chibenwa commented on a change in pull request #342:
URL: https://github.com/apache/james-project/pull/342#discussion_r602883614
##########
File path:
server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/AESBlobStoreDAO.java
##########
@@ -41,71 +36,54 @@
import com.github.fge.lambdas.Throwing;
import com.google.common.base.Preconditions;
import com.google.common.io.ByteSource;
-import com.google.crypto.tink.Aead;
-import com.google.crypto.tink.aead.AeadConfig;
-import com.google.crypto.tink.subtle.AesGcmJce;
+import com.google.common.io.FileBackedOutputStream;
+import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
public class AESBlobStoreDAO implements BlobStoreDAO {
- private static final byte[] EMPTY_ASSOCIATED_DATA = new byte[0];
- private static final int PBKDF2_ITERATIONS = 65536;
- private static final int KEY_SIZE = 256;
- private static final String SECRET_KEY_FACTORY_ALGORITHM =
"PBKDF2WithHmacSHA256";
-
private final BlobStoreDAO underlying;
- private final Aead aead;
+ private final AesGcmHkdfStreaming streamingAead;
public AESBlobStoreDAO(BlobStoreDAO underlying, CryptoConfig cryptoConfig)
{
this.underlying = underlying;
-
- try {
- AeadConfig.register();
-
- SecretKey secretKey = deriveKey(cryptoConfig);
- aead = new AesGcmJce(secretKey.getEncoded());
- } catch (GeneralSecurityException e) {
- throw new RuntimeException("Error while starting AESPayloadCodec",
e);
- }
+ this.streamingAead =
PBKDF2StreamingAeadFactory.newAesGcmHkdfStreaming(cryptoConfig);
}
- private static SecretKey deriveKey(CryptoConfig cryptoConfig) throws
NoSuchAlgorithmException, InvalidKeySpecException {
- byte[] saltBytes = cryptoConfig.salt();
- SecretKeyFactory skf =
SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM);
- PBEKeySpec spec = new PBEKeySpec(cryptoConfig.password(), saltBytes,
PBKDF2_ITERATIONS, KEY_SIZE);
- return skf.generateSecret(spec);
- }
-
- public byte[] encrypt(byte[] input) {
- try {
- return aead.encrypt(input, EMPTY_ASSOCIATED_DATA);
- } catch (GeneralSecurityException e) {
+ public FileBackedOutputStream encrypt(InputStream input) {
+ try (FileBackedOutputStream encryptedContent = new
FileBackedOutputStream(100 * 1024)) {
+ OutputStream outputStream =
streamingAead.newEncryptingStream(encryptedContent,
PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
+ input.transferTo(outputStream);
+ outputStream.close();
+ return encryptedContent;
+ } catch (GeneralSecurityException | IOException e) {
throw new RuntimeException("Unable to build payload for object
storage, failed to encrypt", e);
}
}
- public byte[] decrypt(byte[] ciphertext) throws IOException {
+ public InputStream decrypt(InputStream ciphertext) throws IOException {
try {
- return aead.decrypt(ciphertext, EMPTY_ASSOCIATED_DATA);
+ return streamingAead.newDecryptingStream(ciphertext,
PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
Review comment:
That's deliberate.
- We have nothing 'yet' to write an outputstream to the blobStore
- We are able to easily achieve resource management on the write path
(hence we will be able to clean the temporary files we allocate) however it is
not the same story on the read path - as much as I would like to move resources
locally before working on them we won't be able to clean up easily these
resources and we end up allocating MailboxMessages in memory to have the GC
doing our cleanup - with impacts it implies on the GC...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
