Package com.microstrategy.utils.encryptedobject

Class EncryptedObject<T extends java.io.Serializable>

  • public class EncryptedObject<T extends java.io.Serializable>
extends java.lang.Object
    This class is a wrapper class for SealedObject to help simplify usage. EncryptedObject can mitigate Heap Inspection vulnerabilities by encrypting sensitive information in memory. An encryption key is persisted in the directory specified by setKeyFileDirectory(String).

    • Constructor Summary

      Constructors 
      Constructor Description
      EncryptedObject​(java.io.Serializable var1)
      Constructs a EncryptedObject from any Serializable object.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      T getObject()
      Retrieves the original (encapsulated) object.
      static void init()
      Initiate EncryptedObject with supported encryption algorithm, and generates an encryption key.
      static void setKeyFileDirectory​(java.lang.String inKeyFileDir)
      Set the directory for saving the encryption key.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • EncryptedObject

        public EncryptedObject​(java.io.Serializable var1)
                throws EncryptedObjectException
        Constructs a EncryptedObject from any Serializable object. The given object is serialized, and its serialized contents are encrypted using a generated AES key.
        Parameters:
        var1 - the object to be sealed; please avoid using String if possible. String is immutable and may cause heap inspection vulnerability. Suggest to use char[] instead of String.
        Throws:
        EncryptedObjectException - - if there is anything wrong during encryption.

    • Method Detail

      • init

        public static void init()
                 throws EncryptedObjectException
        Initiate EncryptedObject with supported encryption algorithm, and generates an encryption key.
        Throws:
        EncryptedObjectException - if there are problems during key generation.

      • setKeyFileDirectory

        public static void setKeyFileDirectory​(java.lang.String inKeyFileDir)
        Set the directory for saving the encryption key. This is highly recommended. Otherwise, the system java.io.tmpdir working directory will be used - this may be problematic in scenarios where the system working directory may be periodically purged. If set to null, the system working directory will be used.
        Parameters:
        inKeyFileDir - path to save the encryption key.
        Throws:
        MSTRUncheckedException - if not a directory, or not readable/writeable, or if it does not exist and we are unable to create it.

      • getObject

        public final T getObject()
                  throws EncryptedObjectException
        Retrieves the original (encapsulated) object. This method retrieve the AES key used to encrypt the object, creates a cipher, unseal and de-serialize the encapsulated object.
        Returns:
        the original object.
        Throws:
        EncryptedObjectException - - if there is anything wrong during encryption.