Package co.ankatech.ankasecure.sdk.internal.service.impl

Class CombinedOperationsServiceImpl

java.lang.Object
co.ankatech.ankasecure.sdk.internal.service.impl.CombinedOperationsServiceImpl
All Implemented Interfaces:
co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
public final class CombinedOperationsServiceImpl extends Object implements co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
Thread-safe implementation of CombinedOperationsService.

Delegates all operations to the AnkaSecure REST API via OpenAPI client.

Since:
3.0.0

  • Constructor Details

    • CombinedOperationsServiceImpl

      public CombinedOperationsServiceImpl(co.ankatech.ankasecure.openapi.client.AnkaSecureOpenApiClient api)
      Constructor with dependency injection.
      Parameters:
      api - OpenAPI client for REST API calls

  • Method Details

    • signThenEncrypt

      public SignEncryptResult signThenEncrypt(String signKid, String encryptKid, byte[] data) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Signs data with signing key then encrypts the JWS result with encryption key.

      Produces a nested JWE(JWS) token structure: the plaintext is first signed (creating a JWS), then the JWS is encrypted (creating a JWE containing the JWS).

      Use case: When you need both authenticity (signature) and confidentiality (encryption) in a single atomic operation.

      Specified by:
      signThenEncrypt in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      signKid - private key identifier for signing
      encryptKid - public key identifier for encryption
      data - plaintext bytes to sign and encrypt
      Returns:
      result containing nested JWE(JWS) token and separated metadata
      Throws:
      AnkaSecureSdkException - if signing or encryption fails, or if keys not found

    • decryptThenVerify

      public DecryptVerifyResult decryptThenVerify(String jweToken, String decryptKid, String verifyKid) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Decrypts JWE token then verifies the inner JWS signature.

      Reverses the sign-encrypt operation: first decrypts the JWE to extract the JWS, then verifies the JWS signature and extracts the plaintext.

      Important: This method will NOT fail if signature verification fails. Check result.isSignatureValid() to confirm authenticity.

      Specified by:
      decryptThenVerify in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      jweToken - nested JWE(JWS) token to decrypt and verify
      Returns:
      result containing plaintext, verification status, and metadata
      Throws:
      AnkaSecureSdkException - if decryption fails or token is malformed

    • signThenEncryptFile

      public SignEncryptResult signThenEncryptFile(String signKid, String encryptKid, Path input, Path output) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Signs file content then encrypts result (bulk/compact mode).

      Reads entire file into memory, signs it, encrypts the signature, and writes the nested JWE(JWS) token to output file.

      Size limit: Use streaming variant for files ≥100MB.

      Specified by:
      signThenEncryptFile in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      signKid - private key identifier for signing
      encryptKid - public key identifier for encryption
      input - input file to read plaintext from
      output - output file to write nested JWE(JWS) token to
      Returns:
      result containing token location and separated metadata
      Throws:
      AnkaSecureSdkException - if signing, encryption, or I/O fails

    • decryptThenVerifyFile

      public DecryptVerifyResult decryptThenVerifyFile(String decryptKid, String verifyKid, Path input, Path output) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Decrypts file then verifies signature (bulk/compact mode).

      Reads nested JWE(JWS) token from input file, decrypts it, verifies signature, and writes plaintext to output file.

      Size limit: Use streaming variant for files ≥100MB.

      Specified by:
      decryptThenVerifyFile in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      decryptKid - key identifier for decryption
      verifyKid - key identifier for signature verification
      input - input file containing nested JWE(JWS) token
      output - output file to write plaintext to
      Returns:
      result containing plaintext location, verification status, and metadata
      Throws:
      AnkaSecureSdkException - if decryption or I/O fails

    • signThenEncryptFileStream

      public SignEncryptResult signThenEncryptFileStream(String signKid, String encryptKid, Path input, Path output) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Signs file content then encrypts result (streaming mode for large files).

      Uses multipart HTTP streaming to process file in chunks without loading entire content into memory. Suitable for files ≥100MB.

      Trade-off: Slower than compact mode due to HTTP overhead, but handles arbitrarily large files.

      Specified by:
      signThenEncryptFileStream in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      signKid - private key identifier for signing
      encryptKid - public key identifier for encryption
      input - input file to stream
      output - output file to write nested JWE(JWS) token to
      Returns:
      result containing token location and separated metadata
      Throws:
      AnkaSecureSdkException - if signing, encryption, or streaming fails

    • decryptThenVerifyFileStream

      public DecryptVerifyResult decryptThenVerifyFileStream(String decryptKid, String verifyKid, Path input, Path output) throws AnkaSecureSdkException
      Description copied from interface: co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Decrypts file then verifies signature (streaming mode for large files).

      Uses multipart HTTP streaming to process file in chunks without loading entire content into memory. Suitable for files ≥100MB.

      Specified by:
      decryptThenVerifyFileStream in interface co.ankatech.ankasecure.sdk.internal.service.CombinedOperationsService
      Parameters:
      decryptKid - key identifier for decryption
      verifyKid - key identifier for signature verification
      input - input file containing nested JWE(JWS) token
      output - output file to write plaintext to
      Returns:
      result containing plaintext location, verification status, and metadata
      Throws:
      AnkaSecureSdkException - if decryption, verification, or streaming fails