[aerogear-dev] AeroGear Android Crypto / DataManager Proposal
Corinne Krych
corinnekrych at gmail.com
Tue Nov 5 02:41:26 EST 2013
Hello all,
I've got 2 points:
- modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto.
- Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion.
thoughts?
++
Corinne
On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel at passos.me> wrote:
> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release
> DataManager
>
> public Store encryptedStore(String storeName, String passphrase) {
> // TODO Create a default passphrase-based KeyStore
> KeyStore keyStore = null;
> return encryptedStore(storeName, keyStore);
> }
>
> public Store encryptedStore(String storeName, KeyStore keyStore) {
> StoreConfig storeConfig = new StoreConfig();
> storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY);
> return encryptedStore(storeName, storeConfig, keyStore);
> }
>
> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) {
> // TODO Create a default passphrase-based KeyStore
> KeyStore keyStore = null;
> return encryptedStore(storeName, config, keyStore);
> }
>
> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) {
> config.setKeyStore(keyStore);
> Store store = storeFactory.createStore(config);
> stores.put(storeName, store);
> return store;
> }
>
> EncryptedMemoryStore
>
> public class EncryptedMemoryStore<T> implements Store<T> {
>
> private final MemoryStorage<T> memoryStorage;
> private final CryptoUtils<T> cryptoUtils;
>
> public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) {
> memoryStorage = new MemoryStorage(idGenerator);
> cryptoUtils = new CryptoUtils<T>(keyStore);
> }
>
> @Override
> public StoreType getType() {
> return StoreTypes.ENCRYPTED_MEMORY;
> }
>
> @Override
> public Collection<T> readAll() throws InvalidKeyException {
> Collection<T> encryptedCollection = memoryStorage.readAll();
> return cryptoUtils.decrypt(encryptedCollection);
> }
>
> @Override
> public T read(Serializable id) throws InvalidKeyException {
> T encryptedItem = memoryStorage.read(id);
> return cryptoUtils.decrypt(encryptedItem);
> }
>
> @Override
> public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException {
> List<T> encryptedList = memoryStorage.readWithFilter(filter);
> return cryptoUtils.decrypt(encryptedList);
> }
>
> @Override
> public void save(T item) {
> memoryStorage.save(cryptoUtils.encrypt(item));
> }
>
> @Override
> public void reset() {
> memoryStorage.reset();
> }
>
> @Override
> public void remove(Serializable id) {
> memoryStorage.remove(id);
> }
>
> @Override
> public boolean isEmpty() {
> return memoryStorage.isEmpty();
> }
>
> }
>
> CryptoUtils
>
> Here is where the magic happens.
>
>
> public class CryptoUtils<T> {
>
> private final KeyStore keyStore;
>
> public CryptoUtils(KeyStore keyStore) {
> this.keyStore = keyStore;
> }
>
> public Collection<T> decrypt(Collection<T> encryptedCollection) {
> List<T> decryptedList = new ArrayList<T>();
> for (T item : encryptedCollection) {
> decryptedList.add(decrypt(item));
> }
> return decryptedList;
> }
>
> public List<T> decrypt(List<T> encryptedList) {
> List<T> decryptedList = new ArrayList<T>();
> for (T item : encryptedList) {
> decryptedList.add(decrypt(item));
> }
> return decryptedList;
> }
>
> public T decrypt(T item) {
> // TODO Read all fields and decrypt
> return item;
> }
>
> public T encrypt(T item) {
> // TODO Read all fields and encrypt
> return item;
> }
>
> }
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list