alexaClientSDK::acsdkProperties::EncryptedProperties Class Reference

Properties adapter with field encryption. More...

#include <EncryptedProperties.h>

Inheritance diagram for alexaClientSDK::acsdkProperties::EncryptedProperties:

Collaboration diagram for alexaClientSDK::acsdkProperties::EncryptedProperties:

Public Member Functions
PropertiesInterface methods.
bool	getString (const std::string &key, std::string &value) noexcept override
	Method to load string value from configuration. More...
bool	putString (const std::string &key, const std::string &value) noexcept override
	Method to store string value into configuration. More...
bool	getBytes (const std::string &key, Bytes &value) noexcept override
	Method to load binary value from configuration. More...
bool	putBytes (const std::string &key, const Bytes &value) noexcept override
	Method to store binary value into configuration. More...
bool	remove (const std::string &key) noexcept override
	Removes a property with a given name. More...
bool	getKeys (std::unordered_set< std::string > &valueContainer) noexcept override
	Method to inspect existing properties. More...
bool	clear () noexcept override
	Removes all properties from a configuration container. More...
Public Member Functions inherited from alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface
virtual	~PropertiesInterface () noexcept=default
	Destructor. More...

Static Public Member Functions
static std::shared_ptr< PropertiesInterface >	create (const std::string &configUri, const std::shared_ptr< PropertiesInterface > &innerProperties, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface > &cryptoFactory, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface > &keyStore) noexcept

Protected Types
typedef acsdkCryptoInterfaces::KeyStoreInterface::IV	IV
typedef acsdkCryptoInterfaces::KeyStoreInterface::DataBlock	DataBlock
typedef acsdkCryptoInterfaces::KeyStoreInterface::KeyChecksum	KeyChecksum
typedef acsdkCryptoInterfaces::CryptoCodecInterface::Key	Key
typedef acsdkCryptoInterfaces::CryptoCodecInterface::Tag	Tag

Protected Member Functions
	EncryptedProperties (const std::string &configUri, const std::shared_ptr< PropertiesInterface > &innerProperties, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface > &cryptoFactory, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface > &keyStore) noexcept
bool	init () noexcept
StatusCode	upgradeEncryption (RetryExecutor &executor, const std::unordered_set< std::string > &keys) noexcept
StatusCode	loadAndDecryptDataKey (RetryExecutor &executor) noexcept
bool	encryptAndEncodePropertyValue (const std::string &key, const Bytes &plaintext, Bytes &encodedCiphertext) noexcept
bool	decodeAndDecryptPropertyValue (const std::string &key, const Bytes &encodedCiphertext, Bytes &plaintext) noexcept
bool	encryptAndPutInternal (const std::string &key, const Bytes &plaintext) noexcept
bool	getAndDecryptInternal (const std::string &key, Bytes &plaintext) noexcept
StatusCode	generateAndStoreDataKeyWithRetries (RetryExecutor &executor) noexcept
bool	loadKeysWithRetries (RetryExecutor &executor, std::unordered_set< std::string > &keys) noexcept
bool	storeValueWithRetries (RetryExecutor &executor, const std::string &key, const Bytes &data, bool canDrop) noexcept
bool	loadValueWithRetries (RetryExecutor &executor, const std::string &key, Bytes &data) noexcept
bool	deleteValueWithRetries (RetryExecutor &executor, const std::string &key) noexcept
bool	clearAllValuesWithRetries (RetryExecutor &executor) noexcept
bool	executeKeyOperationWithRetries (RetryExecutor &executor, const std::string &operationName, const std::string &key, const std::function< bool()> &operation) noexcept
bool	generateDataKeyWithRetries (RetryExecutor &executor) noexcept
	Generate new data key. More...
bool	encryptAndEncodeDataKeyWithRetries (RetryExecutor &executor, Bytes &encoded) noexcept
StatusCode	decodeAndDecryptDataKey (const Bytes &encoded) noexcept
bool	encryptDataKey (std::string &mainKeyAlias, alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType &algorithmType, KeyChecksum &mainKeyChecksum, IV &dataKeyIV, DataBlock &dataKeyCiphertext, Tag &dataKeyTag) noexcept
bool	decryptDataKey (const std::string &mainKeyAlias, alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType dataKeyAlgorithm, const KeyChecksum &mainKeyChecksum, const IV &dataKeyIV, const DataBlock &keyCiphertext, const Tag &dataKeyTag) noexcept
bool	doClear (RetryExecutor &helper) noexcept

Protected Attributes
const std::string	m_configUri
	Configuration namespace (for error callbacks). More...
const std::shared_ptr< PropertiesInterface >	m_innerProperties
	Underlying storage interface. More...
const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface >	m_cryptoFactory
	Cryptography service factory. More...
const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface >	m_keyStore
	HSM keystore interface. More...
alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType	m_dataAlgorithmType
	Actual algorithm type in use. More...
Key	m_dataKey
	Data key in use. More...

Additional Inherited Members
Public Types inherited from alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface
typedef std::vector< unsigned char >	Bytes
	Bytes data type. This data type represent a continuous byte array. More...

Detailed Description

Properties adapter with field encryption.

This class wraps underlying PropertiesInterface with encryption support. All property values are encrypted on save and decrypted on load. When this adapter initializes for the first time, it automatically encrypts all fields. To manage encryption key, additional data is stored with '$acsdkEncryption$' property name. This property contains algorithms to use and encrypted data key. The data key itself is encrypted using HSM key store.

This class is thread safe and can be shared between multiple consumers.

Member Typedef Documentation

DataBlock

typedef acsdkCryptoInterfaces::KeyStoreInterface::DataBlock alexaClientSDK::acsdkProperties::EncryptedProperties::DataBlock

protected

IV

typedef acsdkCryptoInterfaces::KeyStoreInterface::IV alexaClientSDK::acsdkProperties::EncryptedProperties::IV

protected

Key

typedef acsdkCryptoInterfaces::CryptoCodecInterface::Key alexaClientSDK::acsdkProperties::EncryptedProperties::Key

protected

KeyChecksum

typedef acsdkCryptoInterfaces::KeyStoreInterface::KeyChecksum alexaClientSDK::acsdkProperties::EncryptedProperties::KeyChecksum

protected

Tag

typedef acsdkCryptoInterfaces::CryptoCodecInterface::Tag alexaClientSDK::acsdkProperties::EncryptedProperties::Tag

protected

Constructor & Destructor Documentation

EncryptedProperties()

alexaClientSDK::acsdkProperties::EncryptedProperties::EncryptedProperties ( const std::string &  configUri, const std::shared_ptr< PropertiesInterface > &  innerProperties, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface > &  cryptoFactory, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface > &  keyStore  )

protectednoexcept

Member Function Documentation

clear()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::clear ( )

overridevirtualnoexcept

Removes all properties from a configuration container.

This method removes all properties from a configuration container.

Returns

True if the container has been cleared. In case of error, false is returned, and the contents of container is undefined.

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

clearAllValuesWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::clearAllValuesWithRetries ( RetryExecutor &  executor )

protectednoexcept

create()

std::shared_ptr< PropertiesInterface > alexaClientSDK::acsdkProperties::EncryptedProperties::create ( const std::string &  configUri, const std::shared_ptr< PropertiesInterface > &  innerProperties, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface > &  cryptoFactory, const std::shared_ptr< alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface > &  keyStore  )

staticnoexcept

decodeAndDecryptDataKey()

StatusCode alexaClientSDK::acsdkProperties::EncryptedProperties::decodeAndDecryptDataKey ( const Bytes &  encoded )

protectednoexcept

decodeAndDecryptPropertyValue()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::decodeAndDecryptPropertyValue ( const std::string &  key, const Bytes &  encodedCiphertext, Bytes &  plaintext  )

protectednoexcept

decryptDataKey()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::decryptDataKey ( const std::string &  mainKeyAlias, alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType  dataKeyAlgorithm, const KeyChecksum &  mainKeyChecksum, const IV &  dataKeyIV, const DataBlock &  keyCiphertext, const Tag &  dataKeyTag  )

protectednoexcept

deleteValueWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::deleteValueWithRetries ( RetryExecutor &  executor, const std::string &  key  )

protectednoexcept

doClear()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::doClear ( RetryExecutor &  helper )

protectednoexcept

encryptAndEncodeDataKeyWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::encryptAndEncodeDataKeyWithRetries ( RetryExecutor &  executor, Bytes &  encoded  )

protectednoexcept

encryptAndEncodePropertyValue()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::encryptAndEncodePropertyValue ( const std::string &  key, const Bytes &  plaintext, Bytes &  encodedCiphertext  )

protectednoexcept

encryptAndPutInternal()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::encryptAndPutInternal ( const std::string &  key, const Bytes &  plaintext  )

protectednoexcept

encryptDataKey()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::encryptDataKey ( std::string &  mainKeyAlias, alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType &  algorithmType, KeyChecksum &  mainKeyChecksum, IV &  dataKeyIV, DataBlock &  dataKeyCiphertext, Tag &  dataKeyTag  )

protectednoexcept

executeKeyOperationWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::executeKeyOperationWithRetries ( RetryExecutor &  executor, const std::string &  operationName, const std::string &  key, const std::function< bool()> &  operation  )

protectednoexcept

generateAndStoreDataKeyWithRetries()

StatusCode alexaClientSDK::acsdkProperties::EncryptedProperties::generateAndStoreDataKeyWithRetries ( RetryExecutor &  executor )

protectednoexcept

generateDataKeyWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::generateDataKeyWithRetries ( RetryExecutor &  executor )

protectednoexcept

Generate new data key.

Method generates new data key and stores it in this instance. If there is an error, the method attempts to do retries.

Parameters

[in]

helper

Executor for perform operation with retries.

Returns

True if operation succeeds, false otherwise.

getAndDecryptInternal()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::getAndDecryptInternal ( const std::string &  key, Bytes &  plaintext  )

protectednoexcept

getBytes()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::getBytes ( const std::string &  key, Bytes &  value  )

overridevirtualnoexcept

Method to load binary value from configuration.

This method loads binary value from configuration. If the value in the storage is not binary data, the method behaviour is undefined.

Parameters

[in]	key	Configuration key.
[out]	value	If the method completes successfully, value will contain loaded value. Otherwise contents of value is unmodified.

Returns

True if value has been loaded, false otherwise.

See also

putBytes

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

getKeys()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::getKeys ( std::unordered_set< std::string > &  keys )

overridevirtualnoexcept

Method to inspect existing properties.

This method provides a set of known property keys from a configuration container.

Parameters

[out]

keys

Container for property keys. If method completes successfully, keys will contain all property names. On error, the contents of keys is undefined.

Returns

True if operation succeeds, false otherwise.

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

getString()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::getString ( const std::string &  key, std::string &  value  )

overridevirtualnoexcept

Method to load string value from configuration.

This method loads string value from configuration. If the value in the storage is not a string, the method behaviour is undefined.

Parameters

[in]	key	Configuration key.
[out]	value	Result container. If the method completes successfully, value will contain loaded value. Otherwise contents of value is unmodified.

Returns

True if value has been loaded, false otherwise.

See also

putString

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

init()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::init ( )

protectednoexcept

loadAndDecryptDataKey()

StatusCode alexaClientSDK::acsdkProperties::EncryptedProperties::loadAndDecryptDataKey ( RetryExecutor &  executor )

protectednoexcept

loadKeysWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::loadKeysWithRetries ( RetryExecutor &  executor, std::unordered_set< std::string > &  keys  )

protectednoexcept

loadValueWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::loadValueWithRetries ( RetryExecutor &  executor, const std::string &  key, Bytes &  data  )

protectednoexcept

putBytes()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::putBytes ( const std::string &  key, const Bytes &  value  )

overridevirtualnoexcept

Method to store binary value into configuration.

This method stores binary value into configuration. If there is an existing value for the the same key, the value is overwritten.

If operation fails, the implementation shall make a best effort for either keeping value unmodified, or clear it to prevent data corruption. Other properties shall not be impacted in case of an error.

Parameters

[in]	key	Configuration key.
[in]	value	Value to store.

Returns

True if value has been stored, false otherwise. If this method returns false, the value may stay unchanged, or lost.

See also

getBytes

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

putString()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::putString ( const std::string &  key, const std::string &  value  )

overridevirtualnoexcept

Method to store string value into configuration.

This method stores string value into configuration. If there is an existing value for the the same key, the value is overwritten.

If operation fails, the implementation shall make a best effort for either keeping value unmodified, or clear it to prevent data corruption. Other properties shall not be impacted in case of an error.

Parameters

[in]	key	Configuration key.
[in]	value	Value to store.

Returns

True if value has been stored, false otherwise. If this method returns false, the value may stay unchanged, or lost.

See also

getString

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

remove()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::remove ( const std::string &  key )

overridevirtualnoexcept

Removes a property with a given name.

This method removes a property with a given name from a configuration container. If the property doesn't exist, the method succeeds.

Parameters

[in]

key

Configuration key to remove.

Returns

True if the key has been removed or didn't exist. In case of error, false is returned and the state of configuration container is undefined.

Implements alexaClientSDK::acsdkPropertiesInterfaces::PropertiesInterface.

storeValueWithRetries()

bool alexaClientSDK::acsdkProperties::EncryptedProperties::storeValueWithRetries ( RetryExecutor &  executor, const std::string &  key, const Bytes &  data, bool  canDrop  )

protectednoexcept

upgradeEncryption()

StatusCode alexaClientSDK::acsdkProperties::EncryptedProperties::upgradeEncryption ( RetryExecutor &  executor, const std::unordered_set< std::string > &  keys  )

protectednoexcept

Member Data Documentation

m_configUri

const std::string alexaClientSDK::acsdkProperties::EncryptedProperties::m_configUri

protected

Configuration namespace (for error callbacks).

m_cryptoFactory

const std::shared_ptr<alexaClientSDK::acsdkCryptoInterfaces::CryptoFactoryInterface> alexaClientSDK::acsdkProperties::EncryptedProperties::m_cryptoFactory

protected

Cryptography service factory.

m_dataAlgorithmType

alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType alexaClientSDK::acsdkProperties::EncryptedProperties::m_dataAlgorithmType

protected

Actual algorithm type in use.

m_dataKey

Key alexaClientSDK::acsdkProperties::EncryptedProperties::m_dataKey

protected

Data key in use.

m_innerProperties

const std::shared_ptr<PropertiesInterface> alexaClientSDK::acsdkProperties::EncryptedProperties::m_innerProperties

protected

Underlying storage interface.

m_keyStore

const std::shared_ptr<alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface> alexaClientSDK::acsdkProperties::EncryptedProperties::m_keyStore

protected

HSM keystore interface.

---

The documentation for this class was generated from the following files:

• /workplace/avs-device-sdk/core/Properties/acsdkProperties/privateInclude/acsdkProperties/private/EncryptedProperties.h
• /workplace/avs-device-sdk/core/Properties/acsdkProperties/src/EncryptedProperties.cpp