.
Throws:
CryptoException - if an error occurs while encrypting the content.

decryptContent

protected static Map<String,String> decryptContent(Map<String,String> encryptedContent,
                                                   Cipher cipher,
                                                   CipherKey key)
                                            throws CryptoException
Decrypts the specified content by using the specified cipher with the specified cipher key.

Parameters:
encryptedContent - the encrypted content to decrypt in the form of a Map in which each entry is a property or a field of the content.
cipher - the cipher to decrypt the content.
key - the cipher key.
Returns:
the decrypted content.
Throws:
CryptoException - if an error occurs while decrypting the content.

getActualCipherKey

protected static CipherKey getActualCipherKey()
                                       throws CryptoException
Gets the actual cipher key to use in the content encryption/decryption.

Returns:
the asked cipher key.
Throws:
CryptoException - if the cipher key cannot be get.

getPreviousCipherKey

protected static CipherKey getPreviousCipherKey()
                                         throws CryptoException
Gets the previous cipher key that was used in the content encryption/decryption.

Returns:
the asked cipher key.
Throws:
CryptoException - if the cipher key cannot be get.

getCipherForContentEncryption

protected static Cipher getCipherForContentEncryption()
Gets the cipher to use to encrypt/decrypt a content.

Returns:
the cipher used in the content encryption.

isCipherKeyDefined

public boolean isCipherKeyDefined()
Description copied from interface: ContentEncryptionService
Checks if a key is defined and so if content can be encrypted

Specified by:
isCipherKeyDefined in interface ContentEncryptionService
Returns:
true if the key exist and it is valid
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2016 Silverpeas. All Rights Reserved.