Module aeonics.core

Package aeonics.manager

Class Vault

java.lang.Object

aeonics.entity.Entity

aeonics.manager.Manager.Type

aeonics.manager.Vault

All Implemented Interfaces:

Exportable, Snapshotable

public abstract class Vault
extends Manager.Type

The Vault is meant to store sensitive information in a secure manner, typically encrypted. It is possible to store and retrieve data with a (possibly empty) symmetric key or by providing an owning entity.

In order to be encrypted and decrypted, the Data.asString() form will be used. Therefore, it is important to use flat string data.

It is recommended but not mandatory that implementations rely on Security.encrypt(String, String) to encrypt the values.

Security notice related to the owning entity verification: The effectiveness of the implemented security model depends on the integrity and security of the system managing entity creation and ID assignment. This model is recommended for environments where access to the entity management system is controlled and entities are well-managed. Users should be aware that this method cannot protect against all types of identity spoofing or tampering if underlying assumptions about entity management are violated.

Implementations are encouraged to enforce access to the owning-entity methods only from a direct call of the entity class i.e. based on the stack trace.

Constructor Summary

Constructors

Constructor	Description
Vault()

Method Summary

Modifier and Type	Method	Description
Data	get(java.lang.String name)	Returns the data associated with the specified name.
abstract Data	get(java.lang.String name, Entity owner)	Returns the data associated with the specified name for the specified owning entity.
abstract Data	get(java.lang.String name, java.lang.String key)	Returns the data associated with the specified name.
java.lang.Class<? extends Manager.Type>	manager()	Hardcoded manager type
void	remove(java.lang.String name)	Removes the data associated with the specified name.
abstract void	remove(java.lang.String name, Entity owner)	Removes the data associated with the specified name for the specified entity.
abstract void	remove(java.lang.String name, java.lang.String key)	Removes the data associated with the specified name.
void	set(java.lang.String name, Data value)	Stores the value securely but not enforced by a specific key.
abstract void	set(java.lang.String name, Data value, Entity owner)	Stores the value securely in a way that only the owning entity has access to it.
abstract void	set(java.lang.String name, Data value, java.lang.String key)	Stores the value securely and enforced by a specific key (unless null).

Methods inherited from class aeonics.manager.Manager.Type

category, internal

Methods inherited from class aeonics.entity.Entity

addRelation, addRelation, addRelation, cast, clearRelation, config, defineRelation, equals, export, firstRelation, hashCode, hasRelation, id, name, name, onCreate, onRemove, onUpdate, parameter, relations, relationships, removeRelation, snapshot, type, valueOf, valueOf

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Vault

public Vault()

Method Detail

manager

public final java.lang.Class<? extends Manager.Type> manager()

Hardcoded manager type

Specified by:

manager in class Manager.Type

Returns:

the type of manager

get

public Data get(java.lang.String name)
         throws java.lang.SecurityException

Returns the data associated with the specified name. This is the same as calling get(String, String) with a null key.

Parameters:

name - the value to retrieve

Returns:

the secured data or null if there is no data associated with that name

Throws:

java.lang.SecurityException - if the value requires a non null key or if any other underlying security exception happens

get

public abstract Data get(java.lang.String name,
                         java.lang.String key)
                  throws java.lang.SecurityException

Returns the data associated with the specified name. The value is returned if the key matches.

Parameters:

name - the value to retrieve

key - the key

Returns:

the secured data or null if there is no data associated with that name

Throws:

java.lang.SecurityException - if the key does not match or if any other underlying security exception happens

set

public void set(java.lang.String name,
                Data value)
         throws java.lang.SecurityException

Stores the value securely but not enforced by a specific key.

This is the same as calling set(String, Data, String) with a null key.

The name should be unique because it will be shared globally.

Parameters:

name - the value name

value - the value data, it will be transformed Data.asString() in order to be encrypted

Throws:

java.lang.SecurityException - if you try to override an existing value with a non-null key or if any other underlying security exception happens

set

public abstract void set(java.lang.String name,
                         Data value,
                         java.lang.String key)
                  throws java.lang.SecurityException

Stores the value securely and enforced by a specific key (unless null).

The name should be unique because it will be shared globally.

Parameters:

name - the value name

value - the value data, it will be transformed Data.asString() in order to be encrypted

key - the key

Throws:

java.lang.SecurityException - if you try to override an existing value with a different key or if any other underlying security exception happens

remove

public void remove(java.lang.String name)
            throws java.lang.SecurityException

Removes the data associated with the specified name. This is the same as calling remove(String, String) with a null key.

Parameters:

name - the value to retrieve

Throws:

java.lang.SecurityException - if the value requires a non null key or if any other underlying security exception happens

remove

public abstract void remove(java.lang.String name,
                            java.lang.String key)
                     throws java.lang.SecurityException

Removes the data associated with the specified name. The value can be removed if the key matches.

Parameters:

name - the value to retrieve

key - the key

Throws:

java.lang.SecurityException - if the key does not match or if any other underlying security exception happens

get

public abstract Data get(java.lang.String name,
                         Entity owner)
                  throws java.lang.SecurityException

Returns the data associated with the specified name for the specified owning entity.

Parameters:

name - the value to retrieve

owner - the owning entity

Returns:

the secured data or null if there is no data associated with that name for that entity

Throws:

java.lang.SecurityException - if any underlying security exception happens

set

public abstract void set(java.lang.String name,
                         Data value,
                         Entity owner)
                  throws java.lang.SecurityException

Stores the value securely in a way that only the owning entity has access to it.

The name is scoped to the owning instance, so multiple instances can store values with the same name.

Parameters:

name - the value name

value - the value data, it will be transformed Data.asString() in order to be encrypted

owner - the owning entity

Throws:

java.lang.SecurityException - if you try to override an existing value with a different key or if any other underlying security exception happens

remove

public abstract void remove(java.lang.String name,
                            Entity owner)
                     throws java.lang.SecurityException

Removes the data associated with the specified name for the specified entity. The value can be removed if the owning entity instance matches.

Parameters:

name - the value to retrieve

owner - the owning entity

Throws:

java.lang.SecurityException - if any underlying security exception happens