com.aliyun.encryptionsdk.ckm

Class CachingCryptoKeyManager

java.lang.Object

com.aliyun.encryptionsdk.ckm.CachingCryptoKeyManager

All Implemented Interfaces:

CryptoKeyManager

public class CachingCryptoKeyManager
extends Object
implements CryptoKeyManager

CachingCryptoKeyManager包装了另一个 CryptoKeyManager，并缓存了密钥材料结果。 减少从kms获取密钥材料的调用次数，有助于提高性能或降低成本。

重复使用相同的密钥材料加密数据可能会导致密钥泄露后大量数据的泄密，所以对于每一个密钥 材料都做了最大字节数或者最大加密信息数的限制，超过限制将重新获取新密钥材料，同时每个 密钥也设置了最大生成时间。（注：当 maxEncryptionBytes 与 maxEncryptionMessages 不设置或者设置为Long.MAX_VALUE时，该密钥材料不受最大字节数或者最大加密信息数限制）

DataKeyCache 是缓存密钥材料的接口， LocalDataKeyMaterialCache 为缓存 默认实现。用户可以自定义实现该接口调整缓存的存储方案，比如redis等。

一次请求是否会命中缓存由以下几点共同决定： CryptoAlgorithm 算法信息 encryptionContext 加密上下文 EncryptedDataKey 加密的dataKey（仅解密时需要） 以上几点通过SHA散列算法形成信息摘要作为key存储需要缓存的密钥材料实例

Field Summary

Fields inherited from interface com.aliyun.encryptionsdk.ckm.CryptoKeyManager

ENCODING

Constructor Summary

Constructors

Constructor and Description
CachingCryptoKeyManager(DataKeyCache cache)

Method Summary

Modifier and Type	Method and Description
DecryptionMaterial	getDecryptDataKeyMaterial(BaseDataKeyProvider provider, Map<String,String> encryptionContext, List<EncryptedDataKey> encryptedDataKeys)
EncryptionMaterial	getEncryptDataKeyMaterial(BaseDataKeyProvider provider, Map<String,String> encryptionContext, long plaintextSize)
long	getMaxEncryptionBytes()
long	getMaxEncryptionMessages()
long	getMaxSurvivalTime()
SignatureMaterial	getSignatureMaterial(SignatureProvider provider, byte[] content, ContentType type)
VerifyMaterial	getVerifyMaterial(SignatureProvider provider, byte[] content, byte[] signature, ContentType type)
void	setMaxEncryptionBytes(long maxEncryptionBytes)
void	setMaxEncryptionMessages(long maxEncryptionMessages)
void	setMaxSurvivalTime(long maxSurvivalTime)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CachingCryptoKeyManager

public CachingCryptoKeyManager(DataKeyCache cache)

Method Detail

getMaxSurvivalTime

public long getMaxSurvivalTime()

setMaxSurvivalTime

public void setMaxSurvivalTime(long maxSurvivalTime)

getMaxEncryptionBytes

public long getMaxEncryptionBytes()

setMaxEncryptionBytes

public void setMaxEncryptionBytes(long maxEncryptionBytes)

getMaxEncryptionMessages

public long getMaxEncryptionMessages()

setMaxEncryptionMessages

public void setMaxEncryptionMessages(long maxEncryptionMessages)

getEncryptDataKeyMaterial

public EncryptionMaterial getEncryptDataKeyMaterial(BaseDataKeyProvider provider,
                                                    Map<String,String> encryptionContext,
                                                    long plaintextSize)

Specified by:

getEncryptDataKeyMaterial in interface CryptoKeyManager

getDecryptDataKeyMaterial

public DecryptionMaterial getDecryptDataKeyMaterial(BaseDataKeyProvider provider,
                                                    Map<String,String> encryptionContext,
                                                    List<EncryptedDataKey> encryptedDataKeys)

Specified by:

getDecryptDataKeyMaterial in interface CryptoKeyManager

getSignatureMaterial

public SignatureMaterial getSignatureMaterial(SignatureProvider provider,
                                              byte[] content,
                                              ContentType type)

Specified by:

getSignatureMaterial in interface CryptoKeyManager

getVerifyMaterial

public VerifyMaterial getVerifyMaterial(SignatureProvider provider,
                                        byte[] content,
                                        byte[] signature,
                                        ContentType type)

Specified by:

getVerifyMaterial in interface CryptoKeyManager