Class EncryptedObject<T extends java.io.Serializable>
- java.lang.Object
-
- com.microstrategy.utils.encryptedobject.EncryptedObject<T>
-
public class EncryptedObject<T extends java.io.Serializable> extends java.lang.Object
This class is a wrapper class forSealedObject
to help simplify usage.EncryptedObject
can mitigate Heap Inspection vulnerabilities by encrypting sensitive information in memory. An encryption key is persisted in the directory specified bysetKeyFileDirectory(String)
.
-
-
Constructor Summary
Constructors Constructor Description EncryptedObject(java.io.Serializable var1)
Constructs a EncryptedObject from any Serializable object.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description T
getObject()
Retrieves the original (encapsulated) object.static void
init()
Initiate EncryptedObject with supported encryption algorithm, and generates an encryption key.static void
setKeyFileDirectory(java.lang.String inKeyFileDir)
Set the directory for saving the encryption key.
-
-
-
Constructor Detail
-
EncryptedObject
public EncryptedObject(java.io.Serializable var1) throws EncryptedObjectException
Constructs a EncryptedObject from any Serializable object. The given object is serialized, and its serialized contents are encrypted using a generated AES key.- Parameters:
var1
- the object to be sealed; please avoid using String if possible. String is immutable and may cause heap inspection vulnerability. Suggest to use char[] instead of String.- Throws:
EncryptedObjectException
- - if there is anything wrong during encryption.
-
-
Method Detail
-
init
public static void init() throws EncryptedObjectException
Initiate EncryptedObject with supported encryption algorithm, and generates an encryption key.- Throws:
EncryptedObjectException
- if there are problems during key generation.
-
setKeyFileDirectory
public static void setKeyFileDirectory(java.lang.String inKeyFileDir)
Set the directory for saving the encryption key. This is highly recommended. Otherwise, the system java.io.tmpdir working directory will be used - this may be problematic in scenarios where the system working directory may be periodically purged. If set to null, the system working directory will be used.- Parameters:
inKeyFileDir
- path to save the encryption key.- Throws:
MSTRUncheckedException
- if not a directory, or not readable/writeable, or if it does not exist and we are unable to create it.
-
getObject
public final T getObject() throws EncryptedObjectException
Retrieves the original (encapsulated) object. This method retrieve the AES key used to encrypt the object, creates a cipher, unseal and de-serialize the encapsulated object.- Returns:
- the original object.
- Throws:
EncryptedObjectException
- - if there is anything wrong during encryption.
-
-