Class EncryptOrDecryptData
java.lang.Object
org.apache.derby.impl.store.raw.data.EncryptOrDecryptData
- All Implemented Interfaces:
PrivilegedAction<Boolean>
This class is used to encrypt all the containers in the data segment with a
new encryption key when password/key is changed or when an existing database
is reconfigured for encryption.
Encryption of existing data in the data segments is done by doing the
following:
Find all the containers in data segment (seg0) and encrypt all of them
with the new encryption key, the process for each container is:
1.Write a log record to indicate that the container is getting encrypted.
2.Read all the pages of the container through the page cache and
encrypt each page with new encryption key and then write to a
temporary file(n.dat) in the data segment itself.
3. Rename the current container file (c.dat) to
another file (o.dat)
4. Rename the new encrypted version of the file (n<cid).dat) to be
the current container file (c.dat).
5. All the old version of the container (o.dat) files are removed
after a successful checkpoint with a new key or on a rollback.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate int
private StorageFile
private StorageFile
private BaseDataFileFactory
private static final int
private static final int
private static final int
private StorageFactory
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
Finds all the all the containers stored in the data directory and decrypts them.void
Find all the all the containers stored in the data directory and encrypt them.private void
encryptOrDecryptAllContainers
(RawTransaction t, boolean doEncrypt) Encrypts or decrypts all containers in the database data directory.private void
encryptOrDecryptContainer
(RawTransaction t, ContainerKey ckey, boolean doEncrypt) Encrypts or decrypts the specified container.private StorageFile
private StorageFile
getFile
(ContainerKey containerId, boolean old) Get file handle to a container file that is used to keep temporary versions of the container file.private String
getFilePath
(ContainerKey containerId, boolean old) Get path to a container file that is used to keep temporary versions of the container file.private boolean
isOldContainerFile
(String fileName) private boolean
privDelete
(StorageFile file) private boolean
privExists
(StorageFile file) private boolean
privRename
(StorageFile fromFile, StorageFile destFile) void
Removes old versions of the containers after a cryptographic operation on the database.(package private) void
restoreContainer
(ContainerKey containerId) run()
-
Field Details
-
dataFactory
-
storageFactory
-
STORAGE_FILE_EXISTS_ACTION
private static final int STORAGE_FILE_EXISTS_ACTION- See Also:
-
STORAGE_FILE_DELETE_ACTION
private static final int STORAGE_FILE_DELETE_ACTION- See Also:
-
STORAGE_FILE_RENAME_ACTION
private static final int STORAGE_FILE_RENAME_ACTION- See Also:
-
actionCode
private int actionCode -
actionStorageFile
-
actionDestStorageFile
-
-
Constructor Details
-
EncryptOrDecryptData
-
-
Method Details
-
decryptAllContainers
Finds all the all the containers stored in the data directory and decrypts them.- Parameters:
t
- the transaction that is used for the decryption operation- Throws:
StandardException
- Standard Derby error policy
-
encryptAllContainers
Find all the all the containers stored in the data directory and encrypt them.- Parameters:
t
- the transaction that is used for the encryption operation- Throws:
StandardException
- Standard Derby error policy
-
encryptOrDecryptAllContainers
private void encryptOrDecryptAllContainers(RawTransaction t, boolean doEncrypt) throws StandardException Encrypts or decrypts all containers in the database data directory.- Parameters:
t
- transaction used for the cryptographic operationdoEncrypt
- tells whether to encrypt or decrypt- Throws:
StandardException
- Standard Derby error policy
-
encryptOrDecryptContainer
private void encryptOrDecryptContainer(RawTransaction t, ContainerKey ckey, boolean doEncrypt) throws StandardException Encrypts or decrypts the specified container.- Parameters:
t
- transaction that used to perform the cryptographic operationckey
- the key of the container that is being encrypted/decrypteddoEncrypt
- tells whether to encrypt or decrypt- Throws:
StandardException
- Standard Derby error policy
-
getFile
Get file handle to a container file that is used to keep temporary versions of the container file. -
getFilePath
Get path to a container file that is used to keep temporary versions of the container file. -
isOldContainerFile
-
getFile
-
restoreContainer
- Throws:
StandardException
-
removeOldVersionOfContainers
Removes old versions of the containers after a cryptographic operation on the database.- Throws:
StandardException
-
privExists
-
privDelete
-
privRename
-
run
- Specified by:
run
in interfacePrivilegedAction<Boolean>
-