mirror of
				https://github.com/Alfresco/alfresco-community-repo.git
				synced 2025-10-22 15:12:38 +00:00 
			
		
		
		
	- Properties have to be encrypted and decrypted in code using MetadataEncryptor ('metadataEncryptor')
   - No conversion, encryption or decryption is done by Alfresco
   - Unencrypted values cannot be persisted and get thrown out
   - ALF-8646: RINF 38: Text data encryption
   - ALF-8956: RINF 38: Encryption key password specified by installer
   - ALF-9055: RINF 38: Support encryption against existing data
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28480 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
		
	
		
			
				
	
	
		
			205 lines
		
	
	
		
			7.7 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
			
		
		
	
	
			205 lines
		
	
	
		
			7.7 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
| /*
 | |
|  * Copyright (C) 2005-2010 Alfresco Software Limited.
 | |
|  *
 | |
|  * This file is part of Alfresco
 | |
|  *
 | |
|  * Alfresco is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU Lesser General Public License as published by
 | |
|  * the Free Software Foundation, either version 3 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * Alfresco is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU Lesser General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Lesser General Public License
 | |
|  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 | |
|  */
 | |
| package org.alfresco.repo.node.integrity;
 | |
| 
 | |
| import java.io.Serializable;
 | |
| import java.util.Collection;
 | |
| import java.util.List;
 | |
| import java.util.Map;
 | |
| import java.util.Set;
 | |
| 
 | |
| import javax.crypto.SealedObject;
 | |
| 
 | |
| import org.alfresco.model.ContentModel;
 | |
| import org.alfresco.service.cmr.dictionary.AspectDefinition;
 | |
| import org.alfresco.service.cmr.dictionary.Constraint;
 | |
| import org.alfresco.service.cmr.dictionary.ConstraintDefinition;
 | |
| import org.alfresco.service.cmr.dictionary.ConstraintException;
 | |
| import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
 | |
| import org.alfresco.service.cmr.dictionary.DictionaryService;
 | |
| import org.alfresco.service.cmr.dictionary.PropertyDefinition;
 | |
| import org.alfresco.service.cmr.dictionary.TypeDefinition;
 | |
| import org.alfresco.service.cmr.repository.NodeRef;
 | |
| import org.alfresco.service.cmr.repository.NodeService;
 | |
| import org.alfresco.service.namespace.QName;
 | |
| import org.apache.commons.logging.Log;
 | |
| import org.apache.commons.logging.LogFactory;
 | |
| 
 | |
| /**
 | |
|  * Event raised to check nodes
 | |
|  * 
 | |
|  * @author Derek Hulley
 | |
|  */
 | |
| public class PropertiesIntegrityEvent extends AbstractIntegrityEvent
 | |
| {
 | |
|     private static Log logger = LogFactory.getLog(PropertiesIntegrityEvent.class);
 | |
|     
 | |
|     protected PropertiesIntegrityEvent(
 | |
|             NodeService nodeService,
 | |
|             DictionaryService dictionaryService,
 | |
|             NodeRef nodeRef)
 | |
|     {
 | |
|         super(nodeService, dictionaryService, nodeRef, null, null);
 | |
|     }
 | |
|     
 | |
|     public void checkIntegrity(List<IntegrityRecord> eventResults)
 | |
|     {
 | |
|         NodeRef nodeRef = getNodeRef();
 | |
|         if (!nodeService.exists(nodeRef))
 | |
|         {
 | |
|             // node has gone
 | |
|             if (logger.isDebugEnabled())
 | |
|             {
 | |
|                 logger.debug("Event ignored - node gone: " + this);
 | |
|             }
 | |
|             eventResults.clear();
 | |
|             return;
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|             checkAllProperties(getNodeRef(), eventResults);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Checks the properties for the type and aspects of the given node.
 | |
|      */
 | |
|     private void checkAllProperties(NodeRef nodeRef, List<IntegrityRecord> eventResults)
 | |
|     {
 | |
|         // get all properties for the node
 | |
|         Map<QName, Serializable> nodeProperties = nodeService.getProperties(nodeRef);
 | |
|         
 | |
|         // get the node type
 | |
|         QName nodeTypeQName = nodeService.getType(nodeRef);
 | |
|         // get property definitions for the node type
 | |
|         TypeDefinition typeDef = dictionaryService.getType(nodeTypeQName);
 | |
|         if (typeDef == null)
 | |
|         {
 | |
|             // Type not found, so ignore properties
 | |
|             return;
 | |
|         }
 | |
|         Collection<PropertyDefinition> propertyDefs = typeDef.getProperties().values();
 | |
|         // check them
 | |
|         checkAllProperties(nodeRef, nodeTypeQName, propertyDefs, nodeProperties, eventResults);
 | |
|         
 | |
|         // get the node aspects
 | |
|         Set<QName> aspectTypeQNames = nodeService.getAspects(nodeRef);
 | |
|         for (QName aspectTypeQName : aspectTypeQNames)
 | |
|         {
 | |
|             // Shortcut sys:referencable
 | |
|             if (aspectTypeQName.equals(ContentModel.ASPECT_REFERENCEABLE))
 | |
|             {
 | |
|                 continue;
 | |
|             }
 | |
|             // Shortcut cm:auditable
 | |
|             if (aspectTypeQName.equals(ContentModel.ASPECT_AUDITABLE))
 | |
|             {
 | |
|                 continue;
 | |
|             }
 | |
|             
 | |
|             // get property definitions for the aspect
 | |
|             AspectDefinition aspectDef = dictionaryService.getAspect(aspectTypeQName);
 | |
|             if (aspectDef == null)
 | |
|             {
 | |
|                 // Aspect not found, so can't check properties
 | |
|                 continue;
 | |
|             }
 | |
|             propertyDefs = aspectDef.getProperties().values();
 | |
|             // check them
 | |
|             checkAllProperties(nodeRef, aspectTypeQName, propertyDefs, nodeProperties, eventResults);
 | |
|         }
 | |
|         // done
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Checks the specific map of properties against the required property definitions
 | |
|      * 
 | |
|      * @param nodeRef the node to which this applies
 | |
|      * @param typeQName the qualified name of the aspect or type to which the properties belong
 | |
|      * @param propertyDefs the definitions to check against - may be null or empty
 | |
|      * @param nodeProperties the properties to check
 | |
|      */
 | |
|     private void checkAllProperties(
 | |
|             NodeRef nodeRef,
 | |
|             QName typeQName,
 | |
|             Collection<PropertyDefinition> propertyDefs,
 | |
|             Map<QName, Serializable> nodeProperties,
 | |
|             Collection<IntegrityRecord> eventResults)
 | |
|     {
 | |
|         // check for null or empty definitions
 | |
|         if (propertyDefs == null || propertyDefs.isEmpty())
 | |
|         {
 | |
|             return;
 | |
|         }
 | |
|         for (PropertyDefinition propertyDef : propertyDefs)
 | |
|         {
 | |
|             QName propertyQName = propertyDef.getName();
 | |
|             // check that enforced, mandatoryproperties are set
 | |
|             if (propertyDef.isMandatory() && propertyDef.isMandatoryEnforced() && !nodeProperties.containsKey(propertyQName))
 | |
|             {
 | |
|                 IntegrityRecord result = new IntegrityRecord(
 | |
|                         "Mandatory property not set: \n" +
 | |
|                         "   Node: " + nodeRef + "\n" +
 | |
|                         "   Type: " + typeQName + "\n" +
 | |
|                         "   Property: " + propertyQName);
 | |
|                 eventResults.add(result);
 | |
|                 // next one
 | |
|                 continue;
 | |
|             }
 | |
|             Serializable propertyValue = nodeProperties.get(propertyQName);
 | |
|             // Check for encryption first
 | |
|             if (propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED))
 | |
|             {
 | |
|                 if (propertyValue != null && !(propertyValue instanceof SealedObject))
 | |
|                 {
 | |
|                     IntegrityRecord result = new IntegrityRecord(
 | |
|                             "Property must be encrypted: \n" +
 | |
|                             "   Node: " + nodeRef + "\n" +
 | |
|                             "   Type: " + typeQName + "\n" +
 | |
|                             "   Property: " + propertyQName);
 | |
|                     eventResults.add(result);
 | |
|                 }
 | |
|             }
 | |
|             // check constraints
 | |
|             List<ConstraintDefinition> constraintDefs = propertyDef.getConstraints();
 | |
|             for (ConstraintDefinition constraintDef : constraintDefs)
 | |
|             {
 | |
|                 // get the constraint implementation
 | |
|                 Constraint constraint = constraintDef.getConstraint();
 | |
|                 try
 | |
|                 {
 | |
|                     constraint.evaluate(propertyValue);
 | |
|                 }
 | |
|                 catch (ConstraintException e)
 | |
|                 {
 | |
|                     IntegrityRecord result = new IntegrityRecord(
 | |
|                             "Invalid property value: \n" +
 | |
|                             "   Node: " + nodeRef + "\n" +
 | |
|                             "   Type: " + typeQName + "\n" +
 | |
|                             "   Property: " + propertyQName + "\n" +
 | |
|                             "   Constraint: " + e.getMessage());
 | |
|                     eventResults.add(result);
 | |
|                     // next one
 | |
|                     continue;
 | |
|                 }
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| }
 |