public class OfsProvider extends BaseProvider implements IContainerProvider
OFS
). This provider serves as a user session with the OFS
. Use initialize(Path,
boolean)
to initialize the session and logIn(UUID, String, String)
to authenticate thet
session.keyRing
Constructor and Description |
---|
OfsProvider()
Default constructor.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
changeCredentials(String password,
String passphrase)
This is used to change the password and/or passphrase of a user.
|
SecuredContainer |
create(byte[] content,
String headerString,
List<Access> accesses,
String type)
Creates and persists a new SecuredContainer in the OFS and returns it.
|
SecuredContainer |
createOrUpdate(Container container)
Persist the Container as a new item in the OFS and returns it.
|
SecuredContainer |
createOrUpdate(SecuredContainer securedContainer)
This is a helper method to persists the SecuredContainer in the OFS.
|
void |
createOrUpdatePublicKey(UUID userId,
IndexedECPublicKey publicKey)
This will create or update the public key for the authenticated user.
|
void |
delete(UUID containerId)
Deletes the secured container with the given ID from the OFS.
|
void |
deleteUser()
Deletes all associated data for the authenticated user.
|
Container |
get(UUID containerId)
Gets the SecuredContainer from the OFS (content, header and metadata), decrypts the content and header and
returns the resulting Container.
|
byte[] |
getContent(UUID containerId)
Gets the decrypted content of the secured container for the given ID.
|
DataAccess |
getDataAccess()
Get the data access used for persisting and reading all data (except for content/header and KeyFile) from the
OFS . |
Header |
getHeader(UUID containerId)
Gets the decrypted header of the secured container for the given ID.
|
ContainerDbInfo |
getInfo(UUID containerId)
Gets the SecuredContainer from the OFS (content, header and metadata), decrypts the content and header and
returns the resulting Container.
|
byte[] |
getKeyFileBytes(UUID userId)
This will return the KeyFile for the passed in user from the OFS in its raw form (bytes).
|
KeyFileMapper |
getKeyFileMapper()
Get the mapper in charge of managing KeyFile data (all create, read, update and delete operations).
|
OFS |
getOfs()
Get the instance of the
OFS itself. |
Path |
getOfsRootDirectory()
Get the root of the
OFS . |
IndexedECPublicKey |
getPublicKeyByIndex(UUID userId,
KeyType type,
int index)
This will get a single public key from Absio Broker™ application.
|
IndexedECPublicKey |
getPublicKeyLatestActive(UUID userId,
KeyType type)
This will get the latest public key from Absio Broker™ application.
|
List<IndexedECPublicKey> |
getPublicKeyList(UUID userId,
KeyType type,
Integer index)
Gets a user's public keys matching the key type and key ring index.
|
PublicKeyMapper |
getPublicKeyMapper()
Get the mapper in charge of managing public key data (signing and derivation) for other users in the eco-system
(all create, read, update and delete operations).
|
SecuredContainerMapper |
getSecuredContainerMapper()
Get the mapper in charge of managing secured container data (all create, read, update and delete operations).
|
void |
initialize(Path ofsRootDirectory,
boolean partitionDataByUser)
Initialize the Container Provider with a the root OFS directory and if data should be partitioned by user.
|
boolean |
isAuthenticated()
Get if the provider is authenticated.
|
boolean |
isInitialized()
Get if the provider is initialized.
|
boolean |
isPartitionDataByUser()
Get if the data in the
OFS is partitioned by user. |
void |
logIn(KeyRing keyRing)
Authenticates the user locally by logging into the encrypted database in the OFS.
|
byte[] |
logIn(UUID userId,
String password,
String passphrase)
Authenticates the user locally by decrypting the KeyFile to get their
KeyRing and then logs into the
encrypted database in the OFS. |
void |
logOut()
This will end an authenticated session.
|
void |
register(KeyRing keyRing,
byte[] keyFileBytes)
This will create a new user stored in the OFS using the passed in KeyRing.
|
byte[] |
register(String password,
String passphrase)
This will create a new user stored in the OFS.
|
SecuredContainer |
update(UUID containerId,
byte[] content,
String headerString,
List<Access> accesses,
String type)
Update the content, header, access and type of the secured container with the given ID.
|
void |
updateAccess(UUID containerId,
List<Access> accesses)
Update the access of the secured container with the given ID.
|
SecuredContainer |
updateContent(UUID containerId,
byte[] content)
Update the content of the secured container with the given ID.
|
SecuredContainer |
updateHeader(UUID containerId,
String headerString)
Update the header of the secured container with the given ID.
|
void |
updateType(UUID containerId,
String type)
Update the type of the secured container with the given ID.
|
getKeyRing, getUserId, hashToB64, hashToHex
public OfsProvider() throws NoSuchAlgorithmException
NoSuchAlgorithmException
- thrown if the algorithm is not supported (see MessageDigestHelper
)public byte[] changeCredentials(String password, String passphrase) throws IOException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalAccessException
logIn(UUID, String, String)
) with the passphrase in addition to the
password.
NOTE: this requires an initialized and authenticated session. Also, both the password and passphrase are required.
password
- the new password for the authenticated userpassphrase
- the new passphrase for the authenticated userIOException
- thrown if there were any issues writing the KeyFile toIllegalArgumentException
- thrown if the password or passphrase are null or emptyIllegalAccessException
- thrown if the provider is not authenticatedNoSuchPaddingException
- thrown if the padding is not supported when the key ring is encryptedInvalidAlgorithmParameterException
- thrown if the algorithm parameter is not supported when the key ring
is encryptedNoSuchAlgorithmException
- thrown if the algorithm is not supported when the key ring is
encryptedIllegalBlockSizeException
- thrown if the block size is not supported when the key ring is
encryptedBadPaddingException
- thrown if the padding is not supported when the key ring is encryptedInvalidKeyException
- thrown if the key is not valid when the key ring is encryptedIllegalAccessException
- thrown if the session is not authenticatedpublic SecuredContainer create(byte[] content, String headerString, List<Access> accesses, String type) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
create
in interface IContainerProvider
content
- the container's contentheaderString
- the container's headeraccesses
- the container's access list - if null the container will have default access for the creatortype
- the container's typeSecuredContainer
Exception
- thrown if there are any issues encrypting and persisting the container in the OFSpublic SecuredContainer createOrUpdate(Container container) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
createOrUpdate
in interface IContainerProvider
container
- the Container to persist in the OFSSecuredContainer
that was persisted in the OFSNoSuchAlgorithmException
- thrown if the hash algorithm is not supportedSQLException
- thrown if there is an issue inserting the container into the databaseIOException
- thrown if there is an issue writing the container to the file systemIllegalAccessException
- thrown if the session is not authenticatedException
public SecuredContainer createOrUpdate(SecuredContainer securedContainer) throws IOException, SQLException, NoSuchAlgorithmException, IllegalAccessException
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
createOrUpdate
in interface IContainerProvider
securedContainer
- the secured container to create or updateSecuredContainer
that was created or updatedIOException
- thrown if there where any issues writing the secured container to the files
systemSQLException
- thrown if there where any issues writing the secured container to the databaseNoSuchAlgorithmException
- thrown if the hash algorithm is not supportedIllegalAccessException
- thrown if the session is not authenticatedpublic void createOrUpdatePublicKey(UUID userId, IndexedECPublicKey publicKey) throws IllegalAccessException, SQLException
NOTE: this requires an initialized and authenticated session.
userId
- the user's id that owns the public keypublicKey
- the public key to create or updateIllegalAccessException
- thrown if the session is not authenticatedSQLException
- thrown if there was an issue writing the public key to the databasepublic void delete(UUID containerId) throws IOException, SQLException, IllegalAccessException
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
delete
in interface IContainerProvider
containerId
- the id of the container to deleteIOException
- thrown if there where any issues removing the secured container from the files
systemSQLException
- thrown if there where any issues removing the secured container from the databaseIllegalAccessException
- thrown if the session is not authenticatedpublic void deleteUser() throws IOException, SQLException, NoSuchAlgorithmException, IllegalAccessException
NOTE: This cannot be undone. Ensure you really want to perform this operation before doing so. The KeyFile, encrypted database and all secured containers will be removed from the OFS.
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
IOException
- thrown if there was an issue deleting any of the users data on diskSQLException
- thrown if there was an issue deleting any of the users data in the databaseNoSuchAlgorithmException
- thrown if a hash was unable to be generated (user's OFS location)IllegalAccessException
- thrown if the session is not authenticatedpublic Container get(UUID containerId) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
get
in interface IContainerProvider
containerId
- the id of the secured container to getException
- thrown if there are any issues getting or decrypting the secured containerpublic byte[] getContent(UUID containerId) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
getContent
in interface IContainerProvider
containerId
- the id of the secured container to get the content ofException
- thrown if there are any issues getting or decrypting the secured container contentpublic DataAccess getDataAccess()
OFS
.public Header getHeader(UUID containerId) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
getHeader
in interface IContainerProvider
containerId
- the id of the secured container to get the header ofException
- thrown if there are any issues getting or decrypting the secured container headerpublic ContainerDbInfo getInfo(UUID containerId) throws SQLException, IllegalAccessException
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
containerId
- the id of the secured container to getSQLException
- thrown if there was an issue getting the info from the databaseIllegalAccessException
- thrown if the session is not authenticatedpublic byte[] getKeyFileBytes(UUID userId) throws IOException, NoSuchAlgorithmException
NOTE: KeyFiles are always encrypted. Thus, they bytes returned are encrypted.
userId
- the userId of the KeyFile bytes desiredIOException
- thrown if there was an issue reading the KeyFile bytes from the OFSNoSuchAlgorithmException
- thrown if a hash was unable to be generated (user's OFS location)public KeyFileMapper getKeyFileMapper()
public OFS getOfs()
OFS
itself. This class is used for determining storage locations.OFS
public Path getOfsRootDirectory()
OFS
.OFS
public IndexedECPublicKey getPublicKeyByIndex(UUID userId, KeyType type, int index) throws Exception
NOTE: this requires an initialized and authenticated session.
userId
- the user id that owns the key in question (required)type
- the type of the key in question (required)index
- the index of the key in question (required)IOException
- thrown if there are any issues communicating with Absio Broker™
applicationIllegalAccessException
- thrown if the session is not authenticatedIllegalArgumentException
- thrown if the userId or type are nullInterruptedException
- thrown when there is an interruption during rate limitingException
public IndexedECPublicKey getPublicKeyLatestActive(UUID userId, KeyType type) throws Exception
NOTE: this requires an initialized and authenticated session.
userId
- the user id that owns the key in question (required)type
- the type of the key in question (required)IOException
- thrown if there are any issues communicating with Absio Broker™
applicationIllegalAccessException
- thrown if the session is not authenticatedIllegalArgumentException
- thrown if the userId or type are nullInterruptedException
- thrown when there is an interruption during rate limitingException
public List<IndexedECPublicKey> getPublicKeyList(UUID userId, KeyType type, Integer index) throws IllegalAccessException, SQLException, InvalidKeySpecException
NOTE: this requires an initialized and authenticated session and pass in null to ignore a parameter.
userId
- the user's ID (required)type
- the key type or ignored if nullindex
- the key index or ignored if nullIllegalAccessException
- thrown if the session is not authenticatedSQLException
- thrown if there was an issue getting the keys from the databaseInvalidKeySpecException
- thrown if the key specification is not supportedpublic PublicKeyMapper getPublicKeyMapper()
PublicKeyMapper
public SecuredContainerMapper getSecuredContainerMapper()
public void initialize(Path ofsRootDirectory, boolean partitionDataByUser)
ofsRootDirectory
- the path for the root OFS directorypartitionDataByUser
- true if data should be partitioned by user (special OFS directory for each user)public boolean isAuthenticated()
public boolean isInitialized()
initialize(Path, boolean)
for how to
initialize this provider.public boolean isPartitionDataByUser()
OFS
is partitioned by user.public byte[] logIn(UUID userId, String password, String passphrase) throws IOException, NoSuchAlgorithmException, KeyFileNotFoundException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException, SQLException
KeyRing
and then logs into the
encrypted database in the OFS. Password and passphrase are both listed as optional parameters, but at least one
must be included. If the password is not included, the passphrase will be used to get the password from the
KeyFile. If no passphrase was included when the KeyFile was created the operation will fail. All mappers will be
created and initialized.
NOTE: This will throw an exception on failure. When successful the session will be authenticated.
userId
- the user's id to logInpassword
- the user's password to login - optionalpassphrase
- the user's passphrase to login - optionalIOException
- thrown if there was an issue reading the KeyFile from the file systemNoSuchAlgorithmException
- thrown if the algorithm is not known to decrypt the key fileKeyFileNotFoundException
- thrown if the KeyFile does not exist in the OFSIllegalBlockSizeException
- thrown if the cipher block size is wrong to decrypt the key fileInvalidKeyException
- thrown when there was an error with the key for decrypting the
databaseBadPaddingException
- thrown if the cipher padding is not supported to decrypt the key fileInvalidAlgorithmParameterException
- thrown if the cipher algorithm is not supported to decrypt the key
fileNoSuchPaddingException
- thrown if the padding is not supported to decrypt the key fileSQLException
- thrown if the user is authenticated and there are issues closing the
databasepublic void logIn(KeyRing keyRing) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, SQLException
NOTE: This will throw an exception on failure. When successful the session will be authenticated.
keyRing
- the user's KeyRing to loginIOException
- thrown if there is any issue reading/writing to the OFSNoSuchAlgorithmException
- thrown if the hash algorithm is not support in the OFSNoSuchPaddingException
- thrown if the padding is not supported to decrypt the key fileInvalidKeyException
- thrown when there was an error with the key for decrypting the databaseSQLException
- thrown if there was an issue opening/closing the database with the wrong signing
keypublic void logOut() throws SQLException
SQLException
- thrown if there are any issues closing the databasepublic byte[] register(String password, String passphrase) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchPaddingException, IOException, SQLException
NOTE: Both the password and passphrase are required. If they are not supplied an ArgumentException will be thrown.
This will throw an exception on failure. When successful the session will be authenticated.
password
- the password used to encrypt the KeyRing portion of the KeyFilepassphrase
- the passphrase used to encrypt the password portion of the KeyFileIllegalArgumentException
- thrown if the password or passphrase are empty or nullNoSuchAlgorithmException
- thrown if the algorithm is not known to decrypt the key fileIllegalBlockSizeException
- thrown if the cipher block size is wrong to decrypt the key fileInvalidKeyException
- thrown when there was an error with the key for decrypting the
databaseBadPaddingException
- thrown if the cipher padding is not supported to decrypt the key fileNoSuchPaddingException
- thrown if the padding is not supported to decrypt the key fileIOException
- thrown when there are any IO issuesInvalidAlgorithmParameterException
- thrown if the cipher algorithm is not supported to decrypt the key
fileSQLException
- thrown if there are any issues closing the databasepublic void register(KeyRing keyRing, byte[] keyFileBytes) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, SQLException
This will throw an exception on failure. When successful the session will be authenticated.
keyRing
- the KeyRing to user to registerkeyFileBytes
- the KeyFile bytes to user for registrationIOException
- thrown when there are any IO issuesNoSuchAlgorithmException
- thrown if the algorithm is not known to decrypt the key fileNoSuchPaddingException
- thrown if the padding is not supported to decrypt the key fileInvalidKeyException
- thrown when there was an error with the key for decrypting the databaseSQLException
- thrown if there was an issue opening/closing the database with the wrong signing
keypublic SecuredContainer update(UUID containerId, byte[] content, String headerString, List<Access> accesses, String type) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
update
in interface IContainerProvider
containerId
- the id of the secured container to updatecontent
- the new contentheaderString
- the new headeraccesses
- This is the defined access for all users. If null, the user updating the container will get
full access (Access.DefaultOwnerPermissions). If any access is defined then the user creating
the updating will get the defined access or no access if none is defined.type
- the new typeException
- thrown if there any issues encrypting and updating the data in the file system and/or the
databasepublic void updateAccess(UUID containerId, List<Access> accesses) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
updateAccess
in interface IContainerProvider
containerId
- the secured container's id to updateaccesses
- This is the defined access for all users. If null, the user updating the container will get
full access (Access.DefaultOwnerPermissions). If any access is defined then the user creating
the updating will get the defined access or no access if none is defined.Exception
- thrown if there are any issues updating the access list in the databasepublic SecuredContainer updateContent(UUID containerId, byte[] content) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
updateContent
in interface IContainerProvider
containerId
- the id of the secured containercontent
- the new contentException
- thrown if there are any issues encrypting and updating the content in the file systempublic SecuredContainer updateHeader(UUID containerId, String headerString) throws Exception
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
updateHeader
in interface IContainerProvider
containerId
- the id of the secured containerheaderString
- the new headerException
- thrown if there are any issues encrypting and updating the header in the file systempublic void updateType(UUID containerId, String type) throws SQLException, IllegalAccessException, ContainerNotFoundException
Calling this method requires an authenticated session. See logIn(UUID, String, String)
for
authenticating.
updateType
in interface IContainerProvider
containerId
- the id of the secured containertype
- the new type valueSQLException
- thrown if there was an issue updating the type in the databaseIllegalAccessException
- thrown if the session is not authenticatedContainerNotFoundException
- thrown if the container is not in the databaseCopyright © 2021. All rights reserved.