net.java.truevfs.driver.zip.raes

Class ZipRaesDriver

java.lang.Object

net.java.truecommons.shed.UniqueObject

net.java.truevfs.kernel.spec.FsDriver

net.java.truevfs.kernel.spec.FsArchiveDriver<E>

net.java.truevfs.comp.zipdriver.AbstractZipDriver<JarDriverEntry>

net.java.truevfs.comp.zipdriver.JarDriver

net.java.truevfs.driver.zip.raes.ZipRaesDriver

All Implemented Interfaces:

ZipCharsetParameters, ZipEntryFactory<JarDriverEntry>, ZipFileParameters<JarDriverEntry>, ZipOutputStreamParameters, ZipParameters, FsController.Factory<FsManager>, FsModel.Factory<FsManager>

Direct Known Subclasses:

ParanoidZipRaesDriver, SafeZipRaesDriver

@Immutable
public abstract class ZipRaesDriver
extends JarDriver

An abstract archive driver for RAES encrypted ZIP files which optionally authenticates the cipher data of the input archive files presented to it.

Sub-classes must be thread-safe and should be immutable!

Author:

Christian Schlichtherle

Field Summary

Fields inherited from class net.java.truevfs.comp.zipdriver.JarDriver

JAR_CHARSET

Constructor Summary

Constructors

Constructor and Description
ZipRaesDriver()

Method Summary

Modifier and Type	Method and Description
boolean	check(JarDriverEntry local, ZipInputService<JarDriverEntry> input) Whether or not the content of the given entry shall get checked/authenticated when reading it.
FsController	decorate(FsController controller) Decorates the given file system controller.
protected abstract long	getAuthenticationTrigger() Returns the value of the property authenticationTrigger.
boolean	getPreambled() Returns the flag for supporting preambles.
JarDriverEntry	newEntry(net.java.truecommons.shed.BitField<FsAccessOption> options, String name, net.java.truecommons.cio.Entry.Type type, net.java.truecommons.cio.Entry template) Returns a new JarDriverEntry, requesting that the data gets DEFLATED if no template is provided.
protected net.java.truecommons.cio.OutputService<JarDriverEntry>	newOutput(FsModel model, FsOutputSocketSink sink, net.java.truecommons.cio.InputService<JarDriverEntry> input) Creates a new input service for writing archive entries for the given model to the target archive file referenced by sink.
protected ZipInputService<JarDriverEntry>	newZipInput(FsModel model, FsInputSocketSource source)
protected RaesParameters	raesParameters(FsModel model) Returns the RAES parameters for the given file system model.
protected FsOutputSocketSink	sink(net.java.truecommons.shed.BitField<FsAccessOption> options, FsController controller, FsNodeName name) Sets FsAccessOption.STORE in options before forwarding the call to controller.

Methods inherited from class net.java.truevfs.comp.zipdriver.JarDriver

getCharset, newEntry, newEntry

Methods inherited from class net.java.truevfs.comp.zipdriver.AbstractZipDriver

fileSystemUri, getKeyManagerMap, getLevel, getMethod, getOverheadSize, getPool, getPostambled, getRedundantContentSupport, getRedundantMetaDataSupport, mountPointUri, newInput, rdc, zipCryptoParameters

Methods inherited from class net.java.truevfs.kernel.spec.FsArchiveDriver

checkEncodable, isArchiveDriver, newController, newEntry, newInput, newOutput, normalize, source, toString

Methods inherited from class net.java.truevfs.kernel.spec.FsDriver

decorate, newModel

Methods inherited from class net.java.truecommons.shed.UniqueObject

equals, hashCode

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ZipRaesDriver

public ZipRaesDriver()

Method Detail

check

public final boolean check(JarDriverEntry local,
                           ZipInputService<JarDriverEntry> input)

Description copied from class: AbstractZipDriver

Whether or not the content of the given entry shall get checked/authenticated when reading it. If this method returns true and the check fails, then an IOException gets thrown.

Overrides:

check in class AbstractZipDriver<JarDriverEntry>

Parameters:

local - the entry to test.

input - the origin of the entry.

Returns:

entry.isEncrypted().

decorate

public FsController decorate(FsController controller)

Decorates the given file system controller.

The implementation in the class ZipDriver decorates the given controller with a package private controller which keeps track of the AES PBE parameters, e.g. the encryption passwords. This method should be overridden in order to return just controller if and only if you are overriding AbstractZipDriver.zipCryptoParameters(FsModel, Charset), too, and do not want to use a locatable key manager to resolve passwords for WinZip AES encryption.

The implementation in the class ZipRaesDriver decorates the given controller with a package private controller which keeps track of the AES PBE parameters, e.g. the encryption passwords. This method should be overridden in order to return just controller if and only if you are overriding raesParameters(FsModel), too, and do not want to use a locatable key manager to resolve passwords for RAES encryption.

Overrides:

decorate in class AbstractZipDriver<JarDriverEntry>

Parameters:

controller - the file system controller to decorate.

Returns:

The implementation in the class FsArchiveDriver unconditionally returns controller.

getAuthenticationTrigger

protected abstract long getAuthenticationTrigger()

Returns the value of the property authenticationTrigger.

If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.

Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length getKeyManager authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.

Consequently, if the value of this property is set to a negative value, then the entire cipher text gets never authenticated (CRC-32 checking only), and if set to Long.MAX_VALUE, then the entire cipher text gets always authenticated (no CRC-32 checking).

Returns:

The value of the property authenticationTrigger.

getPreambled

public final boolean getPreambled()

Returns the flag for supporting preambles. If this method returns true, then a ZIP file is allowed to contain arbitrary data as its preamble before the actual ZIP file data. Self Extracting Archives typically use a preamble to store the application code that is required to extract the ZIP file contents.

If this method returns false, then a ZIP file must start with either a Local File Header (LFH) signature, a ZIP64 End Of Central Directory Record (EOCDR) signature or an End Of Central Directory Record (EOCDR) signature.

The implementation in the class ZipDriver returns false.

The implementation in the class ZipRaesDriver returns true for future use.

Specified by:

getPreambled in interface ZipFileParameters<JarDriverEntry>

Overrides:

getPreambled in class AbstractZipDriver<JarDriverEntry>

Returns:

true

newEntry

public JarDriverEntry newEntry(net.java.truecommons.shed.BitField<FsAccessOption> options,
                               String name,
                               net.java.truecommons.cio.Entry.Type type,
                               @CheckForNull
                               net.java.truecommons.cio.Entry template)

Returns a new JarDriverEntry, requesting that the data gets DEFLATED if no template is provided. This feature strengthens the security level of the authentication process and inhibits the use of an unencrypted temporary I/O entry (usually a temporary file) in case the sink is not copied from a file system entry as its input.

Furthermore, the method ZipEntry.clearEncryption() is called in order to prevent adding a redundant encryption layer for the individual ZIP entry because this would confuse users, increase the size of the resulting archive file and unecessarily heat the CPU.

Overrides:

newEntry in class AbstractZipDriver<JarDriverEntry>

Parameters:

options - when called from FsController.make(net.java.truecommons.shed.BitField<net.java.truevfs.kernel.spec.FsAccessOption>, net.java.truevfs.kernel.spec.FsNodeName, net.java.truecommons.cio.Entry.Type, net.java.truecommons.cio.Entry), this is its options parameter, otherwise it's typically an empty set.

name - the entry name.

type - the entry type.

template - if not null, then the new entry shall inherit as much properties from this entry as possible - with the exception of its name and type.

Returns:

A new entry for the given name.

See Also:

FsArchiveDriver.newEntry(String, Entry.Type, Entry)

newOutput

protected net.java.truecommons.cio.OutputService<JarDriverEntry> newOutput(FsModel model,
                                                                           FsOutputSocketSink sink,
                                                                           @CheckForNull @WillNotClose
                                                                           net.java.truecommons.cio.InputService<JarDriverEntry> input)
                                                                    throws IOException

Description copied from class: FsArchiveDriver

Creates a new input service for writing archive entries for the given model to the target archive file referenced by sink.

Overrides:

newOutput in class AbstractZipDriver<JarDriverEntry>

Parameters:

model - the file system model.

sink - the sink for writing the target archive file.

input - the nullable InputService for the target archive file. If not null, then the target archive file is going to get updated. This parameter is guaranteed to be the product of this driver's factory method FsArchiveDriver.newInput(FsModel, BitField, FsController, FsNodeName).

Returns:

A new output service for writing the target archive file. Note that this service does not need to be thread-safe!

Throws:

IOException - on any I/O error.

See Also:

FsArchiveDriver.newOutput(FsModel, BitField, FsController, FsNodeName, InputService)

newZipInput

protected ZipInputService<JarDriverEntry> newZipInput(FsModel model,
                                                      FsInputSocketSource source)
                                               throws IOException

Overrides:

newZipInput in class AbstractZipDriver<JarDriverEntry>

Throws:

IOException

raesParameters

protected RaesParameters raesParameters(FsModel model)

Returns the RAES parameters for the given file system model.

The implementation in the class ZipRaesDriver returns new KeyManagerRaesParameters(getKeyManagerMap().getKeyManager(AesPbeParameters.class), mountPointUri(model)).

Parameters:

model - the file system model.

Returns:

The RAES parameters for the given file system model.

sink

protected final FsOutputSocketSink sink(net.java.truecommons.shed.BitField<FsAccessOption> options,
                                        FsController controller,
                                        FsNodeName name)

Sets FsAccessOption.STORE in options before forwarding the call to controller.

Overrides:

sink in class AbstractZipDriver<JarDriverEntry>

Parameters:

options - the options for accessing the file system node.

controller - the controller to use for writing an artifact of this driver.

name - the node name.

Returns:

A sink for writing an artifact of this driver.

See Also:

FsArchiveDriver.newOutput(FsModel, BitField, FsController, FsNodeName, InputService)