org.apache.nifi.registry.security.crypto

Class BootstrapFileCryptoKeyProvider

java.lang.Object

org.apache.nifi.registry.security.crypto.BootstrapFileCryptoKeyProvider

All Implemented Interfaces:

CryptoKeyProvider

public class BootstrapFileCryptoKeyProvider
extends Object
implements CryptoKeyProvider

An implementation of CryptoKeyProvider that loads the key from disk every time it is needed. The persistence-backing of the key is in the bootstrap.conf file, which must be provided to the constructor of this class. As key access for sensitive value decryption is only used a few times during server initialization, this implementation trades efficiency for security by only keeping the key in memory with an in-scope reference for a brief period of time (assuming callers do not maintain an in-scope reference).

See Also:

CryptoKeyProvider

Field Summary

Fields

Modifier and Type	Field and Description
private String	bootstrapFile
private static org.slf4j.Logger	logger

Fields inherited from interface org.apache.nifi.registry.security.crypto.CryptoKeyProvider

EMPTY_KEY

Constructor Summary

Constructors

Constructor and Description
BootstrapFileCryptoKeyProvider(String bootstrapFilePath) Construct a new instance backed by the contents of a bootstrap.conf file.

Method Summary

Modifier and Type	Method and Description
String	getBootstrapFile()
String	getKey()
String	toString() A string representation of this CryptoKeyProvider instance.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.nifi.registry.security.crypto.CryptoKeyProvider

isEmpty

Field Detail

logger

private static final org.slf4j.Logger logger

bootstrapFile

private final String bootstrapFile

Constructor Detail

BootstrapFileCryptoKeyProvider

public BootstrapFileCryptoKeyProvider(String bootstrapFilePath)

Construct a new instance backed by the contents of a bootstrap.conf file.

Parameters:

bootstrapFilePath - The path to the bootstrap.conf file for this instance of NiFi Registry. Must not be null.

Method Detail

getBootstrapFile

public String getBootstrapFile()

Returns:

The bootstrap file path that backs this provider instance.

getKey

public String getKey()
              throws MissingCryptoKeyException

Specified by:

getKey in interface CryptoKeyProvider

Returns:

The crypto key known to this CryptoKeyProvider instance in hexadecimal format, or CryptoKeyProvider.EMPTY_KEY if the key is empty.

Throws:

MissingCryptoKeyException - if the key cannot be provided or determined for any reason. If the key is known to be empty, CryptoKeyProvider.EMPTY_KEY will be returned and a CryptoKeyMissingException will not be thrown

toString

public String toString()

Description copied from interface: CryptoKeyProvider

A string representation of this CryptoKeyProvider instance.

Note: Implementations of this interface should take care not to leak sensitive key material in any strings they emmit, including in the toString implementation.

Specified by:

toString in interface CryptoKeyProvider

Overrides:

toString in class Object

Returns:

A string representation of this CryptoKeyProvider instance.