Class CryptoServiceImpl

java.lang.Object

co.ankatech.ankasecure.sdk.internal.service.impl.CryptoServiceImpl

All Implemented Interfaces:

CryptoService

public final class CryptoServiceImpl
extends Object
implements CryptoService

Thread-safe concrete implementation of CryptoService.

Nested Class Summary

Nested classes/interfaces inherited from interface co.ankatech.ankasecure.sdk.internal.service.CryptoService

CryptoService.DecryptBytesHolder

Constructor Summary

Constructors

Constructor	Description
CryptoServiceImpl(co.ankatech.ankasecure.openapi.client.AnkaSecureOpenApiClient api)

Method Summary

Modifier and Type	Method	Description
CryptoService.DecryptBytesHolder	decryptBytes(String jweToken)	Decrypt a Compact JWE that is already in RAM.
DecryptResultMetadata	decryptFile(Path input, Path output)
DecryptResultMetadata	decryptFileStream(Path input, Path output)	Decrypts a detached JWET file produced by /stream/encrypt.
EncryptResult	encryptBytes(String kid, byte[] plaintext)	Encrypt raw bytes with a server-side **public** key.
EncryptResult	encryptFile(String kid, Path input, Path output)
EncryptResult	encryptFileStream(String kid, Path input, Path output)
ReencryptResult	reencryptBytes(String newKid, String jweToken)	Re-encrypt a JWE in memory so it becomes protected by newKid.
ReencryptResult	reencryptFile(String newKid, Path input, Path output)
ReencryptResult	reencryptFileStream(String newKid, String sourceKidOverride, Path input, Path output)	Server-side re-encryption of a legacy ciphertext (no kid) into a post-quantum ciphertext under newKid.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CryptoServiceImpl

public CryptoServiceImpl(co.ankatech.ankasecure.openapi.client.AnkaSecureOpenApiClient api)

Method Details

encryptFile

public EncryptResult encryptFile(String kid,
 Path input,
 Path output)
                          throws AnkaSecureSdkException

Specified by:

encryptFile in interface CryptoService

Throws:

AnkaSecureSdkException

decryptFile

public DecryptResultMetadata decryptFile(Path input,
 Path output)
                                  throws AnkaSecureSdkException

Specified by:

decryptFile in interface CryptoService

Throws:

AnkaSecureSdkException

reencryptFile

public ReencryptResult reencryptFile(String newKid,
 Path input,
 Path output)
                              throws AnkaSecureSdkException

Specified by:

reencryptFile in interface CryptoService

Throws:

AnkaSecureSdkException

encryptFileStream

public EncryptResult encryptFileStream(String kid,
 Path input,
 Path output)
                                throws AnkaSecureSdkException

Specified by:

encryptFileStream in interface CryptoService

Throws:

AnkaSecureSdkException

decryptFileStream

public DecryptResultMetadata decryptFileStream(Path input,
 Path output)
                                        throws AnkaSecureSdkException

Decrypts a detached JWET file produced by /stream/encrypt.

The method:

1. Splits the combined file into the JSON header and the binary envelope using the type-safe multipart splitter.
2. Invokes the OpenAPI client with the parsed header and the temporary envelope file.
3. Maps the response metadata to the public DTO.

Specified by:

decryptFileStream in interface CryptoService

Throws:

AnkaSecureSdkException

reencryptFileStream

public ReencryptResult reencryptFileStream(String newKid,
 String sourceKidOverride,
 Path input,
 Path output)
                                    throws AnkaSecureSdkException

Server-side re-encryption of a legacy ciphertext (no kid) into a post-quantum ciphertext under newKid.

Specified by:

reencryptFileStream in interface CryptoService

Parameters:

newKid - public-key identifier for the new ciphertext

sourceKidOverride - decrypt-only legacy key

input - combined ciphertext file (header + envelope)

output - destination for the re-encrypted file

Throws:

AnkaSecureSdkException

encryptBytes

public EncryptResult encryptBytes(String kid,
 byte[] plaintext)
                           throws AnkaSecureSdkException

Encrypt raw bytes with a server-side **public** key.

Specified by:

encryptBytes in interface CryptoService

Parameters:

kid - key ID in the platform (must not be null)

plaintext - data to protect (must not be null)

Returns:

EncryptResult exposing the Compact JWE token and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

decryptBytes

public CryptoService.DecryptBytesHolder decryptBytes(String jweToken)
                                              throws AnkaSecureSdkException

Decrypt a Compact JWE that is already in RAM.

Specified by:

decryptBytes in interface CryptoService

Parameters:

jweToken - textual Compact JWE (UTF-8, not Base64 wrapped)

Returns:

CryptoService.DecryptBytesHolder containing plaintext and metadata

Throws:

AnkaSecureSdkException - on validation or remote failure

reencryptBytes

public ReencryptResult reencryptBytes(String newKid,
 String jweToken)
                               throws AnkaSecureSdkException

Re-encrypt a JWE in memory so it becomes protected by newKid.

Specified by:

reencryptBytes in interface CryptoService

Parameters:

newKid - key that must protect the data after rotation

jweToken - current Compact JWE (text form)

Returns:

metadata for old/new keys plus the refreshed JWE token

Throws:

AnkaSecureSdkException - on validation or remote failure