org.apache.nifi.security.repository

Class RepositoryEncryptorUtils

java.lang.Object

org.apache.nifi.security.repository.RepositoryEncryptorUtils

public class RepositoryEncryptorUtils
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
private static int	CONTENT_HEADER_SIZE
private static byte[]	EMPTY_IV
private static String	EWAPR_CLASS_NAME
private static int	IV_LENGTH
private static org.slf4j.Logger	logger
private static int	METADATA_DEFAULT_LENGTH
private static int	MIN_METADATA_LENGTH
private static List<String>	SUPPORTED_VERSIONS
private static String	VERSION

Constructor Summary

Constructors

Constructor and Description
RepositoryEncryptorUtils()

Method Summary

Modifier and Type	Method and Description
private static KeyProvider	buildKeyProvider(NiFiProperties niFiProperties, RepositoryType repositoryType) Returns a configured KeyProvider instance that does not require a master key to use (usually a StaticKeyProvider).
static KeyProvider	buildKeyProvider(NiFiProperties niFiProperties, SecretKey masterKey, RepositoryType repositoryType) Returns a configured KeyProvider instance that requires a master key to use (usually a FileBasedKeyProvider or an encrypted StaticKeyProvider).
static KeyProvider	buildKeyProviderFromConfig(SecretKey masterKey, RepositoryEncryptionConfiguration rec) Returns a configured KeyProvider instance given the RepositoryEncryptionConfiguration.
(package private) static String	determineKeyProviderImplementationClassName(RepositoryType repositoryType) Utility method which returns the KeyProvider implementation class name for a given repository type.
static byte[]	extractCipherBytes(byte[] encryptedRecord, RepositoryObjectEncryptionMetadata metadata)
static RepositoryObjectEncryptionMetadata	extractEncryptionMetadata(byte[] encryptedRecord)
static RepositoryObjectEncryptionMetadata	extractEncryptionMetadata(InputStream encryptedRecord)
static Cipher	initCipher(AESKeyedCipherProvider aesKeyedCipherProvider, EncryptionMethod method, int mode, SecretKey key, byte[] ivBytes)
(package private) static boolean	isContentRepositoryEncryptionConfigured(NiFiProperties niFiProperties) Returns true if the content repository is correctly configured for an encrypted implementation.
(package private) static boolean	isFlowFileRepositoryEncryptionConfigured(NiFiProperties niFiProperties) Returns true if the flowfile repository is correctly configured for an encrypted implementation.
(package private) static boolean	isProvenanceRepositoryEncryptionConfigured(NiFiProperties niFiProperties) Returns true if the provenance repository is correctly configured for an encrypted implementation.
static boolean	isRepositoryEncryptionConfigured(NiFiProperties niFiProperties, RepositoryType repositoryType) Returns true if the specified repository is correctly configured for an encrypted implementation.
static byte[]	serializeEncryptionMetadata(RepositoryObjectEncryptionMetadata metadata)
static KeyProvider	validateAndBuildRepositoryKeyProvider(NiFiProperties niFiProperties, RepositoryType repositoryType) Returns a configured KeyProvider instance for the specified repository type given the configuration values in nifi.properties.
static KeyProvider	validateAndBuildRepositoryKeyProvider(RepositoryEncryptionConfiguration repositoryEncryptionConfiguration) Returns a configured KeyProvider instance for the specified repository type given the configuration values.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

CONTENT_HEADER_SIZE

private static final int CONTENT_HEADER_SIZE

See Also:

Constant Field Values

IV_LENGTH

private static final int IV_LENGTH

See Also:

Constant Field Values

EMPTY_IV

private static final byte[] EMPTY_IV

VERSION

private static final String VERSION

See Also:

Constant Field Values

SUPPORTED_VERSIONS

private static final List<String> SUPPORTED_VERSIONS

MIN_METADATA_LENGTH

private static final int MIN_METADATA_LENGTH

See Also:

Constant Field Values

METADATA_DEFAULT_LENGTH

private static final int METADATA_DEFAULT_LENGTH

EWAPR_CLASS_NAME

private static final String EWAPR_CLASS_NAME

See Also:

Constant Field Values

Constructor Detail

RepositoryEncryptorUtils

public RepositoryEncryptorUtils()

Method Detail

serializeEncryptionMetadata

public static byte[] serializeEncryptionMetadata(RepositoryObjectEncryptionMetadata metadata)
                                          throws IOException

Throws:

IOException

initCipher

public static Cipher initCipher(AESKeyedCipherProvider aesKeyedCipherProvider,
                                EncryptionMethod method,
                                int mode,
                                SecretKey key,
                                byte[] ivBytes)
                         throws EncryptionException

Throws:

EncryptionException

extractEncryptionMetadata

public static RepositoryObjectEncryptionMetadata extractEncryptionMetadata(byte[] encryptedRecord)
                                                                    throws EncryptionException,
                                                                           IOException,
                                                                           ClassNotFoundException

Throws:

EncryptionException

IOException

ClassNotFoundException

extractEncryptionMetadata

public static RepositoryObjectEncryptionMetadata extractEncryptionMetadata(InputStream encryptedRecord)
                                                                    throws EncryptionException,
                                                                           IOException,
                                                                           ClassNotFoundException

Throws:

EncryptionException

IOException

ClassNotFoundException

extractCipherBytes

public static byte[] extractCipherBytes(byte[] encryptedRecord,
                                        RepositoryObjectEncryptionMetadata metadata)

isRepositoryEncryptionConfigured

public static boolean isRepositoryEncryptionConfigured(NiFiProperties niFiProperties,
                                                       RepositoryType repositoryType)

Returns true if the specified repository is correctly configured for an encrypted implementation. Requires the repository implementation to support encryption and at least one valid key to be configured.

Parameters:

niFiProperties - the NiFiProperties instance to validate

repositoryType - the specific repository configuration to check

Returns:

true if encryption is successfully configured for the specified repository

isProvenanceRepositoryEncryptionConfigured

static boolean isProvenanceRepositoryEncryptionConfigured(NiFiProperties niFiProperties)

Returns true if the provenance repository is correctly configured for an encrypted implementation. Requires the repository implementation to support encryption and at least one valid key to be configured.

Parameters:

niFiProperties - the NiFiProperties instance to validate

Returns:

true if encryption is successfully configured for the provenance repository

isContentRepositoryEncryptionConfigured

static boolean isContentRepositoryEncryptionConfigured(NiFiProperties niFiProperties)

Returns true if the content repository is correctly configured for an encrypted implementation. Requires the repository implementation to support encryption and at least one valid key to be configured.

Parameters:

niFiProperties - the NiFiProperties instance to validate

Returns:

true if encryption is successfully configured for the content repository

isFlowFileRepositoryEncryptionConfigured

static boolean isFlowFileRepositoryEncryptionConfigured(NiFiProperties niFiProperties)

Returns true if the flowfile repository is correctly configured for an encrypted implementation. Requires the repository implementation to support encryption and at least one valid key to be configured.

Parameters:

niFiProperties - the NiFiProperties instance to validate

Returns:

true if encryption is successfully configured for the flowfile repository

buildKeyProvider

private static KeyProvider buildKeyProvider(NiFiProperties niFiProperties,
                                            RepositoryType repositoryType)
                                     throws KeyManagementException

Returns a configured KeyProvider instance that does not require a master key to use (usually a StaticKeyProvider).

Parameters:

niFiProperties - the NiFiProperties object

repositoryType - the RepositoryType indicator

Returns:

the configured KeyProvider

Throws:

KeyManagementException - if there is a problem with the configuration

buildKeyProvider

public static KeyProvider buildKeyProvider(NiFiProperties niFiProperties,
                                           SecretKey masterKey,
                                           RepositoryType repositoryType)
                                    throws KeyManagementException

Returns a configured KeyProvider instance that requires a master key to use (usually a FileBasedKeyProvider or an encrypted StaticKeyProvider).

Parameters:

niFiProperties - the NiFiProperties object

masterKey - the master encryption key used to encrypt the data encryption keys in the key provider configuration

repositoryType - the RepositoryType indicator

Returns:

the configured KeyProvider

Throws:

KeyManagementException - if there is a problem with the configuration

buildKeyProviderFromConfig

public static KeyProvider buildKeyProviderFromConfig(SecretKey masterKey,
                                                     RepositoryEncryptionConfiguration rec)
                                              throws KeyManagementException

Returns a configured KeyProvider instance given the RepositoryEncryptionConfiguration.

Parameters:

masterKey - the master encryption key used to encrypt the data encryption keys in the key provider configuration

rec - the repository-specific encryption configuration

Returns:

the configured KeyProvider

Throws:

KeyManagementException - if there is a problem with the configuration

determineKeyProviderImplementationClassName

static String determineKeyProviderImplementationClassName(RepositoryType repositoryType)

Utility method which returns the KeyProvider implementation class name for a given repository type.

Parameters:

repositoryType - the RepositoryType indicator

Returns:

the FQCN of the implementation or "no_such_key_provider_defined" for unsupported repository types

validateAndBuildRepositoryKeyProvider

public static KeyProvider validateAndBuildRepositoryKeyProvider(NiFiProperties niFiProperties,
                                                                RepositoryType repositoryType)
                                                         throws IOException

Returns a configured KeyProvider instance for the specified repository type given the configuration values in nifi.properties.

Parameters:

niFiProperties - the NiFiProperties object

repositoryType - the RepositoryType indicator

Returns:

the configured KeyProvider

Throws:

IOException - if there is a problem reading the properties or they are not valid & complete

validateAndBuildRepositoryKeyProvider

public static KeyProvider validateAndBuildRepositoryKeyProvider(RepositoryEncryptionConfiguration repositoryEncryptionConfiguration)
                                                         throws IOException

Returns a configured KeyProvider instance for the specified repository type given the configuration values.

Parameters:

repositoryEncryptionConfiguration - the RepositoryEncryptionConfiguration object

Returns:

the configured KeyProvider

Throws:

IOException - if there is a problem reading the properties or they are not valid & complete