org.apache.ignite.spi.encryption.keystore

Class KeystoreEncryptionSpi

java.lang.Object

org.apache.ignite.spi.IgniteSpiAdapter

org.apache.ignite.spi.encryption.keystore.KeystoreEncryptionSpi

All Implemented Interfaces:

EncryptionSpi, IgniteSpi

public class KeystoreEncryptionSpi
extends IgniteSpiAdapter
implements EncryptionSpi

EncryptionSPI implementation base on JDK provided cipher algorithm implementations.

See Also:

EncryptionSpi, KeystoreEncryptionKey

Field Summary

Fields

Modifier and Type	Field and Description
static String	CIPHER_ALGO Algorithm supported by implementation.
static int	DEFAULT_KEY_SIZE Default encryption key size;
static String	DEFAULT_MASTER_KEY_NAME Default key store entry name to store Encryption master key.
protected IgniteLogger	log Logger.

Fields inherited from class org.apache.ignite.spi.IgniteSpiAdapter

ignite, igniteInstanceName

Constructor Summary

Constructors

Constructor and Description
KeystoreEncryptionSpi()

Method Summary

Modifier and Type	Method and Description
int	blockSize()
KeystoreEncryptionKey	create() Creates new key for an encryption/decryption of cache persistent data: pages, WAL records.
byte[]	decrypt(byte[] data, Serializable key) Decrypts data encrypted with EncryptionSpi.encrypt(ByteBuffer, Serializable, ByteBuffer)
KeystoreEncryptionKey	decryptKey(byte[] key) Decrypts key and checks it integrity.
KeystoreEncryptionKey	decryptKey(byte[] data, String masterKeyName) Decrypts key and checks its integrity using the master key specified by name.
void	decryptNoPadding(ByteBuffer data, Serializable key, ByteBuffer res) Decrypts data encrypted with EncryptionSpi.encryptNoPadding(ByteBuffer, Serializable, ByteBuffer)
void	encrypt(ByteBuffer data, Serializable key, ByteBuffer res) Encrypts data.
int	encryptedSize(int dataSize)
int	encryptedSizeNoPadding(int dataSize)
byte[]	encryptKey(Serializable key) Encrypts key.
byte[]	encryptKey(Serializable key, String masterKeyName) Encrypts a key with the master key specified by name.
void	encryptNoPadding(ByteBuffer data, Serializable key, ByteBuffer res) Encrypts data without padding info.
int	getKeySize() Gets encryption key size.
String	getKeyStorePath() Gets path to jdk keyStore that stores master key.
char[]	getKeyStorePwd() Gets key store password.
String	getMasterKeyName() Gets the current master key name.
byte[]	masterKeyDigest() Returns master key digest.
byte[]	masterKeyDigest(String masterKeyName) Returns master key digest by name.
void	setKeySize(int keySize) Sets encryption key size.
void	setKeyStorePassword(char[] keyStorePassword) Sets password to access KeyStore.
void	setKeyStorePath(String keyStorePath) Sets path to jdk keyStore that stores master key.
void	setMasterKeyName(String masterKeyName) Sets master key Name that will be used for keys encryption in EncryptionSpi.encryptKey(Serializable) and EncryptionSpi.decryptKey(byte[]) methods and in the EncryptionSpi.masterKeyDigest() method.
void	spiStart(@Nullable String igniteInstanceName) This method is called to start SPI.
void	spiStop() This method is called to stop SPI.

Methods inherited from class org.apache.ignite.spi.IgniteSpiAdapter

addTimeoutObject, assertParameter, checkConfigurationConsistency0, clientFailureDetectionTimeout, configInfo, createSpiAttributeName, failureDetectionTimeout, failureDetectionTimeoutEnabled, failureDetectionTimeoutEnabled, getConsistentAttributeNames, getExceptionRegistry, getLocalNode, getName, getNodeAttributes, getSpiContext, ignite, initFailureDetectionTimeout, injectables, injectResources, isNodeStopping, onBeforeStart, onClientDisconnected, onClientReconnected, onContextDestroyed, onContextDestroyed0, onContextInitialized, onContextInitialized0, registerMBean, removeTimeoutObject, setName, started, startInfo, startStopwatch, stopInfo, unregisterMBean

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.ignite.spi.IgniteSpi

getName, getNodeAttributes, onClientDisconnected, onClientReconnected, onContextDestroyed, onContextInitialized

Field Detail

DEFAULT_MASTER_KEY_NAME

public static final String DEFAULT_MASTER_KEY_NAME

Default key store entry name to store Encryption master key.

See Also:

Constant Field Values

CIPHER_ALGO

public static final String CIPHER_ALGO

Algorithm supported by implementation.

See Also:

Constant Field Values

DEFAULT_KEY_SIZE

public static final int DEFAULT_KEY_SIZE

Default encryption key size;

See Also:

Constant Field Values

log

@LoggerResource
protected IgniteLogger log

Logger.

Constructor Detail

KeystoreEncryptionSpi

public KeystoreEncryptionSpi()

Method Detail

spiStart

public void spiStart(@Nullable
                     @Nullable String igniteInstanceName)
              throws IgniteSpiException

This method is called to start SPI. After this method returns successfully kernel assumes that SPI is fully operational.

Specified by:

spiStart in interface IgniteSpi

Parameters:

igniteInstanceName - Name of Ignite instance this SPI is being started for (null for default Ignite instance).

Throws:

IgniteSpiException - Throws in case of any error during SPI start.

spiStop

public void spiStop()
             throws IgniteSpiException

This method is called to stop SPI. After this method returns kernel assumes that this SPI is finished and all resources acquired by it are released.

Note that this method can be called at any point including during recovery of failed start. It should make no assumptions on what state SPI will be in when this method is called.

Specified by:

spiStop in interface IgniteSpi

Throws:

IgniteSpiException - Thrown in case of any error during SPI stop.

masterKeyDigest

public byte[] masterKeyDigest()

Returns master key digest. Should always return same digest for a same key. Digest used for a configuration consistency check.

Specified by:

masterKeyDigest in interface EncryptionSpi

Returns:

Master key digest.

masterKeyDigest

public byte[] masterKeyDigest(String masterKeyName)

Returns master key digest by name. Should always return same digest for a same key. Digest used for a configuration consistency check.

Specified by:

masterKeyDigest in interface EncryptionSpi

Parameters:

masterKeyName - Master key name.

Returns:

Master key digest.

create

public KeystoreEncryptionKey create()
                             throws IgniteException

Creates new key for an encryption/decryption of cache persistent data: pages, WAL records.

Specified by:

create in interface EncryptionSpi

Returns:

Newly created encryption key.

Throws:

IgniteException - If key creation failed.

encrypt

public void encrypt(ByteBuffer data,
                    Serializable key,
                    ByteBuffer res)

Encrypts data.

Specified by:

encrypt in interface EncryptionSpi

Parameters:

data - Data to encrypt.

key - Encryption key.

res - Destination buffer.

encryptNoPadding

public void encryptNoPadding(ByteBuffer data,
                             Serializable key,
                             ByteBuffer res)

Encrypts data without padding info.

Specified by:

encryptNoPadding in interface EncryptionSpi

Parameters:

data - Data to encrypt.

key - Encryption key.

res - Destination buffer.

decrypt

public byte[] decrypt(byte[] data,
                      Serializable key)

Decrypts data encrypted with EncryptionSpi.encrypt(ByteBuffer, Serializable, ByteBuffer)

Specified by:

decrypt in interface EncryptionSpi

Parameters:

data - Data to decrypt.

key - Encryption key.

decryptNoPadding

public void decryptNoPadding(ByteBuffer data,
                             Serializable key,
                             ByteBuffer res)

Decrypts data encrypted with EncryptionSpi.encryptNoPadding(ByteBuffer, Serializable, ByteBuffer)

Specified by:

decryptNoPadding in interface EncryptionSpi

Parameters:

data - Data to decrypt.

key - Encryption key.

encryptKey

public byte[] encryptKey(Serializable key)

Encrypts key. Adds some info to check key integrity on decryption.

Specified by:

encryptKey in interface EncryptionSpi

Parameters:

key - Key to encrypt.

Returns:

Encrypted key.

encryptKey

public byte[] encryptKey(Serializable key,
                         String masterKeyName)

Encrypts a key with the master key specified by name. Adds some info to check key integrity on decryption.

Specified by:

encryptKey in interface EncryptionSpi

Parameters:

key - Key to encrypt.

masterKeyName - Master key name.

Returns:

Encrypted key.

decryptKey

public KeystoreEncryptionKey decryptKey(byte[] key)

Decrypts key and checks it integrity.

Specified by:

decryptKey in interface EncryptionSpi

Parameters:

key - Key to decrypt.

Returns:

Encrypted key.

decryptKey

public KeystoreEncryptionKey decryptKey(byte[] data,
                                        String masterKeyName)

Decrypts key and checks its integrity using the master key specified by name.

Specified by:

decryptKey in interface EncryptionSpi

Parameters:

data - Key to decrypt.

masterKeyName - Master key name.

Returns:

Encrypted key.

encryptedSize

public int encryptedSize(int dataSize)

Specified by:

encryptedSize in interface EncryptionSpi

Parameters:

dataSize - Size of plain data in bytes.

Returns:

Size of encrypted data in bytes for padding encryption mode.

encryptedSizeNoPadding

public int encryptedSizeNoPadding(int dataSize)

Specified by:

encryptedSizeNoPadding in interface EncryptionSpi

Parameters:

dataSize - Size of plain data in bytes.

Returns:

Size of encrypted data in bytes for nopadding encryption mode.

blockSize

public int blockSize()

Specified by:

blockSize in interface EncryptionSpi

Returns:

Encrypted data block size.

getMasterKeyName

public String getMasterKeyName()

Gets the current master key name.

Specified by:

getMasterKeyName in interface EncryptionSpi

Returns:

Master key name.

See Also:

EncryptionSpi.setMasterKeyName(String)

setMasterKeyName

public void setMasterKeyName(String masterKeyName)

Sets master key Name that will be used for keys encryption in EncryptionSpi.encryptKey(Serializable) and EncryptionSpi.decryptKey(byte[]) methods and in the EncryptionSpi.masterKeyDigest() method.

Specified by:

setMasterKeyName in interface EncryptionSpi

Parameters:

masterKeyName - Master key name.

getKeyStorePath

public String getKeyStorePath()

Gets path to jdk keyStore that stores master key.

Returns:

Key store path.

setKeyStorePath

public void setKeyStorePath(String keyStorePath)

Sets path to jdk keyStore that stores master key.

Parameters:

keyStorePath - Path to JDK KeyStore.

getKeyStorePwd

public char[] getKeyStorePwd()

Gets key store password.

Returns:

Key store password.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePassword)

Sets password to access KeyStore.

Parameters:

keyStorePassword - Password for Key Store.

getKeySize

public int getKeySize()

Gets encryption key size.

Returns:

Encryption key size.

setKeySize

public void setKeySize(int keySize)

Sets encryption key size.

Parameters:

keySize - Key size.