Interface CryptoManager
-
@Volatile public interface CryptoManager
Provides low-level encryption routines for implementing Field-Level Encryption as specified by Couchbase RFC-0032.An implementation knows how to encrypt and decrypt field values, and provides methods for inspecting and transforming JSON field names to indicate whether a field holds an encrypted value.
CryptoManager
is intended to be usable with any JSON library. The plaintext value of a field is represented by a byte array containing valid JSON. The encrypted form is represented by a Map which may be serialized as a JSON Object by your library of choice.If you wish to encrypt or decrypt the fields of a Couchbase
JsonObject
, it may be more convenient to work with a higher level abstraction like the one provided by the Java SDK'sJsonObjectCrypto
class.Implementations must be thread-safe.
-
-
Field Summary
Fields Modifier and Type Field Description static String
DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.static String
DEFAULT_ENCRYPTER_ALIAS
The name that refers to the default encrypter if one is present.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description byte[]
decrypt(Map<String,Object> encryptedNode)
Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.default String
demangle(String fieldName)
Reverses the transformation applied bymangle(java.lang.String)
and returns the original field name.Map<String,Object>
encrypt(byte[] plaintext, String encrypterAlias)
Encrypts the given data using the named encrypter.default boolean
isMangled(String fieldName)
Returns true if the given field name has been mangled bymangle(String)
.default String
mangle(String fieldName)
Transforms the given field name to indicate its value is encrypted.
-
-
-
Field Detail
-
DEFAULT_ENCRYPTER_ALIAS
static final String DEFAULT_ENCRYPTER_ALIAS
The name that refers to the default encrypter if one is present.- See Also:
- Constant Field Values
-
DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
static final String DEFAULT_ENCRYPTED_FIELD_NAME_PREFIX
The prefix to use when mangling the names of encrypted fields according to the default name mangling strategy.- See Also:
- Constant Field Values
-
-
Method Detail
-
encrypt
Map<String,Object> encrypt(byte[] plaintext, String encrypterAlias)
Encrypts the given data using the named encrypter.- Parameters:
plaintext
- the message to encryptencrypterAlias
- (nullable) alias of the encrypter to use, or null for default encrypter.- Returns:
- A map representing the encrypted form of the plaintext.
-
decrypt
byte[] decrypt(Map<String,Object> encryptedNode)
Selects an appropriate decrypter based on the contents of the encrypted node and uses it to decrypt the data.- Parameters:
encryptedNode
- the encrypted form of a message- Returns:
- the plaintext message
-
mangle
default String mangle(String fieldName)
Transforms the given field name to indicate its value is encrypted.
-
demangle
default String demangle(String fieldName)
Reverses the transformation applied bymangle(java.lang.String)
and returns the original field name.
-
isMangled
default boolean isMangled(String fieldName)
Returns true if the given field name has been mangled bymangle(String)
.
-
-