feat: adding encryption and serialization through input/output stream (#5734)

* feat: wip to add streamed snapshot encryption and serilization

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* feat: added apis to encrypt/decrypt and marshal/unmarshal with streams

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: copyright header

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: missing copyright header

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: fixed some comments

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: fixed test and adding suggestions

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: copyright header

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: wrong since in javadoc

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* feat: added suggestions

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: missing copyrights

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: copyrights check failure

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* feat: added suggestions

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: added charset to getBytes

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: test missing dependency

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: fixed javadoc for CryptoService class

* feat: improved json marshalling

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* fix: copyrights

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

* feat: updated payload to support streams only

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

---------

Signed-off-by: SimoneFiorani <simone.fiorani@abinsula.com>

Author: sfiorani

.github/copyright-config.yml

@@ -29,3 +29,4 @@ template_xml: |2
 # Ignore specific files and paths. The syntax and semantics are the same as in the .gitignore file.
 ignore:
   - target-platform/
+  - kura/test/org.eclipse.kura.core.configuration.test/src/test/resources/

kura/org.eclipse.kura.api/META-INF/MANIFEST.MF

@@ -36,7 +36,7 @@ Export-Package: org.eclipse.kura;version="1.7.0",
  org.eclipse.kura.container.orchestration;version="1.3.0",
  org.eclipse.kura.container.orchestration.listener;version="1.0.0",
  org.eclipse.kura.container.signature;version="1.0.0",
- org.eclipse.kura.crypto;version="1.3.0",
+ org.eclipse.kura.crypto;version="1.4.0",
  org.eclipse.kura.data;version="1.1.2",
  org.eclipse.kura.data.listener;version="1.0.1",
  org.eclipse.kura.data.transport.listener;version="1.0.1",
@@ -52,7 +52,7 @@ Export-Package: org.eclipse.kura;version="1.7.0",
  org.eclipse.kura.linux.udev;version="1.0.1",
  org.eclipse.kura.log;version="1.1.0",
  org.eclipse.kura.log.listener;version="1.0.0",
- org.eclipse.kura.marshalling;version="1.0.0",
+ org.eclipse.kura.marshalling;version="1.1.0",
  org.eclipse.kura.message;version="1.5.0",
  org.eclipse.kura.message.store;version="1.0.0",
  org.eclipse.kura.message.store.provider;version="1.0.0",

kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/crypto/CryptoService.java

@@ -1,18 +1,20 @@
 /*******************************************************************************
- * Copyright (c) 2011, 2020 Eurotech and/or its affiliates and others
- * 
+ * Copyright (c) 2011, 2025 Eurotech and/or its affiliates and others
+ *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
- * 
+ *
  * SPDX-License-Identifier: EPL-2.0
- * 
+ *
  * Contributors:
  *  Eurotech
  ******************************************************************************/
 package org.eclipse.kura.crypto;
 
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -43,6 +45,30 @@ public interface CryptoService {
      */
     public char[] encryptAes(char[] value) throws KuraException;
 
+    /**
+     * Returns an OutputStream that encrypts provided data using AES in the same way as the encryptAes(char[]) method,
+     * and then writes it to the supplied OutputStream lazily. *
+     * 
+     * @param streamToEncrypt
+     *            The OutputStream on which the encrypted data will be written.
+     * @return The OutputStream able to encrypt data.
+     * @throws KuraException
+     * @since 3.0
+     */
+    public OutputStream aesEncryptingStream(OutputStream destination) throws KuraException;
+
+    /**
+     * Returns an InputStream that decrypts data obtained from the supplied stream using AES in the same way as the
+     * decryptAes(char[]) method.
+     *
+     * @param streamToDecrypt
+     *            The InputStream to read the encrypted data from.
+     * @return InputStream able to decrypt data.
+     * @throws KuraException
+     * @since 3.0
+     */
+    public InputStream aesDecryptingStream(InputStream source) throws KuraException;
+
     /**
      * Returns a char array based on the provided encrypted value.
      *

kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/marshalling/Marshaller.java

@@ -1,17 +1,19 @@
 /*******************************************************************************
- * Copyright (c) 2017, 2020 Eurotech and/or its affiliates and others
- * 
+ * Copyright (c) 2017, 2025 Eurotech and/or its affiliates and others
+ *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
- * 
+ *
  * SPDX-License-Identifier: EPL-2.0
- * 
+ *
  * Contributors:
  *  Eurotech
  ******************************************************************************/
 package org.eclipse.kura.marshalling;
 
+import java.io.OutputStream;
+
 import org.eclipse.kura.KuraException;
 import org.osgi.annotation.versioning.ProviderType;
 
@@ -34,4 +36,16 @@ public interface Marshaller {
      *             when the marshalling operation fails.
      */
     public String marshal(Object object) throws KuraException;
+
+    /**
+     * Serialises the provided {@link Object} and writes the result to the supplied {@link OutputStream}
+     * 
+     * @param out
+     *            the {@link OutputStream} on which the data will be written
+     * @param object
+     *            the {@link Object} that will be marshalled.
+     * @throws KuraException
+     * @since 3.0
+     */
+    public void marshal(final OutputStream out, Object object) throws KuraException;
 }

kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/marshalling/Unmarshaller.java

@@ -1,17 +1,19 @@
 /*******************************************************************************
- * Copyright (c) 2017, 2020 Eurotech and/or its affiliates and others
- * 
+ * Copyright (c) 2017, 2025 Eurotech and/or its affiliates and others
+ *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
- * 
+ *
  * SPDX-License-Identifier: EPL-2.0
- * 
+ *
  * Contributors:
  *  Eurotech
  ******************************************************************************/
 package org.eclipse.kura.marshalling;
 
+import java.io.InputStream;
+
 import org.eclipse.kura.KuraException;
 import org.osgi.annotation.versioning.ProviderType;
 
@@ -36,4 +38,18 @@ public interface Unmarshaller {
      *             when the unmarshaling operation fails.
      */
     public <T> T unmarshal(String string, Class<T> clazz) throws KuraException;
+
+    /**
+     * Deserialises an object of the specified type from the provided {@link InputStream}
+     * 
+     * @param in
+     *            the input stream
+     * @param clazz
+     *            the class representing the type of object expected for the result
+     * @return an object that is constructed from the passed string
+     * @throws KuraException
+     *             when the unmarshaling operation fails.
+     * @since 3.0
+     */
+    public <T> T unmarshal(InputStream in, Class<T> clazz) throws KuraException;
 }

kura/org.eclipse.kura.core.configuration/META-INF/MANIFEST.MF

@@ -23,8 +23,8 @@ Import-Package: javax.crypto,
  org.eclipse.kura.configuration;version="[1.2,1.3)",
  org.eclipse.kura.configuration.metatype;version="[1.1,2.0)",
  org.eclipse.kura.core.util;version="[2.0,3.0)",
- org.eclipse.kura.crypto;version="[1.0,2.0)",
- org.eclipse.kura.marshalling;version="[1.0,2.0)",
+ org.eclipse.kura.crypto;version="[1.4,2.0)",
+ org.eclipse.kura.marshalling;version="[1.1,2.0)",
  org.eclipse.kura.message;version="[1.0,2.0)",
  org.eclipse.kura.system;version="[1.0,2.0)",
  org.eclipse.kura.util.service;version="[1.0,2.0)",
@@ -35,8 +35,8 @@ Import-Package: javax.crypto,
  org.osgi.service.component;version="1.2.0",
  org.osgi.service.component.runtime;version="1.3.0",
  org.osgi.service.component.runtime.dto;version="1.3.0",
- org.osgi.service.metatype;version="1.2.0",
  org.osgi.service.event;version="1.3.0",
+ org.osgi.service.metatype;version="1.2.0",
  org.osgi.util.tracker;version="[1.5.0,2.0.0)",
  org.slf4j;version="1.6.4",
  org.w3c.dom,

kura/org.eclipse.kura.core.configuration/src/main/java/org/eclipse/kura/core/configuration/ConfigurationServiceImpl.java

@@ -17,13 +17,16 @@
 import static java.util.Objects.requireNonNull;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FileReader;
 import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.nio.charset.StandardCharsets;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -261,7 +264,7 @@ protected void removeSelfConfiguringComponent(final ServiceReference<SelfConfigu
 
     }
 
-    protected void deactivate(ComponentContext componentContext) {
+    protected void deactivate() {
         logger.info("deactivate...");
 
         if (this.bundleTracker != null) {
@@ -959,7 +962,7 @@ private void encryptPlainSnapshots() throws KuraException, IOException {
                 throw new KuraException(KuraErrorCode.CONFIGURATION_ERROR, snapshot);
             }
 
-            final XmlComponentConfigurations xmlConfigs = unmarshal(readFully(fSnapshot),
+            final XmlComponentConfigurations xmlConfigs = unmarshal(new FileInputStream(fSnapshot),
                     XmlComponentConfigurations.class);
 
             ComponentUtil.encryptConfigs(xmlConfigs.getConfigurations(), this.cryptoService);
@@ -1006,28 +1009,44 @@ private void writeSnapshot(long sid, XmlComponentConfigurations conf) throws Kur
             throw new KuraException(KuraErrorCode.CONFIGURATION_SNAPSHOT_NOT_FOUND);
         }
 
-        // Marshall the configuration into an XML
-        String xmlResult;
-        xmlResult = marshal(conf);
-        if (xmlResult == null || xmlResult.trim().isEmpty()) {
-            throw new KuraException(KuraErrorCode.INVALID_PARAMETER, conf);
+        File tempSnapshotFile;
+        try {
+            tempSnapshotFile = File.createTempFile(fSnapshot.getName(), null, new File(fSnapshot.getParent()));
+            tempSnapshotFile.deleteOnExit();
+        } catch (IOException ex) {
+            throw new KuraIOException(ex);
         }
 
-        // Encrypt the XML
-        char[] encryptedXML = this.cryptoService.encryptAes(xmlResult.toCharArray());
+        // Write the temporary snapshot
+        try (FileOutputStream fos = new FileOutputStream(tempSnapshotFile);
+                OutputStream encryptedStream = this.cryptoService.aesEncryptingStream(fos)) {
 
-        // Write the snapshot
-        try (FileOutputStream fos = new FileOutputStream(fSnapshot);
-                OutputStreamWriter osw = new OutputStreamWriter(fos, StandardCharsets.UTF_8);) {
             logger.info("Writing snapshot - Saving {}...", fSnapshot.getAbsolutePath());
-            osw.append(new String(encryptedXML));
-            osw.flush();
+
+            marshal(encryptedStream, conf);
+            encryptedStream.flush();
             fos.flush();
             fos.getFD().sync();
+
             logger.info("Writing snapshot - Saving {}... Done.", fSnapshot.getAbsolutePath());
         } catch (IOException e) {
             throw new KuraIOException(e);
         }
+
+        try {
+            // Consolidate snapshot writing
+            Files.move(tempSnapshotFile.toPath(), fSnapshot.toPath(), StandardCopyOption.REPLACE_EXISTING,
+                    StandardCopyOption.ATOMIC_MOVE);
+
+        } catch (IOException e) {
+            try {
+                Files.delete(tempSnapshotFile.toPath());
+            } catch (IOException e1) {
+                throw new KuraIOException(e1);
+            }
+            throw new KuraIOException(e);
+        }
+
     }
 
     private ComponentConfiguration getConfigurableComponentConfiguration(String pid) {
@@ -1309,25 +1328,18 @@ XmlComponentConfigurations loadEncryptedSnapshotFileContent(long snapshotID) thr
                     fSnapshot != null ? fSnapshot.getAbsolutePath() : "null");
         }
 
-        final String rawSnapshot;
+        InputStream decryptedStream = null;
         try {
-            rawSnapshot = readFully(fSnapshot);
-        } catch (IOException e) {
+            decryptedStream = this.cryptoService.aesDecryptingStream(new FileInputStream(fSnapshot));
+        } catch (FileNotFoundException e) {
             logger.error("Error loading file from disk", e);
             return null;
         }
 
-        // File loaded, try to decrypt and unmarshall
-        char[] decryptAes = this.cryptoService.decryptAes(rawSnapshot.toCharArray());
-        if (decryptAes == null) {
-            throw new KuraException(KuraErrorCode.DECODER_ERROR, "snapshot");
-        }
-        String decryptedContent = new String(decryptAes);
-
         XmlComponentConfigurations xmlConfigs = null;
 
         try {
-            xmlConfigs = unmarshal(decryptedContent, XmlComponentConfigurations.class);
+            xmlConfigs = unmarshal(decryptedStream, XmlComponentConfigurations.class);
         } catch (KuraException e) {
             logger.warn("Error parsing xml", e);
         }
@@ -1647,17 +1659,17 @@ public List<ComponentConfiguration> getServiceProviderOCDs(Class<?>... classes)
         return getServiceProviderOCDs(classNames);
     }
 
-    protected <T> T unmarshal(final String string, final Class<T> clazz) throws KuraException {
+    protected <T> T unmarshal(final InputStream input, final Class<T> clazz) throws KuraException {
         try {
-            return requireNonNull(this.xmlUnmarshaller.unmarshal(string, clazz));
+            return requireNonNull(this.xmlUnmarshaller.unmarshal(input, clazz));
         } catch (final Exception e) {
             throw new KuraException(KuraErrorCode.DECODER_ERROR, "configuration", e);
         }
     }
 
-    protected String marshal(final Object object) throws KuraException {
+    protected void marshal(final OutputStream out, final Object object) throws KuraException {
         try {
-            return requireNonNull(this.xmlMarshaller.marshal(object));
+            this.xmlMarshaller.marshal(out, object);
         } catch (Exception e) {
             throw new KuraException(KuraErrorCode.ENCODE_ERROR, "configuration", e);
         }

kura/org.eclipse.kura.core.crypto/META-INF/MANIFEST.MF

@@ -8,7 +8,7 @@ Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=17))"
 Import-Package: javax.crypto,
  javax.crypto.spec,
  org.eclipse.kura;version="[1.0,2.0)",
- org.eclipse.kura.crypto;version="[1.3,1.4)",
+ org.eclipse.kura.crypto;version="[1.4,1.5)",
  org.eclipse.kura.security.keystore;version="[1.0,2.0)",
  org.eclipse.kura.system;version="[1.1,2.0)",
  org.slf4j;version="1.6.0"