@Immutable public abstract class ZipRaesDriver extends JarDriver
Sub-classes must be thread-safe and should be immutable!
JAR_CHARSET
Constructor and Description |
---|
ZipRaesDriver(IOPoolProvider ioPoolProvider,
KeyManagerProvider keyManagerProvider)
Constructs a new RAES encrypted ZIP file driver.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
check(ZipInputShop input,
ZipDriverEntry entry)
Whether or not the content of the given entry shall get
checked/authenticated when reading it.
|
<M extends FsModel> |
decorate(FsController<M> controller)
A hook which decorates the given file system controller chain with some
more file system controller(s).
|
protected abstract long |
getAuthenticationTrigger()
Returns the value of the property
authenticationTrigger . |
protected KeyManagerProvider |
getKeyManagerProvider()
Returns the provider for key managers for accessing protected resources
(encryption).
|
OptionOutputSocket |
getOutputSocket(FsController<?> controller,
FsEntryName name,
BitField<FsOutputOption> options,
Entry template)
|
boolean |
getPreambled()
Returns the flag for allowing a preamble.
|
ZipDriverEntry |
newEntry(String path,
Entry.Type type,
Entry template,
BitField<FsOutputOption> mknod)
Returns a new
ZipDriverEntry , requesting that the data gets
DEFLATED if no template is provided. |
InputShop<ZipDriverEntry> |
newInputShop(FsModel model,
InputSocket<?> input)
Creates a new input shop for reading the archive entries for the
given
model from the given input socket's target. |
protected OutputShop<ZipDriverEntry> |
newOutputShop(FsModel model,
OptionOutputSocket output,
ZipInputShop source) |
protected RaesParameters |
raesParameters(FsModel model)
Returns the RAES parameters for the given file system model.
|
getKeyProviderSyncStrategy, getLevel, getMethod, getPool, getPostambled, getRedundantContentSupport, getRedundantMetaDataSupport, mountPointUri, newController, newInputShop, newOutputShop, newOutputShop, process, resourceUri, zipCryptoParameters
assertEncodable, getCharset, toString, toZipOrTarEntryName
getInputSocket, isFederated, newController, newEntry
getPriority
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
getOverheadSize
getCharset
public ZipRaesDriver(IOPoolProvider ioPoolProvider, KeyManagerProvider keyManagerProvider)
ioPoolProvider
- the provider for the I/O buffer pool.keyManagerProvider
- the key manager provider for accessing
protected resources (cryptography).protected final boolean check(ZipInputShop input, ZipDriverEntry entry)
ZipDriver
true
and the check fails,
then an IOException
gets thrown.public <M extends FsModel> FsController<M> decorate(FsController<M> controller)
The implementation in the class ZipDriver
returns the expression
new ZipKeyController<M>(controller, this)
.
Overridde this method in order to return just the given
controller
if you are overriding
ZipDriver.zipCryptoParameters(FsModel, Charset)
and do not want to use
a locatable key manager to resolve passwords for WinZip AES encryption.
The implementation in the class ZipRaesDriver
returns the
expression
new ZipRaesKeyController<M>(controller, this)
.
Overridde this method in order to return just the given
controller
if you are overriding
raesParameters(FsModel)
and do not want to use
a locatable key manager to resolve passwords for RAES encryption.
decorate
in class ZipDriver
M
- the file system model used by the given controller.controller
- the file system controller to decorate or return.
Note that this controller may throw RuntimeException
s
for non-local control flow!controller
.protected abstract long getAuthenticationTrigger()
authenticationTrigger
.
If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.
Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length get authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.
Consequently, if the value of this property is set to a negative value,
then the entire cipher text gets never authenticated (CRC-32
checking only), and if set to Long.MAX_VALUE
, then the entire
cipher text gets always authenticated (no CRC-32 checking).
authenticationTrigger
.protected final KeyManagerProvider getKeyManagerProvider()
The implementation in ZipRaesDriver
simply returns the value of
the field keyManagerProvider
.
getKeyManagerProvider
in class ZipDriver
public final OptionOutputSocket getOutputSocket(FsController<?> controller, FsEntryName name, BitField<FsOutputOption> options, @CheckForNull Entry template)
getOutputSocket
in class ZipDriver
controller
- the controller to use for writing an artifact of this
driver.name
- the entry name.options
- the options to use.template
- the template to use.public final boolean getPreambled()
If this method returns true
, then a ZIP file is allowed to
contain arbitrary data as its preamble before the actual ZIP file data.
Self Extracting Archives typically use a preamble to store the
application code that is required to extract the ZIP file contents.
If this method returns false
, the a ZIP file must start with
either a Local File Header (LFH) signature,
a ZIP64 End Of Central Directory Record (EOCDR) signature or an End Of
Central Directory Record (EOCDR) signature.
The implementation in the class ZipDriver
returns false
.
Since TrueZIP 7.3, the implementation in the class ZipRaesDriver
returns true
for future use.
getPreambled
in interface ZipFileParameters<ZipDriverEntry>
getPreambled
in class ZipDriver
true
public ZipDriverEntry newEntry(String path, Entry.Type type, @CheckForNull Entry template, BitField<FsOutputOption> mknod) throws CharConversionException
ZipDriverEntry
, requesting that the data gets
DEFLATED
if no template is provided.
This feature strengthens the security level of the authentication
process and inhibits the use of an unencrypted temporary I/O entry
(usually a temporary file) in case the output is not copied from a file
system entry as its input.
Furthermore, the method ZipEntry.clearEncryption()
is
called in order to prevent adding a redundant encryption layer for the
individual ZIP entry because this would confuse users, increase the size
of the resulting archive file and unecessarily heat the CPU.
newEntry
in class ZipDriver
path
- an entry name.type
- an entry type.template
- if not null
, then the new entry shall inherit
as much properties from this entry as possible - with the
exception of its name and type.mknod
- when called from FsController.mknod(de.schlichtherle.truezip.fs.FsEntryName, de.schlichtherle.truezip.entry.Entry.Type, de.schlichtherle.truezip.util.BitField<de.schlichtherle.truezip.fs.FsOutputOption>, de.schlichtherle.truezip.entry.Entry)
, this is its
options
parameter, otherwise it's typically an empty set.CharConversionException
- TODO: This has been deprecated and
should get removed.public final InputShop<ZipDriverEntry> newInputShop(FsModel model, InputSocket<?> input) throws IOException
model
from the given input
socket's target.
Note that the returned input shop does not need to be thread-safe.
The implementation in the class ZipDriver
acquires a read only
file from the given socket and forwards the call to
ZipDriver.newInputShop(de.schlichtherle.truezip.fs.FsModel, de.schlichtherle.truezip.socket.InputSocket<?>)
.
The implementation in ZipRaesDriver
calls
raesParameters(de.schlichtherle.truezip.fs.FsModel)
, with which it initializes a new
RaesReadOnlyFile
.
Next, if the gross file length of the archive is smaller than or equal
to the authentication trigger, the MAC authentication on the cipher
text is performed.
Finally, the RaesReadOnlyFile
is passed on to the super
class implementation.
newInputShop
in class ZipDriver
model
- the file system model.input
- the input socket for reading the contents of the
archive file from its target.
This is guaranteed to be the product of this driver's
FsArchiveDriver.getInputSocket(de.schlichtherle.truezip.fs.FsController<?>, de.schlichtherle.truezip.fs.FsEntryName, de.schlichtherle.truezip.util.BitField<de.schlichtherle.truezip.fs.FsInputOption>)
method.IOException
- on any I/O error.
If the file system entry for the given model exists in the
parent file system and is not a Entry.Type.SPECIAL
type, then this exception is deemed to indicate a
persistent false positive archive file and gets cached
until the file system controller for the given model is
synced
again.
Otherwise, this exception is deemed to indicate a
transient false positive archive file and does not
get cached.protected OutputShop<ZipDriverEntry> newOutputShop(FsModel model, OptionOutputSocket output, ZipInputShop source) throws IOException
newOutputShop
in class ZipDriver
IOException
protected RaesParameters raesParameters(FsModel model)
The implementation in the class ZipRaesDriver
returns
new KeyManagerRaesParameters(getKeyManagerProvider().get(AesCipherParameters.class), mountPointUri(model))
.
model
- the file system model.Copyright © 2005–2018 Schlichtherle IT Services. All rights reserved.