Field Detail

• keyManagerProvider

  private final KeyManagerProvider keyManagerProvider

  The key manager provider for accessing protected resources (cryptography).

Constructor Detail

• ZipRaesDriver

  public ZipRaesDriver(IOPoolProvider ioPoolProvider,
               KeyManagerProvider keyManagerProvider)

  Constructs a new RAES encrypted ZIP file driver.

  Parameters:

  ioPoolProvider - the I/O entry pool provider for allocating temporary I/O entries (buffers).

  keyManagerProvider - the key manager provider for accessing protected resources (cryptography).

Method Detail

• check

  protected final boolean check(ZipInputShop input,
              ZipArchiveEntry entry)

  Overrides:

  check in class ZipDriver

• getAuthenticationTrigger

  protected abstract long getAuthenticationTrigger()

  Returns the value of the property authenticationTrigger.

  If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.

  Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length get authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.

  Consequently, if the value of this property is set to a negative value, then the entire cipher text gets never authenticated (CRC-32 checking only), and if set to Long.MAX_VALUE, then the entire cipher text gets always authenticated (no CRC-32 checking).

  Returns:

  The value of the property authenticationTrigger.

• getKeyManagerProvider

  protected final KeyManagerProvider getKeyManagerProvider()

  Returns the provider for key managers for accessing protected resources (encryption).

  The implementation in ZipRaesDriver simply returns the value of the field keyManagerProvider.

  Overrides:

  getKeyManagerProvider in class ZipDriver

  Returns:

  The provider for key managers for accessing protected resources (encryption).

  Since:

  TrueZIP 7.3.

• getOutputSocket

  public final OptionOutputSocket getOutputSocket(FsController<?> controller,
                                   FsEntryName name,
                                   BitField<FsOutputOption> options,
                                   @CheckForNull
                                   Entry template)

  Sets FsOutputOption.STORE in options before forwarding the call to controller.

  Overrides:

  getOutputSocket in class ZipDriver

• getPreambled

  public final boolean getPreambled()

  Since TrueZIP 7.3, the implementation in the class ZipRaesDriver returns true for future use.

  Specified by:

  getPreambled in interface ZipFileParameters<ZipArchiveEntry>

  Overrides:

  getPreambled in class ZipDriver

  Returns:

  true

• newController

  public FsController<?> newController(FsModel model,
                              FsController<?> parent)

  The implementation in the class ZipRaesDriver returns the expression new ZipRaesController(superNewController(model, parent), this). This method should be overridden in order to call only ZipDriver.superNewController(de.schlichtherle.truezip.fs.FsModel, de.schlichtherle.truezip.fs.FsController<?>) if and only if you are overriding raesParameters(de.schlichtherle.truezip.fs.FsModel), too, and do not want to use the built-in key manager to resolve passwords for RAES encryption.

  Overrides:

  newController in class ZipDriver

• newEntry

  public ZipArchiveEntry newEntry(String path,
                         Entry.Type type,
                         Entry template,
                         BitField<FsOutputOption> mknod)
                           throws CharConversionException

  Returns a new JarArchiveEntry, enforcing that the data gets DEFLATED when written, even if copying data from a STORED source entry. This feature strengthens the security level of the authentication process and inhibits the use of an unencrypted temporary I/O entry (usually a temporary file) in case the output is not copied from a file system entry as its input.

  Furthermore, the output option preference FsOutputOption.ENCRYPT is cleared in order to prevent adding a redundant encryption layer for the individual ZIP entry. This would not have any effect on the security level, but increase the size of the resulting archive file and heat the CPU.

  Overrides:

  newEntry in class ZipDriver

  Throws:

  CharConversionException

• newInputShop

  public final InputShop<ZipArchiveEntry> newInputShop(FsModel model,
                                        InputSocket<?> input)
                                                throws IOException

  The implementation in ZipRaesDriver calls raesParameters(de.schlichtherle.truezip.fs.FsModel), with which it initializes a new RaesReadOnlyFile. Next, if the gross file length of the archive is smaller than or equal to the authentication trigger, the MAC authentication on the cipher text is performed. Finally, the RaesReadOnlyFile is passed on to the super class implementation.

  Overrides:

  newInputShop in class ZipDriver

  Throws:

  IOException

• newOutputShop

  protected OutputShop<ZipArchiveEntry> newOutputShop(FsModel model,
                                          OptionOutputSocket output,
                                          @CheckForNull
                                          ZipInputShop source)
                                               throws IOException

  Overrides:

  newOutputShop in class ZipDriver

  Throws:

  IOException

• raesParameters

  @CheckForNull
  protected RaesParameters raesParameters(FsModel model)

  Returns the RAES parameters for the given file system model or null if not available.

  The implementation in the class ZipRaesDriver returns new KeyManagerRaesParameters(getKeyManager(), mountPointUri(model)).

  Parameters:

  model - the file system model.

  Returns:

  The RAES parameters for the given file system model or null if not available.