SealingServices (Oracle\u00AE Information Rights Management Server Java API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle® Information Rights Management Server Java API Reference
11g Release 1 (11.1.1)
E12907-03

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.irm.engine.content.sealing
Interface SealingServices

public interface SealingServices

Sealing, unsealing, resealing and peeking services for content. Sealing is the process of taking unprotected content, encrypting it and adding in meta data called a classification. Unsealing is the term used when sealed content is decrypted. Resealing is the term used when altering the sealed content meta data or classification. Peeking is the term given to the process of extracting meta data from sealed content without decrypting the content.

The methods on the sealing services are designed to used remotely, where the content is sent to a server, processes and the results returned to the client.

The sealing services support the MTOM (Message Transmission Optimization Mechanism) feature. This allows the services to transfer the binary sealed and unsealed content in the most optimal form available. When sending content to using the sealing services it is recommended to enable MTOM in the client web service stack.

Instance

The methods on SealingServices can be invoked using SealingServicesInstance.

Method Summary
`ContentDescription`	`peek(InputStream input)` Peek sealed content.
`InputStream`	`reclassify(InputStream input, Classification classification)` Re-classify sealed content.
`InputStream`	`reseal(InputStream input, Collection<CustomData> customData)` Reseal content with new custom data.
`InputStream`	`seal(InputStream stream, String mimeType, SealingOptions options)` Seal content.
`InputStream`	`unseal(InputStream input)` Unseal a stream into an output stream.
`ContentDescription`	`validatedPeek(InputStream input)` Peek sealed content (with validation of the signature).

Method Detail

seal

InputStream seal(InputStream stream,
                 String mimeType,
                 SealingOptions options)
                 throws UnsupportedContentTypeException,
                        IllegalEncryptedContentBlockSizeException,
                        PublicHeaderLengthException,
                        IOException,
                        AuthorizationDeniedException

Seal content. Sealing is the process of taking plaintext content, encrypting and signing the content with an associated Classification.

If the classification provided is a context classification system classification, this method will provide an automatic ItemCode if one is not specified in the classification details.

To perform a sealing operation the authenticated user must have the rights to seal content for the specified classification. Sealing is authorized if the authenticated user has a license that allows the oracle.irm.generic.Seal Feature for the Classification specified in the sealing options.

Parameters:: stream - the data stream.; mimeType - the unsealed or sealed MIME type of the data provided in the stream. The stream is assumed to contain unsealed data. It is advisable to use the sealed MIME type; this ensures the sealed content content type is unambiguous. e.g. the {text/plain} content type can be sealed as sealed text or sealed email. If the {text/plain} MIME type is specified the content will be sealed as sealed text.; options - the sealing options.
Returns:: sealed data stream. This method will never return null.
Throws:: UnsupportedContentTypeException - unsupported MIME type. The MIME type is not a supported sealable content type.; IllegalEncryptedContentBlockSizeException - illegal encrypted content block size specified in the sealing options.; PublicHeaderLengthException - the classification and custom data exceeds the maximum permitted size.; IOException - an input/output/sealing error occurred sealing the content.; AuthorizationDeniedException - thrown if sealing content using the provided classification is not allowed.

unseal

InputStream unseal(InputStream input)
                   throws ContentParseException,
                          IOException,
                          AuthorizationDeniedException

Unseal a stream into an output stream. Unsealing is the process of taking sealed content, de-crypting it and returning the original unsealed content.

To perform an unsealing operation the authenticated user must have the rights to unseal content. Unsealing is allowed if the authenticated user has a license that allows the oracle.irm.generic.SaveUnsealed Feature for the content's Classification.

Parameters:: input - sealed data.
Returns:: unsealed data stream. This method will never return null.
Throws:: ContentParseException - indicates that there was an issue parsing the sealed content. The exception will contains a reason that identifies which section of the sealed content which caused the parsing to fail.; IOException - an input/output/sealing error occurred unsealing the content.; AuthorizationDeniedException - thrown if unsealing for the classification is not allowed.

reseal

InputStream reseal(InputStream input,
                   Collection<CustomData> customData)
                   throws ContentParseException,
                          IOException,
                          AuthorizationDeniedException

Reseal content with new custom data. Resealing is the process of altering the data or meta-data in sealed content. This method allows the custom data portion of the meta data to be replaced.

To perform a resealing operation the authenticated user must have the rights to reseal the content. Resealing is allowed if the authenticated user has a valid license that has the oracle.irm.generic.Reseal Feature for the content's Classification.

Parameters:: input - sealed data.; customData - the new custom data. This parameter is optional, it is valid to pass null or an empty collection.
Returns:: updated sealed data stream. This method will never return null.
Throws:: ContentParseException - indicates that there was an issue parsing the sealed content. The exception will contains a reason that identifies which section of the sealed content which caused the parsing to fail.; IOException - an input/output/sealing error occurred resealing the content.; AuthorizationDeniedException - thrown if resealing for the classification is not allowed.

reclassify

InputStream reclassify(InputStream input,
                       Classification classification)
                       throws ContentParseException,
                              IOException,
                              AuthorizationDeniedException

Re-classify sealed content. Re-classification is the process of altering the Classification of the sealed content without having to perform a two step unseal and seal. During re-classification the content is re-encrypted and re-signed.

If the classification labels or key set are not provided then the sealing process will attempt to fill in these details. If no labels are provided in the classification the labels are filled in automatically. Labels can only be filled in if provided classification Id matches the classification returned by the server. If no key set is provided then the key set is filled in from the license used to perform the sealing operation. If the license specifies multiple key sets then the first key set in the license is used.

To perform a resealing operation the authenticated user must have a license for both the source classification and the target classification. The source classification license must allow the oracle.irm.generic.CopyTo or oracle.irm.generic.SaveUnsealed Feature. The target classification license must allow the oracle.irm.generic.Seal feature. If the source license has a copy to feature the transformation is only permitted if target classification is allowed by the trusted Destinations of the source classification license. If the source license has a save unsealed feature then there are no restrictions on the target classification.

Parameters:: input - sealed data.; classification - new classification.
Returns:: updated sealed data stream. This method will never return null.
Throws:: ContentParseException - indicates that there was an issue parsing the sealed content. The exception will contains a reason that identifies which section of the sealed content which caused the parsing to fail.; IOException - an input/output/sealing error occurred reclassifying the content.; AuthorizationDeniedException - thrown if reclassification from the source to target classification is not allowed.

peek

ContentDescription peek(InputStream input)
                        throws ContentParseException,
                               IOException

Peek sealed content. Peeking is the process of extracting the meta-data added to sealed content. This variant does not attempt to check the public header against its declared signature. If the meta-data has been altered post-sealing this method will not throw an exception. Any sealed content can be peek, the authenticated account does not require a license for the content's classification.

This meta-data includes the Classification as well as information such as the CreationTime.

The peeking process only examines the start of the sealed content. If a file is large it is not necessary to send the complete content, just the start of the file that contains the public header XML. This can improve performance when peeking large files.

Parameters:: input - sealed data.
Returns:: the meta-data and classification details sealed into the content. This method will never return null.
Throws:: ContentParseException - indicates that there was an issue parsing the sealed content. The exception will contains a reason that identifies which section of the sealed content which caused the parsing to fail.; IOException - an input/output/sealing error occurred peeking the content.

validatedPeek

ContentDescription validatedPeek(InputStream input)
                                 throws ContentParseException,
                                        IOException,
                                        AuthorizationDeniedException

Peek sealed content (with validation of the signature). Peeking is the process of extracting the meta-data added to sealed content. This variant attempts to check the public header against its declared signature. If the public header meta-data has been altered post sealing this method will throw an exception.

A validated peek is allowed if the authenticated user has a license that has the open Feature for the content's Classification.

The peeking process only examines the start of the sealed content. If a file is large it is not necessary to send the complete content, just the start of the file that contains the public header XML and signature. This can improve performance when peeking large files.

Parameters:: input - sealed data.
Returns:: the meta-data and classification details sealed into the content. This method will never return null.
Throws:: ContentParseException - indicates that there was an issue parsing the sealed content. The exception will contains a reason that identifies which section of the sealed content which caused the parsing to fail.; IOException - an input/output/sealing error occurred peeking the content.; AuthorizationDeniedException - thrown if peeking the classification is not allowed.