@Immutable public class ParanoidZipRaesDriver extends ZipRaesDriver
SafeZipRaesDriver
for archive files larger than 512 KB and
may pause the client application on the first access to the archive file
for a while if the file is large.
Note that the CRC-32 value of the plain text ZIP file is never checked
because this is made redundant by the MAC verification.
In addition, this driver limits the number of concurrent entry output streams to one, so that writing unencrypted temporary files is inhibited.
Subclasses must be thread-safe and should be immutable!
SafeZipRaesDriver
JAR_CHARSET
Constructor and Description |
---|
ParanoidZipRaesDriver(IOPoolProvider ioPoolProvider,
KeyManagerProvider keyManagerProvider) |
Modifier and Type | Method and Description |
---|---|
long |
getAuthenticationTrigger()
Returns the value of the property
authenticationTrigger . |
protected OutputShop<ZipDriverEntry> |
newOutputShop(FsModel model,
OutputStream out,
ZipInputShop source)
This implementation returns a new
ZipOutputShop . |
check, decorate, getKeyManagerProvider, getOutputSocket, getPreambled, newEntry, newInputShop, newOutputShop, raesParameters
getKeyProviderSyncStrategy, getLevel, getMethod, getPool, getPostambled, getRedundantContentSupport, getRedundantMetaDataSupport, mountPointUri, newController, newInputShop, newOutputShop, process, resourceUri, zipCryptoParameters
assertEncodable, getCharset, toString, toZipOrTarEntryName
getInputSocket, isFederated, newController, newEntry
getPriority
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
getOverheadSize
getCharset
public ParanoidZipRaesDriver(IOPoolProvider ioPoolProvider, KeyManagerProvider keyManagerProvider)
public final long getAuthenticationTrigger()
ZipRaesDriver
authenticationTrigger
.
If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.
Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length get authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.
Consequently, if the value of this property is set to a negative value,
then the entire cipher text gets never authenticated (CRC-32
checking only), and if set to Long.MAX_VALUE
, then the entire
cipher text gets always authenticated (no CRC-32 checking).
getAuthenticationTrigger
in class ZipRaesDriver
authenticationTrigger
.protected OutputShop<ZipDriverEntry> newOutputShop(FsModel model, OutputStream out, ZipInputShop source) throws IOException
ZipOutputShop
.
This restricts the number of concurrent output entry streams to one in
order to inhibit writing unencrypted temporary files for buffering the
written entries.newOutputShop
in class ZipDriver
IOException
Copyright © 2005–2018 Schlichtherle IT Services. All rights reserved.