Class EncryptOrDecryptData
- java.lang.Object
-
- org.apache.derby.impl.store.raw.data.EncryptOrDecryptData
-
- All Implemented Interfaces:
java.security.PrivilegedAction<java.lang.Boolean>
public class EncryptOrDecryptData extends java.lang.Object implements java.security.PrivilegedAction<java.lang.Boolean>
This class is used to encrypt all the containers in the data segment with a new encryption key when password/key is changed or when an existing database is reconfigured for encryption. Encryption of existing data in the data segments is done by doing the following: Find all the containers in data segment (seg0) and encrypt all of them with the new encryption key, the process for each container is: 1.Write a log record to indicate that the container is getting encrypted. 2.Read all the pages of the container through the page cache and encrypt each page with new encryption key and then write to a temporary file(n.dat) in the data segment itself. 3. Rename the current container file (c .dat) to another file (o .dat) 4. Rename the new encrypted version of the file (n<cid).dat) to be the current container file (c .dat). 5. All the old version of the container (o .dat) files are removed after a successful checkpoint with a new key or on a rollback.
-
-
Field Summary
Fields Modifier and Type Field Description private int
actionCode
private StorageFile
actionDestStorageFile
private StorageFile
actionStorageFile
private BaseDataFileFactory
dataFactory
private static int
STORAGE_FILE_DELETE_ACTION
private static int
STORAGE_FILE_EXISTS_ACTION
private static int
STORAGE_FILE_RENAME_ACTION
private StorageFactory
storageFactory
-
Constructor Summary
Constructors Constructor Description EncryptOrDecryptData(BaseDataFileFactory dataFactory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
decryptAllContainers(RawTransaction t)
Finds all the all the containers stored in the data directory and decrypts them.void
encryptAllContainers(RawTransaction t)
Find all the all the containers stored in the data directory and encrypt them.private void
encryptOrDecryptAllContainers(RawTransaction t, boolean doEncrypt)
Encrypts or decrypts all containers in the database data directory.private void
encryptOrDecryptContainer(RawTransaction t, ContainerKey ckey, boolean doEncrypt)
Encrypts or decrypts the specified container.private StorageFile
getFile(java.lang.String ctrFileName)
private StorageFile
getFile(ContainerKey containerId, boolean old)
Get file handle to a container file that is used to keep temporary versions of the container file.private java.lang.String
getFilePath(ContainerKey containerId, boolean old)
Get path to a container file that is used to keep temporary versions of the container file.private boolean
isOldContainerFile(java.lang.String fileName)
private boolean
privDelete(StorageFile file)
private boolean
privExists(StorageFile file)
private boolean
privRename(StorageFile fromFile, StorageFile destFile)
void
removeOldVersionOfContainers()
Removes old versions of the containers after a cryptographic operation on the database.(package private) void
restoreContainer(ContainerKey containerId)
java.lang.Boolean
run()
-
-
-
Field Detail
-
dataFactory
private BaseDataFileFactory dataFactory
-
storageFactory
private StorageFactory storageFactory
-
STORAGE_FILE_EXISTS_ACTION
private static final int STORAGE_FILE_EXISTS_ACTION
- See Also:
- Constant Field Values
-
STORAGE_FILE_DELETE_ACTION
private static final int STORAGE_FILE_DELETE_ACTION
- See Also:
- Constant Field Values
-
STORAGE_FILE_RENAME_ACTION
private static final int STORAGE_FILE_RENAME_ACTION
- See Also:
- Constant Field Values
-
actionCode
private int actionCode
-
actionStorageFile
private StorageFile actionStorageFile
-
actionDestStorageFile
private StorageFile actionDestStorageFile
-
-
Constructor Detail
-
EncryptOrDecryptData
public EncryptOrDecryptData(BaseDataFileFactory dataFactory)
-
-
Method Detail
-
decryptAllContainers
public void decryptAllContainers(RawTransaction t) throws StandardException
Finds all the all the containers stored in the data directory and decrypts them.- Parameters:
t
- the transaction that is used for the decryption operation- Throws:
StandardException
- Standard Derby error policy
-
encryptAllContainers
public void encryptAllContainers(RawTransaction t) throws StandardException
Find all the all the containers stored in the data directory and encrypt them.- Parameters:
t
- the transaction that is used for the encryption operation- Throws:
StandardException
- Standard Derby error policy
-
encryptOrDecryptAllContainers
private void encryptOrDecryptAllContainers(RawTransaction t, boolean doEncrypt) throws StandardException
Encrypts or decrypts all containers in the database data directory.- Parameters:
t
- transaction used for the cryptographic operationdoEncrypt
- tells whether to encrypt or decrypt- Throws:
StandardException
- Standard Derby error policy
-
encryptOrDecryptContainer
private void encryptOrDecryptContainer(RawTransaction t, ContainerKey ckey, boolean doEncrypt) throws StandardException
Encrypts or decrypts the specified container.- Parameters:
t
- transaction that used to perform the cryptographic operationckey
- the key of the container that is being encrypted/decrypteddoEncrypt
- tells whether to encrypt or decrypt- Throws:
StandardException
- Standard Derby error policy
-
getFile
private StorageFile getFile(ContainerKey containerId, boolean old)
Get file handle to a container file that is used to keep temporary versions of the container file.
-
getFilePath
private java.lang.String getFilePath(ContainerKey containerId, boolean old)
Get path to a container file that is used to keep temporary versions of the container file.
-
isOldContainerFile
private boolean isOldContainerFile(java.lang.String fileName)
-
getFile
private StorageFile getFile(java.lang.String ctrFileName)
-
restoreContainer
void restoreContainer(ContainerKey containerId) throws StandardException
- Throws:
StandardException
-
removeOldVersionOfContainers
public void removeOldVersionOfContainers() throws StandardException
Removes old versions of the containers after a cryptographic operation on the database.- Throws:
StandardException
-
privExists
private boolean privExists(StorageFile file)
-
privDelete
private boolean privDelete(StorageFile file)
-
privRename
private boolean privRename(StorageFile fromFile, StorageFile destFile)
-
run
public java.lang.Boolean run()
- Specified by:
run
in interfacejava.security.PrivilegedAction<java.lang.Boolean>
-
-