Class EncryptionMigrationTask

java.lang.Object
com.broadleafcommerce.auth.client.provider.jpa.service.EncryptionMigrationTask
All Implemented Interfaces:
liquibase.change.custom.CustomChange, liquibase.change.custom.CustomTaskChange

public class EncryptionMigrationTask extends Object implements liquibase.change.custom.CustomTaskChange

Runs as a Liquibase change set. Migrates encrypted data for OAuth Client Secrets in JpaOAuthClientRegistration. Reads existing data encrypted with the old configuration and re-encrypts with the new configuration.

The trick here is getting the secret key. The secret key is read from a Spring property source, (AuthClientProviderEncryptionProperties.encodedKey). However, this class is not a bean and runs before the context is completely setup. Therefore, there is a static SecretKey on this class that is set from our LiquibaseConfiguration, (OAuthClientProviderEncryptionConfiguration.MigrationLiquibaseConfiguration). With that key, this class is able to instantiate an EncryptedFieldConverter to utilize the same logic for encrypting and decrypting that is used during normal operations.

Author:
Cade Rea (cade-rea)
  • Field Details

  • Constructor Details

    • EncryptionMigrationTask

      public EncryptionMigrationTask()
  • Method Details

    • setSecretKey

      public static void setSecretKey(SecretKey secretKey)
    • execute

      public void execute(liquibase.database.Database database) throws liquibase.exception.CustomChangeException
      Specified by:
      execute in interface liquibase.change.custom.CustomTaskChange
      Throws:
      liquibase.exception.CustomChangeException
    • getConfirmationMessage

      public String getConfirmationMessage()
      Specified by:
      getConfirmationMessage in interface liquibase.change.custom.CustomChange
    • setUp

      public void setUp() throws liquibase.exception.SetupException
      Specified by:
      setUp in interface liquibase.change.custom.CustomChange
      Throws:
      liquibase.exception.SetupException
    • setFileOpener

      public void setFileOpener(liquibase.resource.ResourceAccessor resourceAccessor)
      Specified by:
      setFileOpener in interface liquibase.change.custom.CustomChange
    • validate

      public liquibase.exception.ValidationErrors validate(liquibase.database.Database database)
      Specified by:
      validate in interface liquibase.change.custom.CustomChange