Class EncryptOrDecryptData

java.lang.Object
org.apache.derby.impl.store.raw.data.EncryptOrDecryptData
All Implemented Interfaces:
PrivilegedAction<Boolean>

public class EncryptOrDecryptData extends Object implements PrivilegedAction<Boolean>
This class is used to encrypt all the containers in the data segment with a new encryption key when password/key is changed or when an existing database is reconfigured for encryption. Encryption of existing data in the data segments is done by doing the following: Find all the containers in data segment (seg0) and encrypt all of them with the new encryption key, the process for each container is: 1.Write a log record to indicate that the container is getting encrypted. 2.Read all the pages of the container through the page cache and encrypt each page with new encryption key and then write to a temporary file(n.dat) in the data segment itself. 3. Rename the current container file (c.dat) to another file (o.dat) 4. Rename the new encrypted version of the file (n<cid).dat) to be the current container file (c.dat). 5. All the old version of the container (o.dat) files are removed after a successful checkpoint with a new key or on a rollback.
  • Field Details

    • dataFactory

      private BaseDataFileFactory dataFactory
    • storageFactory

      private StorageFactory storageFactory
    • STORAGE_FILE_EXISTS_ACTION

      private static final int STORAGE_FILE_EXISTS_ACTION
      See Also:
    • STORAGE_FILE_DELETE_ACTION

      private static final int STORAGE_FILE_DELETE_ACTION
      See Also:
    • STORAGE_FILE_RENAME_ACTION

      private static final int STORAGE_FILE_RENAME_ACTION
      See Also:
    • actionCode

      private int actionCode
    • actionStorageFile

      private StorageFile actionStorageFile
    • actionDestStorageFile

      private StorageFile actionDestStorageFile
  • Constructor Details

  • Method Details

    • decryptAllContainers

      public void decryptAllContainers(RawTransaction t) throws StandardException
      Finds all the all the containers stored in the data directory and decrypts them.
      Parameters:
      t - the transaction that is used for the decryption operation
      Throws:
      StandardException - Standard Derby error policy
    • encryptAllContainers

      public void encryptAllContainers(RawTransaction t) throws StandardException
      Find all the all the containers stored in the data directory and encrypt them.
      Parameters:
      t - the transaction that is used for the encryption operation
      Throws:
      StandardException - Standard Derby error policy
    • encryptOrDecryptAllContainers

      private void encryptOrDecryptAllContainers(RawTransaction t, boolean doEncrypt) throws StandardException
      Encrypts or decrypts all containers in the database data directory.
      Parameters:
      t - transaction used for the cryptographic operation
      doEncrypt - tells whether to encrypt or decrypt
      Throws:
      StandardException - Standard Derby error policy
    • encryptOrDecryptContainer

      private void encryptOrDecryptContainer(RawTransaction t, ContainerKey ckey, boolean doEncrypt) throws StandardException
      Encrypts or decrypts the specified container.
      Parameters:
      t - transaction that used to perform the cryptographic operation
      ckey - the key of the container that is being encrypted/decrypted
      doEncrypt - tells whether to encrypt or decrypt
      Throws:
      StandardException - Standard Derby error policy
    • getFile

      private StorageFile getFile(ContainerKey containerId, boolean old)
      Get file handle to a container file that is used to keep temporary versions of the container file.
    • getFilePath

      private String getFilePath(ContainerKey containerId, boolean old)
      Get path to a container file that is used to keep temporary versions of the container file.
    • isOldContainerFile

      private boolean isOldContainerFile(String fileName)
    • getFile

      private StorageFile getFile(String ctrFileName)
    • restoreContainer

      void restoreContainer(ContainerKey containerId) throws StandardException
      Throws:
      StandardException
    • removeOldVersionOfContainers

      public void removeOldVersionOfContainers() throws StandardException
      Removes old versions of the containers after a cryptographic operation on the database.
      Throws:
      StandardException
    • privExists

      private boolean privExists(StorageFile file)
    • privDelete

      private boolean privDelete(StorageFile file)
    • privRename

      private boolean privRename(StorageFile fromFile, StorageFile destFile)
    • run

      public Boolean run()
      Specified by:
      run in interface PrivilegedAction<Boolean>