RepositoryObjectAESGCMEncryptor (nifi-security-utils 1.10.0 API)

java.lang.Object
- org.apache.nifi.security.repository.AbstractAESEncryptor
- - org.apache.nifi.security.repository.block.aes.RepositoryObjectAESGCMEncryptor

All Implemented Interfaces:

RepositoryObjectBlockEncryptor, RepositoryObjectEncryptor
```
public class RepositoryObjectAESGCMEncryptor
extends AbstractAESEncryptor
implements RepositoryObjectBlockEncryptor
```
This implementation of the RepositoryObjectBlockEncryptor handles block data by accepting byte[] parameters and returning byte[] which contain the encrypted/decrypted content. This class should be used when a repository needs to persist and retrieve block data with the length known a priori (i.e. provenance records or flowfile attribute maps). For repositories handling streams of data with unknown or large lengths (i.e. content claims), use the RepositoryObjectAESCTREncryptor which does not provide authenticated encryption but performs much better with large data.

Field Summary

Fields
Modifier and Type	Field and Description
`private static String`	`ALGORITHM`
`private static org.slf4j.Logger`	`logger`
`private static int`	`METADATA_DEFAULT_LENGTH`
`private static int`	`MIN_METADATA_LENGTH`
`private static byte[]`	`SENTINEL`
`private static List<String>`	`SUPPORTED_VERSIONS`
`private static String`	`VERSION`

Fields inherited from class org.apache.nifi.security.repository.AbstractAESEncryptor
aesKeyedCipherProvider, EMPTY_IV, IV_LENGTH, keyProvider

Constructor Summary

Constructors
Constructor and Description

RepositoryObjectAESGCMEncryptor()

Constructors
Constructor and Description
`RepositoryObjectAESGCMEncryptor()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`byte[]`	`decrypt(byte[] encryptedRecord, String recordId)` Decrypts the provided byte[] (an encrypted record with accompanying metadata).
`byte[]`	`encrypt(byte[] plainRecord, String recordId, String keyId)` Encrypts the serialized byte[].
`private byte[]`	`extractCipherBytes(byte[] encryptedRecord, RepositoryObjectEncryptionMetadata metadata)`
`String`	`getNextKeyId()` Returns a valid key identifier for this encryptor (valid for encryption and decryption) or throws an exception if none are available.
`String`	`toString()`

Methods inherited from class org.apache.nifi.security.repository.AbstractAESEncryptor
initialize, prepareObjectForDecryption

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.nifi.security.repository.block.RepositoryObjectBlockEncryptor
initialize

- Field Detail
  - logger
```
private static final org.slf4j.Logger logger
```
  - ALGORITHM
```
private static final String ALGORITHM
```
    See Also:
    
    Constant Field Values
  - VERSION
```
private static final String VERSION
```
    See Also:
    
    Constant Field Values
  - SUPPORTED_VERSIONS
```
private static final List<String> SUPPORTED_VERSIONS
```
  - MIN_METADATA_LENGTH
```
private static final int MIN_METADATA_LENGTH
```
    See Also:
    
    Constant Field Values
  - METADATA_DEFAULT_LENGTH
```
private static final int METADATA_DEFAULT_LENGTH
```
  - SENTINEL
```
private static final byte[] SENTINEL
```
- Constructor Detail
  - RepositoryObjectAESGCMEncryptor
```
public RepositoryObjectAESGCMEncryptor()
```
- Method Detail
  - encrypt
```
public byte[] encrypt(byte[] plainRecord,
                      String recordId,
                      String keyId)
               throws EncryptionException
```
    Encrypts the serialized byte[].
    
    Specified by:
    
    encrypt in interface RepositoryObjectBlockEncryptor
    
    Parameters:
    
    plainRecord - the plain record, serialized to a byte[]
    
    recordId - an identifier for this record (eventId, generated, etc.)
    
    keyId - the ID of the key to use
    
    Returns:
    
    the encrypted record
    
    Throws:
    
    EncryptionException - if there is an issue encrypting this record
  - decrypt
```
public byte[] decrypt(byte[] encryptedRecord,
                      String recordId)
               throws EncryptionException
```
    Decrypts the provided byte[] (an encrypted record with accompanying metadata).
    
    Specified by:
    
    decrypt in interface RepositoryObjectBlockEncryptor
    
    Parameters:
    
    encryptedRecord - the encrypted record in byte[] form
    
    recordId - an identifier for this record (eventId, generated, etc.)
    
    Returns:
    
    the decrypted record
    
    Throws:
    
    EncryptionException - if there is an issue decrypting this record
  - getNextKeyId
```
public String getNextKeyId()
                    throws KeyManagementException
```
    Returns a valid key identifier for this encryptor (valid for encryption and decryption) or throws an exception if none are available.
    
    Specified by:
    
    getNextKeyId in interface RepositoryObjectBlockEncryptor
    
    Returns:
    
    the key ID
    
    Throws:
    
    KeyManagementException - if no available key IDs are valid for both operations
  - extractCipherBytes
```
private byte[] extractCipherBytes(byte[] encryptedRecord,
                                  RepositoryObjectEncryptionMetadata metadata)
```
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class Object

Class RepositoryObjectAESGCMEncryptor

Field Summary

Fields inherited from class org.apache.nifi.security.repository.AbstractAESEncryptor

Constructor Summary

Method Summary

Methods inherited from class org.apache.nifi.security.repository.AbstractAESEncryptor

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.nifi.security.repository.block.RepositoryObjectBlockEncryptor

Field Detail

logger

ALGORITHM

VERSION

SUPPORTED_VERSIONS

MIN_METADATA_LENGTH

METADATA_DEFAULT_LENGTH

SENTINEL

Constructor Detail

RepositoryObjectAESGCMEncryptor

Method Detail

encrypt

decrypt

getNextKeyId

extractCipherBytes

toString