Module aeonics.core

Class Vault

  • All Implemented Interfaces:
    Exportable, Snapshotable

    public abstract class Vault
    extends Manager.Type
    The Vault is meant to store sensitive information in a secure manner, typically encrypted. It is possible to store and retrieve data with a (possibly empty) symmetric key or by providing an owning entity.

    In order to be encrypted and decrypted, the Data.asString() form will be used. Therefore, it is important to use flat string data.

    It is recommended but not mandatory that implementations rely on Security.encrypt(String, String) to encrypt the values.

    Security notice related to the owning entity verification: The effectiveness of the implemented security model depends on the integrity and security of the system managing entity creation and ID assignment. This model is recommended for environments where access to the entity management system is controlled and entities are well-managed. Users should be aware that this method cannot protect against all types of identity spoofing or tampering if underlying assumptions about entity management are violated.

    Implementations are encouraged to enforce access to the owning-entity methods only from a direct call of the entity class i.e. based on the stack trace.

    • Constructor Detail

      • Vault

        public Vault()
    • Method Detail

      • manager

        public final java.lang.Class<? extends Manager.Type> manager()
        Hardcoded manager type
        Specified by:
        manager in class Manager.Type
        Returns:
        the type of manager
      • get

        public static Vault get()
        Returns the current active instance of this manager type.
        Returns:
        the current active instance of this manager type
      • get

        public Data get​(java.lang.String name)
                 throws java.lang.SecurityException
        Returns the data associated with the specified name. This is the same as calling get(String, String) with a null key.
        Parameters:
        name - the value to retrieve
        Returns:
        the secured data or null if there is no data associated with that name
        Throws:
        java.lang.SecurityException - if the value requires a non null key or if any other underlying security exception happens
      • get

        public abstract Data get​(java.lang.String name,
                                 java.lang.String key)
                          throws java.lang.SecurityException
        Returns the data associated with the specified name. The value is returned if the key matches.
        Parameters:
        name - the value to retrieve
        key - the key
        Returns:
        the secured data or null if there is no data associated with that name
        Throws:
        java.lang.SecurityException - if the key does not match or if any other underlying security exception happens
      • set

        public void set​(java.lang.String name,
                        Data value)
                 throws java.lang.SecurityException
        Stores the value securely but not enforced by a specific key.

        This is the same as calling set(String, Data, String) with a null key.

        The name should be unique because it will be shared globally.

        Parameters:
        name - the value name
        value - the value data, it will be transformed Data.asString() in order to be encrypted
        Throws:
        java.lang.SecurityException - if you try to override an existing value with a non-null key or if any other underlying security exception happens
      • set

        public abstract void set​(java.lang.String name,
                                 Data value,
                                 java.lang.String key)
                          throws java.lang.SecurityException
        Stores the value securely and enforced by a specific key (unless null).

        The name should be unique because it will be shared globally.

        Parameters:
        name - the value name
        value - the value data, it will be transformed Data.asString() in order to be encrypted
        key - the key
        Throws:
        java.lang.SecurityException - if you try to override an existing value with a different key or if any other underlying security exception happens
      • remove

        public void remove​(java.lang.String name)
                    throws java.lang.SecurityException
        Removes the data associated with the specified name. This is the same as calling remove(String, String) with a null key.
        Parameters:
        name - the value to retrieve
        Throws:
        java.lang.SecurityException - if the value requires a non null key or if any other underlying security exception happens
      • remove

        public abstract void remove​(java.lang.String name,
                                    java.lang.String key)
                             throws java.lang.SecurityException
        Removes the data associated with the specified name. The value can be removed if the key matches.
        Parameters:
        name - the value to retrieve
        key - the key
        Throws:
        java.lang.SecurityException - if the key does not match or if any other underlying security exception happens
      • get

        public abstract Data get​(java.lang.String name,
                                 Entity owner)
                          throws java.lang.SecurityException
        Returns the data associated with the specified name for the specified owning entity.
        Parameters:
        name - the value to retrieve
        owner - the owning entity
        Returns:
        the secured data or null if there is no data associated with that name for that entity
        Throws:
        java.lang.SecurityException - if any underlying security exception happens
      • set

        public abstract void set​(java.lang.String name,
                                 Data value,
                                 Entity owner)
                          throws java.lang.SecurityException
        Stores the value securely in a way that only the owning entity has access to it.

        The name is scoped to the owning instance, so multiple instances can store values with the same name.

        Parameters:
        name - the value name
        value - the value data, it will be transformed Data.asString() in order to be encrypted
        owner - the owning entity
        Throws:
        java.lang.SecurityException - if you try to override an existing value with a different key or if any other underlying security exception happens
      • remove

        public abstract void remove​(java.lang.String name,
                                    Entity owner)
                             throws java.lang.SecurityException
        Removes the data associated with the specified name for the specified entity. The value can be removed if the owning entity instance matches.
        Parameters:
        name - the value to retrieve
        owner - the owning entity
        Throws:
        java.lang.SecurityException - if any underlying security exception happens