org.apache.nifi.processors.standard

Class EncryptContent

java.lang.Object

org.apache.nifi.components.AbstractConfigurableComponent

org.apache.nifi.processor.AbstractSessionFactoryProcessor

org.apache.nifi.processor.AbstractProcessor

org.apache.nifi.processors.standard.EncryptContent

All Implemented Interfaces:

ConfigurableComponent, Processor

@EventDriven
 @SideEffectFree
 @SupportsBatching
 @InputRequirement(value=INPUT_REQUIRED)
 @Tags(value={"encryption","decryption","password","JCE","KDF","Argon2","Bcrypt","Scrypt","PBKDF2","salt","iv"})
 @CapabilityDescription(value="Encrypts or Decrypts a FlowFile using either symmetric encryption with a raw key or password and randomly generated salt, or asymmetric encryption using a public and secret key.")
 @SystemResourceConsideration(resource=CPU)
 @WritesAttribute(attribute="encryptcontent.action",description="\"encrypted\" or \"decrypted\" depending on the processor action") @WritesAttribute(attribute="encryptcontent.algorithm",description="The algorithm used for the cryptographic operation") @WritesAttribute(attribute="encryptcontent.cipher_text_length",description="The cipher text length in bytes (including IV, salt, and delimiters if present). Determined from incoming content in decrypt mode; outgoing content in encrypt mode") @WritesAttribute(attribute="encryptcontent.iv",description="The Initialization Vector in hex encoding (if present)") @WritesAttribute(attribute="encryptcontent.iv_length",description="The IV length in bytes") @WritesAttribute(attribute="encryptcontent.kdf",description="The Key Derivation Function used if Password-Based Encryption was enabled. See Admin Guide - Key Derivation Functions") @WritesAttribute(attribute="encryptcontent.kdf_salt",description="The KDF-specific salt including algorithm and cost parameters (if present). See Admin Guide - Key Derivation Functions") @WritesAttribute(attribute="encryptcontent.kdf_salt_length",description="The KDF salt length in bytes") @WritesAttribute(attribute="encryptcontent.pbkdf2_iterations",description="The number of iterations used in PBKDF2 KDF (if present). PBKDF2 does not encode the cost parameter in a custom salt") @WritesAttribute(attribute="encryptcontent.plaintext_length",description="The plaintext length in bytes. Determined from incoming content in encrypt mode; outgoing content in decrypt mode") @WritesAttribute(attribute="encryptcontent.salt",description="The raw salt in hex encoding (if present)") @WritesAttribute(attribute="encryptcontent.salt_length",description="The raw salt length in bytes") @WritesAttribute(attribute="encryptcontent.timestamp",description="The timestamp at which the cryptographic operation occurred in \'yyyy-MM-dd HH:mm:ss.SSS Z\' format")
public class EncryptContent
extends AbstractProcessor

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	EncryptContent.Encryptor

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACTION_ATTR
static String	ALGORITHM_ATTR
static PropertyDescriptor	ALLOW_WEAK_CRYPTO
static String	CT_LEN_ATTR
static String	DECRYPT_MODE
private static DeprecationLogger	deprecationLogger
static String	ENCRYPT_MODE
static PropertyDescriptor	ENCRYPTION_ALGORITHM
static String	IV_ATTR
static String	IV_LEN_ATTR
static String	KDF_ATTR
static String	KDF_SALT_ATTR
static String	KDF_SALT_LEN_ATTR
static PropertyDescriptor	KEY_DERIVATION_FUNCTION
static PropertyDescriptor	MODE
static PropertyDescriptor	PASSWORD
static PropertyDescriptor	PGP_SYMMETRIC_ENCRYPTION_CIPHER
static PropertyDescriptor	PRIVATE_KEYRING
static PropertyDescriptor	PRIVATE_KEYRING_PASSPHRASE
private List<PropertyDescriptor>	properties
static String	PT_LEN_ATTR
static PropertyDescriptor	PUBLIC_KEY_USERID
static PropertyDescriptor	PUBLIC_KEYRING
static PropertyDescriptor	RAW_KEY_HEX
static Relationship	REL_FAILURE
static Relationship	REL_SUCCESS
private Set<Relationship>	relationships
static String	SALT_ATTR
static String	SALT_LEN_ATTR
static String	TS_ATTR
private static String	WEAK_CRYPTO_ALLOWED_NAME
private static String	WEAK_CRYPTO_NOT_ALLOWED_NAME

Constructor Summary

Constructors

Constructor and Description
EncryptContent()

Method Summary

Modifier and Type	Method and Description
private static AllowableValue	buildDefaultWeakCryptoAllowableValue()
private static AllowableValue[]	buildEncryptionMethodAllowableValues()
private static AllowableValue[]	buildKeyDerivationFunctionAllowableValues()
private static AllowableValue[]	buildPGPSymmetricCipherAllowableValues()
private static AllowableValue[]	buildWeakCryptoAllowableValues()
private EncryptContent.Encryptor	createKeyedEncryptor(ProcessContext context, EncryptionMethod encryptionMethod)
private EncryptContent.Encryptor	createPBEEncryptor(EncryptionMethod encryptionMethod, String password, KeyDerivationFunction kdf)
private EncryptContent.Encryptor	createPGPEncryptor(ProcessContext context, FlowFile flowFile, String providerName, String algorithm, Integer pgpCipher, String password, boolean encrypt)
protected Collection<ValidationResult>	customValidate(ValidationContext context)
private List<String>	getKDFsForKeyedCipher()
private List<String>	getKDFsForPBECipher(EncryptionMethod encryptionMethod)
Set<Relationship>	getRelationships()
protected List<PropertyDescriptor>	getSupportedPropertyDescriptors()
protected void	init(ProcessorInitializationContext context)
static boolean	isPGPAlgorithm(String algorithm)
static boolean	isPGPArmoredAlgorithm(String algorithm)
private static boolean	isValidCipher(int cipher) Returns true if the integer value provided maps to a valid cipher as contained in the PGP_SYMMETRIC_ENCRYPTION_CIPHER.
void	onTrigger(ProcessContext context, ProcessSession session)
private List<ValidationResult>	validateKeyed(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String keyHex, String password, boolean allowWeakCrypto, boolean encrypt)
private void	validateKeyHex(EncryptionMethod encryptionMethod, String keyHex, List<ValidationResult> validationResults, int allowedKeyLength)
private List<ValidationResult>	validatePassword(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String password, boolean allowWeakCrypto)
private List<ValidationResult>	validatePBE(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String password, boolean allowWeakCrypto)
private List<ValidationResult>	validatePGP(EncryptionMethod encryptionMethod, String password, boolean encrypt, String publicKeyring, String publicUserId, String privateKeyring, String privateKeyringPassphrase, int cipher)

Methods inherited from class org.apache.nifi.processor.AbstractProcessor

onTrigger

Methods inherited from class org.apache.nifi.processor.AbstractSessionFactoryProcessor

getControllerServiceLookup, getIdentifier, getLogger, getNodeTypeProvider, initialize, isConfigurationRestored, isScheduled, toString, updateConfiguredRestoredTrue, updateScheduledFalse, updateScheduledTrue

Methods inherited from class org.apache.nifi.components.AbstractConfigurableComponent

equals, getPropertyDescriptor, getPropertyDescriptors, getSupportedDynamicPropertyDescriptor, hashCode, onPropertyModified, validate

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.nifi.processor.Processor

isStateful

Methods inherited from interface org.apache.nifi.components.ConfigurableComponent

getPropertyDescriptor, getPropertyDescriptors, onPropertyModified, validate

Field Detail

ENCRYPT_MODE

public static final String ENCRYPT_MODE

See Also:

Constant Field Values

DECRYPT_MODE

public static final String DECRYPT_MODE

See Also:

Constant Field Values

WEAK_CRYPTO_ALLOWED_NAME

private static final String WEAK_CRYPTO_ALLOWED_NAME

See Also:

Constant Field Values

WEAK_CRYPTO_NOT_ALLOWED_NAME

private static final String WEAK_CRYPTO_NOT_ALLOWED_NAME

See Also:

Constant Field Values

IV_ATTR

public static final String IV_ATTR

See Also:

Constant Field Values

IV_LEN_ATTR

public static final String IV_LEN_ATTR

See Also:

Constant Field Values

SALT_ATTR

public static final String SALT_ATTR

See Also:

Constant Field Values

SALT_LEN_ATTR

public static final String SALT_LEN_ATTR

See Also:

Constant Field Values

KDF_SALT_ATTR

public static final String KDF_SALT_ATTR

See Also:

Constant Field Values

KDF_SALT_LEN_ATTR

public static final String KDF_SALT_LEN_ATTR

See Also:

Constant Field Values

PT_LEN_ATTR

public static final String PT_LEN_ATTR

See Also:

Constant Field Values

CT_LEN_ATTR

public static final String CT_LEN_ATTR

See Also:

Constant Field Values

TS_ATTR

public static final String TS_ATTR

See Also:

Constant Field Values

ACTION_ATTR

public static final String ACTION_ATTR

See Also:

Constant Field Values

ALGORITHM_ATTR

public static final String ALGORITHM_ATTR

See Also:

Constant Field Values

KDF_ATTR

public static final String KDF_ATTR

See Also:

Constant Field Values

MODE

public static final PropertyDescriptor MODE

KEY_DERIVATION_FUNCTION

public static final PropertyDescriptor KEY_DERIVATION_FUNCTION

ENCRYPTION_ALGORITHM

public static final PropertyDescriptor ENCRYPTION_ALGORITHM

PASSWORD

public static final PropertyDescriptor PASSWORD

PUBLIC_KEYRING

public static final PropertyDescriptor PUBLIC_KEYRING

PUBLIC_KEY_USERID

public static final PropertyDescriptor PUBLIC_KEY_USERID

PRIVATE_KEYRING

public static final PropertyDescriptor PRIVATE_KEYRING

PRIVATE_KEYRING_PASSPHRASE

public static final PropertyDescriptor PRIVATE_KEYRING_PASSPHRASE

PGP_SYMMETRIC_ENCRYPTION_CIPHER

public static final PropertyDescriptor PGP_SYMMETRIC_ENCRYPTION_CIPHER

RAW_KEY_HEX

public static final PropertyDescriptor RAW_KEY_HEX

ALLOW_WEAK_CRYPTO

public static final PropertyDescriptor ALLOW_WEAK_CRYPTO

REL_SUCCESS

public static final Relationship REL_SUCCESS

REL_FAILURE

public static final Relationship REL_FAILURE

deprecationLogger

private static final DeprecationLogger deprecationLogger

properties

private List<PropertyDescriptor> properties

relationships

private Set<Relationship> relationships

Constructor Detail

EncryptContent

public EncryptContent()

Method Detail

buildKeyDerivationFunctionAllowableValues

private static AllowableValue[] buildKeyDerivationFunctionAllowableValues()

buildEncryptionMethodAllowableValues

private static AllowableValue[] buildEncryptionMethodAllowableValues()

buildWeakCryptoAllowableValues

private static AllowableValue[] buildWeakCryptoAllowableValues()

buildDefaultWeakCryptoAllowableValue

private static AllowableValue buildDefaultWeakCryptoAllowableValue()

buildPGPSymmetricCipherAllowableValues

private static AllowableValue[] buildPGPSymmetricCipherAllowableValues()

init

protected void init(ProcessorInitializationContext context)

Overrides:

init in class AbstractSessionFactoryProcessor

getRelationships

public Set<Relationship> getRelationships()

Specified by:

getRelationships in interface Processor

Overrides:

getRelationships in class AbstractSessionFactoryProcessor

getSupportedPropertyDescriptors

protected List<PropertyDescriptor> getSupportedPropertyDescriptors()

Overrides:

getSupportedPropertyDescriptors in class AbstractConfigurableComponent

isPGPAlgorithm

public static boolean isPGPAlgorithm(String algorithm)

isPGPArmoredAlgorithm

public static boolean isPGPArmoredAlgorithm(String algorithm)

customValidate

protected Collection<ValidationResult> customValidate(ValidationContext context)

Overrides:

customValidate in class AbstractConfigurableComponent

isValidCipher

private static boolean isValidCipher(int cipher)

Returns true if the integer value provided maps to a valid cipher as contained in the PGP_SYMMETRIC_ENCRYPTION_CIPHER.

Parameters:

cipher - an integer indicating a particular cipher

Returns:

true if the cipher is supported

validatePGP

private List<ValidationResult> validatePGP(EncryptionMethod encryptionMethod,
                                           String password,
                                           boolean encrypt,
                                           String publicKeyring,
                                           String publicUserId,
                                           String privateKeyring,
                                           String privateKeyringPassphrase,
                                           int cipher)

validatePBE

private List<ValidationResult> validatePBE(EncryptionMethod encryptionMethod,
                                           KeyDerivationFunction kdf,
                                           String password,
                                           boolean allowWeakCrypto)

validatePassword

private List<ValidationResult> validatePassword(EncryptionMethod encryptionMethod,
                                                KeyDerivationFunction kdf,
                                                String password,
                                                boolean allowWeakCrypto)

validateKeyed

private List<ValidationResult> validateKeyed(EncryptionMethod encryptionMethod,
                                             KeyDerivationFunction kdf,
                                             String keyHex,
                                             String password,
                                             boolean allowWeakCrypto,
                                             boolean encrypt)

validateKeyHex

private void validateKeyHex(EncryptionMethod encryptionMethod,
                            String keyHex,
                            List<ValidationResult> validationResults,
                            int allowedKeyLength)

getKDFsForKeyedCipher

private List<String> getKDFsForKeyedCipher()

getKDFsForPBECipher

private List<String> getKDFsForPBECipher(EncryptionMethod encryptionMethod)

onTrigger

public void onTrigger(ProcessContext context,
                      ProcessSession session)

Specified by:

onTrigger in class AbstractProcessor

createPGPEncryptor

private EncryptContent.Encryptor createPGPEncryptor(ProcessContext context,
                                                    FlowFile flowFile,
                                                    String providerName,
                                                    String algorithm,
                                                    Integer pgpCipher,
                                                    String password,
                                                    boolean encrypt)

createKeyedEncryptor

private EncryptContent.Encryptor createKeyedEncryptor(ProcessContext context,
                                                      EncryptionMethod encryptionMethod)
                                               throws org.apache.commons.codec.DecoderException

Throws:

org.apache.commons.codec.DecoderException

createPBEEncryptor

private EncryptContent.Encryptor createPBEEncryptor(EncryptionMethod encryptionMethod,
                                                    String password,
                                                    KeyDerivationFunction kdf)