com.qcloud.cos.internal.crypto

Class COSCryptoModuleBase

java.lang.Object

com.qcloud.cos.internal.crypto.COSCryptoModule

com.qcloud.cos.internal.crypto.COSCryptoModuleBase

Direct Known Subclasses:

COSCryptoModuleAE

public abstract class COSCryptoModuleBase
extends COSCryptoModule

Common implementation for different COS cryptographic modules.

Field Summary

Fields

Modifier and Type	Field and Description
protected com.qcloud.cos.internal.crypto.ContentCryptoScheme	contentCryptoScheme
protected COSDirect	cos
protected CryptoConfiguration	cryptoConfig A read-only copy of the crypto configuration.
protected com.qcloud.cos.internal.crypto.COSCryptoScheme	cryptoScheme
protected static int	DEFAULT_BUFFER_SIZE
protected EncryptionMaterialsProvider	kekMaterialsProvider
protected QCLOUDKMS	kms
protected org.slf4j.Logger	log
protected Map<String,MultipartUploadCryptoContext>	multipartUploadContexts Map of data about in progress encrypted multipart uploads.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	COSCryptoModuleBase(COSDirect cos, COSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig) For testing purposes only.
protected	COSCryptoModuleBase(QCLOUDKMS kms, COSDirect cos, COSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig)

Method Summary

Modifier and Type	Method and Description
void	abortMultipartUploadSecurely(AbortMultipartUploadRequest req)
protected abstract long	ciphertextLength(long plaintextLength) Returns the length of the ciphertext computed from the length of the plaintext.
CompleteMultipartUploadResult	completeMultipartUploadSecurely(CompleteMultipartUploadRequest req)
CopyPartResult	copyPartSecurely(CopyPartRequest copyPartRequest)
protected com.qcloud.cos.internal.crypto.ContentCryptoMaterial	createContentCryptoMaterial(CosServiceRequest req) Creates and returns a non-null content crypto material for the given request.
protected PutObjectRequest	createInstructionPutRequest(String bucketName, String key, com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial)
protected SecretKey	generateCEK(EncryptionMaterials kekMaterials, Provider providerIn)
com.qcloud.cos.internal.crypto.COSCryptoScheme	getCOSCryptoScheme()
InitiateMultipartUploadResult	initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req)
protected CipherLiteInputStream	newMultipartCOSCipherInputStream(UploadPartRequest req, com.qcloud.cos.internal.crypto.CipherLite cipherLite)
protected long	plaintextLength(AbstractPutObjectRequest request, ObjectMetadata metadata) Returns the plaintext length from the request and metadata; or -1 if unknown.
PutObjectResult	putInstructionFileSecurely(PutInstructionFileRequest req)
PutObjectResult	putObjectSecurely(PutObjectRequest req)
protected void	securityCheck(com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial, COSObjectWrapper retrieved) Checks if the the crypto scheme used in the given content crypto material is allowed to be used in this crypto module.
protected PutObjectRequest	updateInstructionPutRequest(PutObjectRequest req, com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial) Updates put request to store the specified instruction object in COS.
protected ObjectMetadata	updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata, File file, com.qcloud.cos.internal.crypto.ContentCryptoMaterial instruction)
UploadPartResult	uploadPartSecurely(UploadPartRequest req)
protected <R extends AbstractPutObjectRequest> R	wrapWithCipher(R request, com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial) Returns the given PutObjectRequest but has the content as input stream wrapped with a cipher, and configured with some meta data and user metadata.

Methods inherited from class com.qcloud.cos.internal.crypto.COSCryptoModule

getObjectSecurely, getObjectSecurely

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_BUFFER_SIZE

protected static final int DEFAULT_BUFFER_SIZE

See Also:

Constant Field Values

kekMaterialsProvider

protected final EncryptionMaterialsProvider kekMaterialsProvider

log

protected final org.slf4j.Logger log

cryptoScheme

protected final com.qcloud.cos.internal.crypto.COSCryptoScheme cryptoScheme

contentCryptoScheme

protected final com.qcloud.cos.internal.crypto.ContentCryptoScheme contentCryptoScheme

cryptoConfig

protected final CryptoConfiguration cryptoConfig

A read-only copy of the crypto configuration.

multipartUploadContexts

protected final Map<String,MultipartUploadCryptoContext> multipartUploadContexts

Map of data about in progress encrypted multipart uploads.

cos

protected final COSDirect cos

kms

protected final QCLOUDKMS kms

Constructor Detail

COSCryptoModuleBase

protected COSCryptoModuleBase(QCLOUDKMS kms,
                              COSDirect cos,
                              COSCredentialsProvider credentialsProvider,
                              EncryptionMaterialsProvider kekMaterialsProvider,
                              CryptoConfiguration cryptoConfig)

Parameters:

cryptoConfig - a read-only copy of the crypto configuration.

COSCryptoModuleBase

protected COSCryptoModuleBase(COSDirect cos,
                              COSCredentialsProvider credentialsProvider,
                              EncryptionMaterialsProvider kekMaterialsProvider,
                              CryptoConfiguration cryptoConfig)

For testing purposes only.

Method Detail

ciphertextLength

protected abstract long ciphertextLength(long plaintextLength)

Returns the length of the ciphertext computed from the length of the plaintext.

Parameters:

plaintextLength - a non-negative number

Returns:

a non-negative number

putObjectSecurely

public PutObjectResult putObjectSecurely(PutObjectRequest req)

Specified by:

putObjectSecurely in class COSCryptoModule

Returns:

the result of the putting the COS object.

abortMultipartUploadSecurely

public final void abortMultipartUploadSecurely(AbortMultipartUploadRequest req)

Specified by:

abortMultipartUploadSecurely in class COSCryptoModule

copyPartSecurely

public final CopyPartResult copyPartSecurely(CopyPartRequest copyPartRequest)

Specified by:

copyPartSecurely in class COSCryptoModule

initiateMultipartUploadSecurely

public InitiateMultipartUploadResult initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req)

Specified by:

initiateMultipartUploadSecurely in class COSCryptoModule

uploadPartSecurely

public UploadPartResult uploadPartSecurely(UploadPartRequest req)

NOTE: Because the encryption process requires context from previous blocks, parts uploaded with the COSEncryptionClient (as opposed to the normal COSClient) must be uploaded serially, and in order. Otherwise, the previous encryption context isn't available to use when encrypting the current part.

Specified by:

uploadPartSecurely in class COSCryptoModule

newMultipartCOSCipherInputStream

protected final CipherLiteInputStream newMultipartCOSCipherInputStream(UploadPartRequest req,
                                                                       com.qcloud.cos.internal.crypto.CipherLite cipherLite)

completeMultipartUploadSecurely

public CompleteMultipartUploadResult completeMultipartUploadSecurely(CompleteMultipartUploadRequest req)

Specified by:

completeMultipartUploadSecurely in class COSCryptoModule

updateMetadataWithContentCryptoMaterial

protected final ObjectMetadata updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata,
                                                                       File file,
                                                                       com.qcloud.cos.internal.crypto.ContentCryptoMaterial instruction)

createContentCryptoMaterial

protected final com.qcloud.cos.internal.crypto.ContentCryptoMaterial createContentCryptoMaterial(CosServiceRequest req)

Creates and returns a non-null content crypto material for the given request.

Throws:

CosClientException - if no encryption material can be found.

generateCEK

protected final SecretKey generateCEK(EncryptionMaterials kekMaterials,
                                      Provider providerIn)

Parameters:

kekMaterials - non-null encryption materials

wrapWithCipher

protected final <R extends AbstractPutObjectRequest> R wrapWithCipher(R request,
                                                                      com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial)

Returns the given PutObjectRequest but has the content as input stream wrapped with a cipher, and configured with some meta data and user metadata.

plaintextLength

protected final long plaintextLength(AbstractPutObjectRequest request,
                                     ObjectMetadata metadata)

Returns the plaintext length from the request and metadata; or -1 if unknown.

getCOSCryptoScheme

public final com.qcloud.cos.internal.crypto.COSCryptoScheme getCOSCryptoScheme()

updateInstructionPutRequest

protected final PutObjectRequest updateInstructionPutRequest(PutObjectRequest req,
                                                             com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial)

Updates put request to store the specified instruction object in COS.

Parameters:

req - The put-instruction-file request for the instruction file to be stored in COS.

cekMaterial - The instruction object to be stored in COS.

Returns:

A put request to store the specified instruction object in COS.

createInstructionPutRequest

protected final PutObjectRequest createInstructionPutRequest(String bucketName,
                                                             String key,
                                                             com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial)

securityCheck

protected void securityCheck(com.qcloud.cos.internal.crypto.ContentCryptoMaterial cekMaterial,
                             COSObjectWrapper retrieved)

Checks if the the crypto scheme used in the given content crypto material is allowed to be used in this crypto module. Default is no-op. Subclass may override.

Throws:

SecurityException - if the crypto scheme used in the given content crypto material is not allowed in this crypto module.

putInstructionFileSecurely

public final PutObjectResult putInstructionFileSecurely(PutInstructionFileRequest req)

Specified by:

putInstructionFileSecurely in class COSCryptoModule

Returns:

the result of putting the instruction file in COS; or null if the specified COS object doesn't exist. The COS object can be subsequently retrieved using the new instruction file via the usual get operation by specifying a EncryptedGetObjectRequest.