juanka588 commented on a change in pull request #1608: URL: https://github.com/apache/lucene-solr/pull/1608#discussion_r444991113
########## File path: lucene/core/src/java/org/apache/lucene/store/EncryptingDirectory.java ########## @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.lucene.store; + +import java.io.IOException; + +import org.apache.lucene.index.SegmentInfo; + +public class EncryptingDirectory extends FilterDirectory { + + private final KeySupplier keySupplier; + private final SegmentKeySupplier segmentKeySupplier; + private final SegmentInfo segmentInfo; + + public EncryptingDirectory(Directory directory, KeySupplier keySupplier) { + super(directory); + this.keySupplier = keySupplier; + segmentKeySupplier = null; + this.segmentInfo = null; + } + + public EncryptingDirectory(Directory directory, SegmentKeySupplier keySupplier, SegmentInfo segmentInfo) { + super(directory); + this.keySupplier = null; + segmentKeySupplier = keySupplier; + this.segmentInfo = segmentInfo; + } + + @Override + public IndexOutput createOutput(String name, IOContext context) + throws IOException { + IndexOutput indexOutput = in.createOutput(name, context); + byte[] key = getKey(name); + return key == null ? indexOutput : new EncryptingIndexOutput(indexOutput, key, getSegmentId()); + } + + @Override + public IndexOutput createTempOutput(String prefix, String suffix, IOContext context) throws IOException { + IndexOutput indexOutput = in.createTempOutput(prefix, suffix, context); + byte[] key = getKey(indexOutput.getName()); + return key == null ? indexOutput : new EncryptingIndexOutput(indexOutput, key, getSegmentId()); + } + + @Override + public IndexInput openInput(String name, IOContext context) + throws IOException { + IndexInput indexInput = in.openInput(name, context); + byte[] key = getKey(name); + return key == null ? indexInput : new EncryptingIndexInput(indexInput, key); + } + + private byte[] getKey(String fileName) { + return segmentInfo == null ? keySupplier.getKey(fileName) : segmentKeySupplier.getKey(segmentInfo, fileName); + } + + private byte[] getSegmentId() { + return segmentInfo == null ? null : segmentInfo.getId(); + } + + public interface KeySupplier { + + /** + * Gets the encryption key for the provided file name. + * @return The key; or null if none, in this case the data is not encrypted. It must be either 128, 192 or 256 bits long. + */ + byte[] getKey(String fileName); Review comment: is it expected to callers to modify this byte[] key? Otherwise it would be preferable to return an immutable object giving a view of the bytes ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
