Package org.apache.derby.impl.store.raw.data

Class EncryptOrDecryptData

  • All Implemented Interfaces:
    java.security.PrivilegedAction<java.lang.Boolean>
    public class EncryptOrDecryptData
extends java.lang.Object
implements java.security.PrivilegedAction<java.lang.Boolean>
    This class is used to encrypt all the containers in the data segment with a new encryption key when password/key is changed or when an existing database is reconfigured for encryption. Encryption of existing data in the data segments is done by doing the following: Find all the containers in data segment (seg0) and encrypt all of them with the new encryption key, the process for each container is: 1.Write a log record to indicate that the container is getting encrypted. 2.Read all the pages of the container through the page cache and encrypt each page with new encryption key and then write to a temporary file(n.dat) in the data segment itself. 3. Rename the current container file (c.dat) to another file (o.dat) 4. Rename the new encrypted version of the file (n<cid).dat) to be the current container file (c.dat). 5. All the old version of the container (o.dat) files are removed after a successful checkpoint with a new key or on a rollback.

    • Constructor Detail

    • Method Detail

      • decryptAllContainers

        public void decryptAllContainers​(RawTransaction t)
                          throws StandardException
        Finds all the all the containers stored in the data directory and decrypts them.
        Parameters:
        t - the transaction that is used for the decryption operation
        Throws:
        StandardException - Standard Derby error policy

      • encryptAllContainers

        public void encryptAllContainers​(RawTransaction t)
                          throws StandardException
        Find all the all the containers stored in the data directory and encrypt them.
        Parameters:
        t - the transaction that is used for the encryption operation
        Throws:
        StandardException - Standard Derby error policy

      • encryptOrDecryptAllContainers

        private void encryptOrDecryptAllContainers​(RawTransaction t,
                                           boolean doEncrypt)
                                    throws StandardException
        Encrypts or decrypts all containers in the database data directory.
        Parameters:
        t - transaction used for the cryptographic operation
        doEncrypt - tells whether to encrypt or decrypt
        Throws:
        StandardException - Standard Derby error policy

      • encryptOrDecryptContainer

        private void encryptOrDecryptContainer​(RawTransaction t,
                                       ContainerKey ckey,
                                       boolean doEncrypt)
                                throws StandardException
        Encrypts or decrypts the specified container.
        Parameters:
        t - transaction that used to perform the cryptographic operation
        ckey - the key of the container that is being encrypted/decrypted
        doEncrypt - tells whether to encrypt or decrypt
        Throws:
        StandardException - Standard Derby error policy

      • getFile

        private StorageFile getFile​(ContainerKey containerId,
                            boolean old)
        Get file handle to a container file that is used to keep temporary versions of the container file.

      • getFilePath

        private java.lang.String getFilePath​(ContainerKey containerId,
                                     boolean old)
        Get path to a container file that is used to keep temporary versions of the container file.

      • isOldContainerFile

        private boolean isOldContainerFile​(java.lang.String fileName)

      • getFile

        private StorageFile getFile​(java.lang.String ctrFileName)

      • removeOldVersionOfContainers

        public void removeOldVersionOfContainers()
                                  throws StandardException
        Removes old versions of the containers after a cryptographic operation on the database.
        Throws:
        StandardException

      • privExists

        private boolean privExists​(StorageFile file)

      • privDelete

        private boolean privDelete​(StorageFile file)

      • run

        public java.lang.Boolean run()
        Specified by:
        run in interface java.security.PrivilegedAction<java.lang.Boolean>