Example 21 with SealedObject
use of javax.crypto.SealedObject in project alfresco-repository by Alfresco.
the class PropertiesIntegrityEvent method checkAllProperties.
/**
* Checks the specific map of properties against the required property definitions
*
* @param nodeRef the node to which this applies
* @param typeQName the qualified name of the aspect or type to which the properties belong
* @param propertyDefs the definitions to check against - may be null or empty
* @param nodeProperties the properties to check
*/
private void checkAllProperties(NodeRef nodeRef, QName typeQName, Collection<PropertyDefinition> propertyDefs, Map<QName, Serializable> nodeProperties, Collection<IntegrityRecord> eventResults) {
// check for null or empty definitions
if (propertyDefs == null || propertyDefs.isEmpty()) {
return;
}
for (PropertyDefinition propertyDef : propertyDefs) {
QName propertyQName = propertyDef.getName();
// check that enforced, mandatoryproperties are set
if (propertyDef.isMandatory() && propertyDef.isMandatoryEnforced() && (!nodeProperties.containsKey(propertyQName) || null == nodeProperties.get(propertyQName))) {
String nameProp = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
IntegrityRecord result = new IntegrityRecord("Mandatory property not set: \n" + " Node: " + nodeRef + "\n" + (nameProp != null ? " Name: " + nameProp + "\n" : "") + " Type: " + typeQName + "\n" + " Property: " + propertyQName);
eventResults.add(result);
// next one
continue;
}
Serializable propertyValue = nodeProperties.get(propertyQName);
// Check for encryption first
if (propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)) {
if (propertyValue != null && !(propertyValue instanceof SealedObject)) {
String nameProp = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
IntegrityRecord result = new IntegrityRecord("Property must be encrypted: \n" + " Node: " + nodeRef + "\n" + (nameProp != null ? " Name: " + nameProp + "\n" : "") + " Type: " + typeQName + "\n" + " Property: " + propertyQName);
eventResults.add(result);
}
}
// check constraints
List<ConstraintDefinition> constraintDefs = propertyDef.getConstraints();
for (ConstraintDefinition constraintDef : constraintDefs) {
// get the constraint implementation
Constraint constraint = constraintDef.getConstraint();
try {
constraint.evaluate(propertyValue);
} catch (ConstraintException e) {
String nameProp = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
IntegrityRecord result = new IntegrityRecord("Invalid property value: \n" + " Node: " + nodeRef + "\n" + (nameProp != null ? " Name: " + nameProp + "\n" : "") + " Type: " + typeQName + "\n" + " Property: " + propertyQName + "\n" + " Constraint: " + e.getMessage());
eventResults.add(result);
// next one
continue;
}
}
}
}
Also used :
Serializable(java.io.Serializable)
Constraint(org.alfresco.service.cmr.dictionary.Constraint)
QName(org.alfresco.service.namespace.QName)
SealedObject(javax.crypto.SealedObject)
PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition)
ConstraintException(org.alfresco.service.cmr.dictionary.ConstraintException)
ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition)
Example 22 with SealedObject
use of javax.crypto.SealedObject in project alfresco-repository by Alfresco.
the class MetadataEncryptor method encrypt.
/**
* Encrypt properties if their data definition (model-specific) requires it.
* The values provided can be mixed; values will be encrypted only if required.
*
* @param inbound the properties to encrypt
* @return a new map of values if some encryption occured
* otherwise the original inbound map is returned
*/
public Map<QName, Serializable> encrypt(Map<QName, Serializable> inbound) {
Set<QName> encryptedProperties = new HashSet<QName>(5);
for (Map.Entry<QName, Serializable> entry : inbound.entrySet()) {
QName qname = entry.getKey();
Serializable value = entry.getValue();
PropertyDefinition propertyDef = dictionaryService.getProperty(qname);
if (propertyDef != null && (propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED))) {
if (value != null && !(value instanceof SealedObject)) {
encryptedProperties.add(qname);
}
}
}
if (encryptedProperties.isEmpty()) {
// Nothing to do
return inbound;
}
// Encrypt, in place, using a copied map
Map<QName, Serializable> outbound = new HashMap<QName, Serializable>(inbound);
for (QName propertyQName : encryptedProperties) {
// We have already checked for nulls and conversions
Serializable value = inbound.get(propertyQName);
// Have to encrypt the value
Serializable encryptedValue = encryptor.sealObject(KeyProvider.ALIAS_METADATA, null, value);
// Store it back
outbound.put(propertyQName, encryptedValue);
}
// Done
return outbound;
}
Also used :
Serializable(java.io.Serializable)
HashMap(java.util.HashMap)
QName(org.alfresco.service.namespace.QName)
SealedObject(javax.crypto.SealedObject)
HashMap(java.util.HashMap)
Map(java.util.Map)
PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition)
HashSet(java.util.HashSet)
Example 23 with SealedObject
use of javax.crypto.SealedObject in project alfresco-repository by Alfresco.
the class NodePropertyValue method getValue.
/**
* Fetches the value as a desired type. Collections (i.e. multi-valued properties)
* will be converted as a whole to ensure that all the values returned within the
* collection match the given type.
*
* @param typeQName the type required for the return value
* @return Returns the value of this property as the desired type, or a <code>Collection</code>
* of values of the required type
*
* @throws AlfrescoRuntimeException
* if the type given is not recognized
* @throws org.alfresco.service.cmr.repository.datatype.TypeConversionException
* if the conversion to the required type fails
*
* @see DataTypeDefinition#ANY The static qualified names for the types
*/
public Serializable getValue(QName typeQName) {
// first check for null
ValueType requiredType = makeValueType(typeQName);
if (requiredType == ValueType.SERIALIZABLE) {
// the required type must be the actual type
requiredType = this.actualType;
}
// we need to convert
Serializable ret = null;
if (actualType == ValueType.COLLECTION && persistedType == ValueType.NULL) {
// This is a special case of an empty collection
ret = (Serializable) Collections.emptyList();
} else if (persistedType == ValueType.NULL) {
ret = null;
} else {
Serializable persistedValue = getPersistedValue();
// regardless of type.
if (persistedValue instanceof Collection<?>) {
// We assume that the collection contained the correct type values. They would
// have been converted on the way in.
ret = (Serializable) persistedValue;
} else if (persistedValue instanceof SealedObject) {
ret = (Serializable) persistedValue;
} else {
ret = requiredType.convert(persistedValue);
}
}
// done
if (logger.isDebugEnabled()) {
logger.debug("Fetched value: \n" + " property value: " + this + "\n" + " requested type: " + requiredType + "\n" + " result: " + ret);
}
return ret;
}
Also used :
Serializable(java.io.Serializable)
SealedObject(javax.crypto.SealedObject)
Aggregations
SealedObject (javax.crypto.SealedObject)23
Cipher (javax.crypto.Cipher)11
Serializable (java.io.Serializable)8
NullCipher (javax.crypto.NullCipher)8
KeyGenerator (javax.crypto.KeyGenerator)7
Key (java.security.Key)6
QName (org.alfresco.service.namespace.QName)6
InvalidKeyException (java.security.InvalidKeyException)5
HashMap (java.util.HashMap)4
SecretKeySpec (javax.crypto.spec.SecretKeySpec)4
PropertyDefinition (org.alfresco.service.cmr.dictionary.PropertyDefinition)4
ObjectInputStream (java.io.ObjectInputStream)3
ObjectOutputStream (java.io.ObjectOutputStream)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)3
SecretKey (javax.crypto.SecretKey)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
AlgorithmParameters (java.security.AlgorithmParameters)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2
