net.java.truevfs.driver.zip.raes

Class ParanoidZipRaesDriver

java.lang.Object

net.java.truecommons.shed.UniqueObject

net.java.truevfs.kernel.spec.FsDriver

net.java.truevfs.kernel.spec.FsArchiveDriver<E>

net.java.truevfs.comp.zipdriver.AbstractZipDriver<JarDriverEntry>

net.java.truevfs.comp.zipdriver.JarDriver

net.java.truevfs.driver.zip.raes.ZipRaesDriver

net.java.truevfs.driver.zip.raes.ParanoidZipRaesDriver

All Implemented Interfaces:

ZipCharsetParameters, ZipEntryFactory<JarDriverEntry>, ZipFileParameters<JarDriverEntry>, ZipOutputStreamParameters, ZipParameters, FsController.Factory<FsManager>, FsModel.Factory<FsManager>

@Immutable
public class ParanoidZipRaesDriver
extends ZipRaesDriver

A paranoid archive driver for RAES encrypted ZIP files. This driver always checks the cipher text of input archive files using the RAES Message Authentication Code (MAC), which makes it slower than the SafeZipRaesDriver for archive files larger than 512 KB and may pause the client application on the first access to the archive file for a while if the file is large. Note that the CRC-32 value of the plain text ZIP file is never checked because this is made redundant by the MAC verification.

In addition, this driver limits the number of concurrent entry sink streams to one, so that writing unencrypted temporary files is inhibited.

Subclasses must be thread-safe and should be immutable!

Author:

Christian Schlichtherle

See Also:

SafeZipRaesDriver

Field Summary

Fields inherited from class net.java.truevfs.comp.zipdriver.JarDriver

JAR_CHARSET

Constructor Summary

Constructors

Constructor and Description
ParanoidZipRaesDriver()

Method Summary

Modifier and Type	Method and Description
long	getAuthenticationTrigger() Returns the value of the property authenticationTrigger.
protected ZipOutputService<JarDriverEntry>	newOutput(FsModel model, FsOutputSocketSink sink, net.java.truecommons.cio.InputService<JarDriverEntry> input) Creates a new input service for writing archive entries for the given model to the target archive file referenced by sink.

Methods inherited from class net.java.truevfs.driver.zip.raes.ZipRaesDriver

check, decorate, getPreambled, newEntry, newZipInput, raesParameters, sink

Methods inherited from class net.java.truevfs.comp.zipdriver.JarDriver

getCharset, newEntry, newEntry

Methods inherited from class net.java.truevfs.comp.zipdriver.AbstractZipDriver

fileSystemUri, getKeyManagerMap, getLevel, getMethod, getOverheadSize, getPool, getPostambled, getRedundantContentSupport, getRedundantMetaDataSupport, mountPointUri, newInput, rdc, zipCryptoParameters

Methods inherited from class net.java.truevfs.kernel.spec.FsArchiveDriver

checkEncodable, isArchiveDriver, newController, newEntry, newInput, newOutput, normalize, source, toString

Methods inherited from class net.java.truevfs.kernel.spec.FsDriver

decorate, newModel

Methods inherited from class net.java.truecommons.shed.UniqueObject

equals, hashCode

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ParanoidZipRaesDriver

public ParanoidZipRaesDriver()

Method Detail

getAuthenticationTrigger

public final long getAuthenticationTrigger()

Description copied from class: ZipRaesDriver

Returns the value of the property authenticationTrigger.

If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.

Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length getKeyManager authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.

Consequently, if the value of this property is set to a negative value, then the entire cipher text gets never authenticated (CRC-32 checking only), and if set to Long.MAX_VALUE, then the entire cipher text gets always authenticated (no CRC-32 checking).

Specified by:

getAuthenticationTrigger in class ZipRaesDriver

Returns:

The value of the property authenticationTrigger.

newOutput

protected final ZipOutputService<JarDriverEntry> newOutput(FsModel model,
                                                           FsOutputSocketSink sink,
                                                           @CheckForNull @WillNotClose
                                                           net.java.truecommons.cio.InputService<JarDriverEntry> input)
                                                    throws IOException

Creates a new input service for writing archive entries for the given model to the target archive file referenced by sink.

The implementation in the class ParanoidZipRaesDriver returns a new ZipOutputService. This restricts the number of concurrent sink entry streams to one in order to inhibit writing unencrypted temporary files for buffering the written entries.

Overrides:

newOutput in class ZipRaesDriver

Parameters:

model - the file system model.

sink - the sink for writing the target archive file.

input - the nullable InputService for the target archive file. If not null, then the target archive file is going to get updated. This parameter is guaranteed to be the product of this driver's factory method FsArchiveDriver.newInput(FsModel, BitField, FsController, FsNodeName).

Returns:

A new output service for writing the target archive file. Note that this service does not need to be thread-safe!

Throws:

IOException - on any I/O error.

See Also:

FsArchiveDriver.newOutput(FsModel, BitField, FsController, FsNodeName, InputService)