Package io.axoniq.dataprotection.cryptoengine

Class DatabaseBackedCryptoEngine

  • All Implemented Interfaces:
    CryptoEngine
    Direct Known Subclasses:
    InMemoryCryptoEngine, JdbcCryptoEngine, JpaCryptoEngine, VaultCryptoEngine
    public abstract class DatabaseBackedCryptoEngine
extends Object
implements CryptoEngine
    Partial implementation of CryptoEngine which operates using the JVM's standard Provider to perform encryption and decryption, while assuming some separate storage facility for keys. This could a SQL or NoSQL database, or a simple in memory structure for testing purposes.

    The core cryptographic functions of generating the SecretKey and instantiating the Cipher are implemented by this class. Implementations are responsible for providing some mechanism to store and retrieve the keys. The SecretKey instances being handled in this class are always of the subclass SecretKeySpec which means that it is possible to access their byte encoding. Type key type is currently always AES en the length is always 256 bits, but this may change in future versions and implementations may already take this into account.

    • Constructor Detail

      • DatabaseBackedCryptoEngine

        public DatabaseBackedCryptoEngine()

    • Method Detail

      • getOrCreateKey

        public SecretKey getOrCreateKey​(String id)
        Description copied from interface: CryptoEngine
        Retrieves the key for a given id. If no such key is registered, generates a new random key and stores it under the alias before returning it.
        Specified by:
        getOrCreateKey in interface CryptoEngine
        Parameters:
        id - the id of the SecretKey
        Returns:
        the potentially new SecretKey associated with the id

      • putKeyIfAbsent

        protected abstract SecretKey putKeyIfAbsent​(String id,
                                            SecretKeySpec secretKeySpec)
        Stores the key for the given id, if no key is currently registered for this id. Returns the new key belonging to id, which is either the key that was already registered or the key provided as the 2nd argument if no key was registered yet. (Please note that this is different behaviour from ConcurrentHashMap.putIfAbsent(Object, Object), which always returns the prior value belonging to key.)
        Parameters:
        id - the id for which to store/retrieve the secret key
        secretKeySpec - the SecretKeySpec to store if none has been stored yet for id
        Returns:
        the effective SecretKeySpec for id

      • createDigestCipher

        public Cipher createDigestCipher()
        Description copied from interface: CryptoEngine
        Creates an uninitialized Cipher instance for calculating the encrypted digest. For this specific purpose, it should use AES, EBC and no padding, and the same provider as for the other operations. Clients should still call the Cipher.init(int, java.security.Key) to specify operation mode (always encryption) and key.
        Specified by:
        createDigestCipher in interface CryptoEngine
        Returns:
        the Cipher