Fork me on GitHub
Built by Maven

Plugin GRU key diversification

Introduction

This plugin enables to encryt identifiers of some objects. These identifiers are encrypted / decrypted with encryption keys. For example, they can be encrypted depending on the demand type or the client application.

The objects the plugin takes charge of are the following:

  • fr.paris.lutece.plugins.grubusiness.business.customer.Customer from the library gru-library-grubusiness
  • fr.paris.lutece.plugins.identitystore.web.rs.dto.IdentityDto from the library gru-library-identitystore

Configuration

This plugin provides an AdminFeature which enables the configuration of the encryption keys.

An encryption key is composed of:

  • the id of the business object which must be unique among all the encryption keys. This id links the business object to the encryption key.
  • the encryption key itself. Once saved, this value cannot be changed in order not to corrupt already encrypted data.

Encryption / decryption

The plugin contains 2 services:

Customer encryption service

The service fr.paris.lutece.plugins.grukeydiversification.service.encryption.CustomerEncryptionService implements the interface fr.paris.lutece.plugins.grubusiness.service.encryption.ICustomerEncryptionService from the library gru-library-grubusiness. It enables the encryption / decryption of an object Customer. It takes as parameters:

  • an object fr.paris.lutece.plugins.grubusiness.business.demand.Demand from the library gru-library-grubusiness because the demand type is used as an id of the business object.
  • or a String which directly corresponds to the id of the business object.

This service is declared as a bean in the Spring context file: grukeydiversification.customerEncryption.

Identity encryption service

The service fr.paris.lutece.plugins.grukeydiversification.service.encryption.IdentityEncryptionService implements the interface fr.paris.lutece.plugins.identitystore.service.encryption.IIdentityEncryptionService from the library gru-library-identitystore. It enables the encryption / decryption of an object IdentityDto. It takes as parameters:

  • an object implementing the interface fr.paris.lutece.plugins.identitystore.business.IClientApplication from the library gru-library-identitystore because the client application code is used as an id of the business object.

This service is declared as a bean in the Spring context file: grukeydiversification.identityEncryption.

Cache

The plugin can put the encryption keys in a cache in order to reduce the number of database requests. To use the cache, activate it in the Lutece cache menu.

Usage

The beans can be referenced in the Spring context file of the plugin which wants to use these services.