Class ReEncryptor

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

    public class ReEncryptor
    extends java.lang.Object
    implements org.springframework.context.ApplicationContextAware
    Re-encrypts encryptable repository properties using a new set of encryption keys. Decrypts the repository properties using the default encryptor, falling back to a backup decryptor (using the old encryption keys) if necessary, and then re-encrypts the properties. Can run in one of two ways:
    • during bootstrap.
    • by using JMX (available only to Enterprise). In this case, the system can stay running while the re-encryption takes place.
    Since:
    4.0
    • Constructor Detail

      • ReEncryptor

        public ReEncryptor()
    • Method Detail

      • setTransactionService

        public void setTransactionService​(TransactionService transactionService)
        Set the transaction provider so that each execution can be performed within a transaction
      • setMetadataEncryptor

        public void setMetadataEncryptor​(MetadataEncryptor metadataEncryptor)
      • setJobLockService

        public void setJobLockService​(JobLockService jobLockService)
      • setNumThreads

        public void setNumThreads​(int numThreads)
      • setChunkSize

        public void setChunkSize​(int chunkSize)
      • setSplitTxns

        public void setSplitTxns​(boolean splitTxns)
      • setNodeDAO

        public void setNodeDAO​(NodeDAO nodeDAO)
      • setDictionaryDAO

        public void setDictionaryDAO​(org.alfresco.repo.dictionary.DictionaryDAO dictionaryDAO)
      • setQnameDAO

        public void setQnameDAO​(QNameDAO qnameDAO)
      • reEncryptProperties

        protected void reEncryptProperties​(java.util.List<NodePropertyEntity> properties,
                                           java.lang.String lockToken)
      • bootstrapReEncrypt

        public int bootstrapReEncrypt()
                               throws org.alfresco.encryption.MissingKeyException
        Re-encrypt using the configured backup keystore to decrypt and the main keystore to encrypt
        Throws:
        org.alfresco.encryption.MissingKeyException
      • reEncrypt

        public int reEncrypt()
                      throws org.alfresco.encryption.MissingKeyException
        Re-encrypt by decrypting using the configured keystore and encrypting using a keystore configured using the provided new key store parameters. Called from e.g. JMX. Assumes that the main key store has been already been reloaded. Note: it is the responsibility of the end user to ensure that the underlying keystores have been set up appropriately i.e. the old key store is backed up to the location defined by the property '${dir.keystore}/backup-keystore' and the new key store replaces it. This can be done while the repository is running.
        Throws:
        org.alfresco.encryption.MissingKeyException
      • reEncryptImpl

        protected int reEncryptImpl()
      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext applicationContext)
                                   throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException