Package org.opensearch.common.crypto

Interface CryptoHandler<T,U>

Type Parameters:
T - Encryption Metadata / CryptoContext
U - Parsed Encryption Metadata / CryptoContext
All Superinterfaces:
AutoCloseable, Closeable
@ExperimentalApi public interface CryptoHandler<T,U> extends Closeable
Crypto provider abstractions for encryption and decryption of data. Allows registering multiple providers for defining different ways of encrypting or decrypting data.

  • Method Details

    • initEncryptionMetadata

      T initEncryptionMetadata()
      To initialise or create a new crypto metadata to be used in encryption. This is needed to set the context before beginning encryption.
      Returns:
      crypto metadata instance

    • loadEncryptionMetadata

      U loadEncryptionMetadata(EncryptedHeaderContentSupplier encryptedHeaderContentSupplier) throws IOException
      To load crypto metadata to be used in encryption from content header. Note that underlying information in the loaded metadata object is same as present in the object created during encryption but object type may differ.
      Parameters:
      encryptedHeaderContentSupplier - supplier for encrypted header content.
      Returns:
      crypto metadata instance used in decryption.
      Throws:
      IOException

    • adjustContentSizeForPartialEncryption

      long adjustContentSizeForPartialEncryption(T cryptoContext, long contentSize)
      Few encryption algorithms have certain conditions on the unit of content to be encrypted. This requires the content size to be re adjusted in order to fulfil these conditions for partial writes. If write requests for encryption of a part of content do not fulfil these conditions then encryption fails or can result in corrupted content depending on the algorithm used. This method exposes a means to re-adjust sizes of such writes.
      Parameters:
      cryptoContext - crypto metadata instance
      contentSize - Size of the raw content
      Returns:
      Adjusted size of the content.

    • estimateEncryptedLengthOfEntireContent

      long estimateEncryptedLengthOfEntireContent(T cryptoContext, long contentLength)
      Estimate length of the encrypted content. It should only be used to determine length of entire content after encryption.
      Parameters:
      cryptoContext - crypto metadata instance consisting of encryption metadata used in encryption.
      contentLength - Size of the raw content
      Returns:
      Calculated size of the encrypted content.

    • estimateDecryptedLength

      long estimateDecryptedLength(U cryptoContext, long contentLength)
      For given encrypted content length, estimate the length of the decrypted content.
      Parameters:
      cryptoContext - crypto metadata instance consisting of encryption metadata used in encryption.
      contentLength - Size of the encrypted content
      Returns:
      Calculated size of the decrypted content.

    • createEncryptingStream

      InputStreamContainer createEncryptingStream(T encryptionMetadata, InputStreamContainer stream)
      Wraps a raw InputStream with encrypting stream
      Parameters:
      encryptionMetadata - created earlier to set the crypto metadata.
      stream - Raw InputStream to encrypt
      Returns:
      encrypting stream wrapped around raw InputStream.

    • createEncryptingStreamOfPart

      InputStreamContainer createEncryptingStreamOfPart(T cryptoContext, InputStreamContainer stream, int totalStreams, int streamIdx)
      Provides encrypted stream for a raw stream emitted for a part of content.
      Parameters:
      cryptoContext - crypto metadata instance.
      stream - raw stream for which encrypted stream has to be created.
      totalStreams - Number of streams being used for the entire content.
      streamIdx - Index of the current stream.
      Returns:
      Encrypted stream for the provided raw stream.

    • createDecryptingStream

      InputStream createDecryptingStream(InputStream encryptingStream)
      This method accepts an encrypted stream and provides a decrypting wrapper.
      Parameters:
      encryptingStream - to be decrypted.
      Returns:
      Decrypting wrapper stream

    • createDecryptingStreamOfRange

      DecryptedRangedStreamProvider createDecryptingStreamOfRange(U cryptoContext, long startPosOfRawContent, long endPosOfRawContent)
      This method creates a DecryptedRangedStreamProvider which provides a wrapped stream to decrypt the underlying stream. This also provides adjusted range against the actual range which should be used for fetching and supplying the encrypted content for decryption. Extra content outside the range is trimmed down and returned by the decrypted stream. For partial reads of encrypted content, few algorithms require the range of content to be adjusted for successful decryption. Adjusted range may or may not be same as the provided range. If range is adjusted then starting offset of resultant range can be lesser than the starting offset of provided range and end offset can be greater than the ending offset of the provided range.
      Parameters:
      cryptoContext - crypto metadata instance.
      startPosOfRawContent - starting position in the raw/decrypted content
      endPosOfRawContent - ending position in the raw/decrypted content