de.schlichtherle.truezip.fs.archive.zip.raes
Class ZipRaesDriver

java.lang.Object
  de.schlichtherle.truezip.fs.FsDriver
      de.schlichtherle.truezip.fs.archive.FsArchiveDriver<E>
          de.schlichtherle.truezip.fs.archive.FsCharsetArchiveDriver<ZipArchiveEntry>
              de.schlichtherle.truezip.fs.archive.zip.ZipDriver
                  de.schlichtherle.truezip.fs.archive.zip.JarDriver
                      de.schlichtherle.truezip.fs.archive.zip.raes.ZipRaesDriver

All Implemented Interfaces:

ZipEntryFactory<ZipArchiveEntry>

Direct Known Subclasses:

ParanoidZipRaesDriver, SafeZipRaesDriver

@Immutable
@DefaultAnnotation(value=edu.umd.cs.findbugs.annotations.NonNull.class)
public abstract class ZipRaesDriver
extends JarDriver

An abstract archive driver which builds RAES encrypted ZIP files and optionally authenticates the cipher data of the input archive files presented to it.

Author:

Christian Schlichtherle

keyManagerProvider

private final KeyManagerProvider keyManagerProvider

ZipRaesDriver

public ZipRaesDriver(IOPoolProvider ioPoolProvider,
                     KeyManagerProvider keyManagerProvider)

Constructs a new RAES encrypted ZIP file driver.

Parameters:

ioPoolProvider - the I/O pool service to use for temporary data.

keyManagerProvider - the key manager service.

getKeyProviderSyncStrategy

public ZipRaesDriver.KeyProviderSyncStrategy getKeyProviderSyncStrategy()

Returns the key provider sync strategy, which is ZipRaesDriver.KeyProviderSyncStrategy.RESET_CANCELLED_KEY.

Returns:

The key provider sync strategy.

getAuthenticationTrigger

public abstract long getAuthenticationTrigger()

Constructs a new abstract ZIP.RAES driver which uses the given byte size to trigger verification of the Message Authentication Code (MAC). Note that the given parameter only affects the authentication of the cipher text in input archives - the cipher key and file length are always authenticated with RAES. Returns the value of the property authenticationTrigger. If the size of an input file is smaller than or equal to this value, the Message Authentication Code (MAC) for the entire cipher text is computed and verified in order to authenticate the file. Otherwise, only the cipher key and the file length get authenticated.

Consequently, if the value of this property is set to a negative value, the cipher text gets never verified, and if set to Long.MAX_VALUE, the cipher text gets always authenticated.

Returns:

The value of the property authenticationTrigger.

newController

public final FsController<?> newController(FsModel model,
                                           FsController<?> parent)

Overrides:

newController in class FsArchiveDriver<ZipArchiveEntry>

newEntry

public final JarArchiveEntry newEntry(String path,
                                      Entry.Type type,
                                      @CheckForNull
                                      Entry template,
                                      BitField<FsOutputOption> mknod)
                               throws CharConversionException

Creates a new JarArchiveEntry, enforcing that the data gets DEFLATED when written, even if copying data from a STORED source entry. This feature strengthens the security of the authentication process.

Overrides:

newEntry in class JarDriver

Throws:

CharConversionException

newInputShop

public final ZipInputShop newInputShop(FsModel model,
                                       InputSocket<?> target)
                                throws IOException

The implementation in ZipRaesDriver calls getRaesParameters(de.schlichtherle.truezip.fs.FsModel), with which it initializes a new RaesReadOnlyFile. Next, if the gross file length of the archive is smaller than or equal to the authentication trigger, the MAC authentication on the cipher text is performed. Finally, the RaesReadOnlyFile is passed on to the super class implementation.

Overrides:

newInputShop in class ZipDriver

Throws:

IOException

newOutputShop

public OutputShop<ZipArchiveEntry> newOutputShop(FsModel model,
                                                 OutputSocket<?> target,
                                                 @CheckForNull
                                                 InputShop<ZipArchiveEntry> source)
                                          throws IOException

The implementation in the class ZipRaesDriver calls getRaesParameters(de.schlichtherle.truezip.fs.FsModel) for authentication.

Overrides:

newOutputShop in class ZipDriver

Throws:

IOException

getRaesParameters

final RaesParameters getRaesParameters(FsModel model)

Returns the RaesParameters for the given file system model.

Parameters:

model - the file system model.

Returns:

The RaesParameters for the given file system model.

getKeyManager

final KeyManager<AesCipherParameters> getKeyManager()

toMountPointResource

protected URI toMountPointResource(FsModel model)

Returns a URI which represents the mount point of the given model as a resource URI for looking up a KeyProvider. Note that this URI needs to be matched exactly when setting a password programmatically!

The implementation in the class ZipRaesDriver returns the expression model.getMountPoint().getHierarchicalUri() in order to improve the readability of the URI in comparison to the expression model.getMountPoint().getUri().

Parameters:

model - the file system model.

Returns:

A URI representing the file system model's mount point.

See Also:

#TRUEZIP-72