Package org.saidone.repository

Class EncryptedS3RepositoryImpl

java.lang.Object

org.saidone.component.BaseComponent

org.saidone.repository.S3RepositoryImpl

org.saidone.repository.EncryptedS3RepositoryImpl

All Implemented Interfaces:

S3Repository, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

@Service
@ConditionalOnExpression("${application.service.vault.encryption.enabled}.equals(true) and \'${application.service.vault.storage.impl}\'.equals(\'s3\')")
public class EncryptedS3RepositoryImpl
extends S3RepositoryImpl

S3RepositoryImpl variant that transparently encrypts data before uploading to S3 and decrypts it when retrieved. Encryption is delegated to the provided CryptoService.

The bean becomes active only when application.service.vault.encryption.enabled is true and application.service.vault.storage.impl equals "s3".

Field Summary

Fields inherited from class org.saidone.repository.S3RepositoryImpl

s3Client

Constructor Summary

Constructors

Constructor	Description
EncryptedS3RepositoryImpl(software.amazon.awssdk.services.s3.S3Client s3Client, SecretService secretService, CryptoService cryptoService)	Creates a new repository instance using the given AWS client and cryptographic service.

Method Summary

Modifier and Type	Method	Description
InputStream	getObject(String bucketName, String nodeId)	Retrieves the encrypted object content from S3 and returns a decrypted stream using the configured CryptoService.
void	putObject(String bucketName, org.alfresco.core.model.Node node, HashMap<String,String> metadata, InputStream inputStream)	Encrypts the provided content stream and stores it in S3.

Methods inherited from class org.saidone.component.BaseComponent

init, setApplicationContext, shutDown, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

EncryptedS3RepositoryImpl

public EncryptedS3RepositoryImpl(software.amazon.awssdk.services.s3.S3Client s3Client,
 SecretService secretService,
 CryptoService cryptoService)

Creates a new repository instance using the given AWS client and cryptographic service.

Parameters:

s3Client - AWS S3 client

secretService - service providing encryption material

cryptoService - service responsible for encryption and decryption

Method Details

putObject

public void putObject(String bucketName,
 org.alfresco.core.model.Node node,
 HashMap<String,String> metadata,
 InputStream inputStream)

Encrypts the provided content stream and stores it in S3. The object's metadata is updated to mark it as encrypted before delegating to the parent implementation.

Specified by:

putObject in interface S3Repository

Overrides:

putObject in class S3RepositoryImpl

Parameters:

bucketName - destination bucket

node - node whose id acts as the key

metadata - optional object metadata to associate with the stored object

inputStream - content stream to encrypt and upload

getObject

public InputStream getObject(String bucketName,
 String nodeId)

Retrieves the encrypted object content from S3 and returns a decrypted stream using the configured CryptoService.

Specified by:

getObject in interface S3Repository

Overrides:

getObject in class S3RepositoryImpl

Parameters:

bucketName - bucket containing the object

nodeId - the node id / object key

Returns:

decrypted content stream