Package org.alfresco.repo.node.encryption

Class MetadataEncryptor

java.lang.Object
org.alfresco.repo.node.encryption.MetadataEncryptor
public class MetadataEncryptor extends Object
Component to convert encrypt/decrypt properties.

This is a helper; it is up to the client how and when encryption and decryption is done, but metadata integrity enforcement will expect that encrypted properties are already encrypted.

This class must always be used running as 'system'.

Since:
4.0
Author:
Derek Hulley

  • Constructor Details

    • MetadataEncryptor

      public MetadataEncryptor()

  • Method Details

    • setDictionaryService

      public void setDictionaryService(DictionaryService dictionaryService)
      Parameters:
      dictionaryService - service to check if properties need encrypting

    • setEncryptor

      public void setEncryptor(org.alfresco.encryption.FallbackEncryptor encryptor)
      Parameters:
      encryptor - the class that does the encryption/decryption

    • encrypt

      public Serializable encrypt(QName propertyQName, Serializable inbound)
      Encrypt a properties if the data definition (model-specific) requires it.
      Parameters:
      propertyQName - the property qualified name
      inbound - the property to encrypt
      Returns:
      the encrypted property or the original if encryption is not required

    • decrypt

      public Serializable decrypt(QName propertyQName, Serializable inbound)
      Decrypt a property if the data definition (model-specific) requires it.
      Parameters:
      propertyQName - the property qualified name
      inbound - the property to decrypt
      Returns:
      the decrypted property or the original if it wasn't encrypted

    • encrypt

      public Map<QName,Serializable> encrypt(Map<QName,Serializable> inbound)
      Encrypt properties if their data definition (model-specific) requires it. The values provided can be mixed; values will be encrypted only if required.
      Parameters:
      inbound - the properties to encrypt
      Returns:
      a new map of values if some encryption occured otherwise the original inbound map is returned

    • decrypt

      public Map<QName,Serializable> decrypt(Map<QName,Serializable> inbound)
      Decrypt properties if they are decryptable. The values provided can be mixed; encrypted values will be sought out and decrypted.
      Parameters:
      inbound - the properties to decrypt
      Returns:
      a new map of values if some decryption occured otherwise the original inbound map is returned

    • keyAvailable

      public boolean keyAvailable(String keyAlias)

    • backupKeyAvailable

      public boolean backupKeyAvailable(String keyAlias)