Overriding Getters and Setters in tinkerpop Frames annotated model

Question

I'm working on a new piece of software and I'd like the values in the database to be encrypted. We are using OrientDB and are trying to implement the project using the tinkerpop libraries. Here I'm stuck a little bit.

For one function, I need to pull a list of all vertices of a type and return them. I have my annotated interface for the person object, and I added methods to encrypt and decrypt necessary fields right now. But when I decrypt them, it persists the decrypted values back to the database.

Is there a way to either override the getters and setters to handle the encryption/decryption at that point or do I need to detach the models from the db before performing my decryption?

Here's my code for my interface:

public interface iPerson {
@Property("firstName")
public void setFirstName(String firstName);
@Property("firstName")
public String getFirstName();
@Property("lastName")
public String getLastName();
@Property("lastName")
public void setLastName(String lastName);
@Property("id")
public String getId();
@Property("id")
public void setId(String id);
@Property("dateOfBirth")
public String getDateOfBirth();
@Property("dateOfBirth")
public void setDateOfBirth(String dateOfBirth);

@JavaHandler
public void encryptFields() throws Exception;
@JavaHandler
public void decryptFields() throws Exception;

public abstract class Impl implements JavaHandlerContext<Vertex>, iPerson {

    @Initializer
    public void init() {
        //This will be called when a new framed element is added to the graph.
        setFirstName("");
        setLastName("");
        setDateOfBirth("01-01-1900");
        setPK_Person("-1");
    }

    /**
     * shortcut method to make the class encrypt all of the fields that should be encrypted for data storage
     * @throws Exception
     */
    public void encryptFields() throws Exception {
        setLastName(Crypto.encryptHex(getLastName()));
        setFirstName(Crypto.encryptHex(getFirstName()));
        if(getDateOfBirth() != null) {
            setDateOfBirth(Crypto.encryptHex(getDateOfBirth()));
        }
    }

    /**
     * shortcut method to make the class decrypt all of the fields that should be decrypted for data display and return
     * @throws Exception
     */
    public void decryptFields() throws Exception {
        setLastName(Crypto.decryptHex(getLastName()));
        setFirstName(Crypto.decryptHex(getFirstName()));
        if(getDateOfBirth() != null) {
            setDateOfBirth(Crypto.decryptHex(getDateOfBirth()));
        }
    }
}

}

Answer 1

(I assume) Data is persisted to the database when a Vertex's property is set. If you want to store encrypted values in the database, then you need to ensure the value is encrypted when the property is set.

If you want to override the default behaviour of the @Property getter/setter methods (so that you can add en/decryption), I'd recommend using a custom handler (e.g. @JavaHandler).

For example:

IPerson

@JavaHandlerClass(Person.class)
public interface IPerson extends VertexFrame {

    @JavaHandler
    public void setFirstName(String firstName);

    @JavaHandler
    public String getFirstName();

}

Person

abstract class Person implements JavaHandlerContext<Vertex>, IPerson {

    @Override
    void setFirstName(String firstName) {
        asVertex().setProperty('firstName', encrypt(firstName))
    }

    @Override
    String getFirstName() {
        return decrypt(asVertex().getProperty('firstName'))
    }

    static String encrypt(String plain){
        return plain.toUpperCase(); // <- your own implementation here
    }

    static String decrypt(Object encrypted){
        return encrypted.toString().toLowerCase(); // <- your own implementation here
    }

}

Usage example (Groovy)

// setup
IPerson nickg = framedGraph.addVertex('PID1', IPerson)
IPerson jspriggs = framedGraph.addVertex('PID2', IPerson)
nickg.setFirstName('nickg')
jspriggs.setFirstName('jspriggs')

// re-retrieve from Frame vertices sometime later...
IPerson nickg2 = framedGraph.getVertex(nickg.asVertex().id, IPerson)
IPerson jspriggs2 = framedGraph.getVertex(jspriggs.asVertex().id, IPerson)

// check encrypted values (these are stored in the DB)...
assert nickg2.asVertex().getProperty('firstName') == 'NICKG'
assert jspriggs2.asVertex().getProperty('firstName') == 'JSPRIGGS'

// check decrypted getters...
assert nickg2.getFirstName() == 'nickg'
assert jspriggs2.getFirstName() == 'jspriggs'

If using Groovy, you could intercept calls to these methods programatically (which would be nice because you could keep using @Property annotations).

I'm not sure if there's a Tinkerpop solution to intercepting these calls, other than writing your own custom handler (maybe try extending the JavaHandlerModule?).

Answer 2

Thanks for the comment, and I should have gotten back to respond to this sooner, but I recently found a better answer to my problem. I was looking for a way to make the encrypt/decrypt happen without overhead and without developers really noticing it happens.

The better way to tackle this issue was actually to write hooks for before insert/update and after read to handle it just at the database layer. I was able to write it in java, package a jar file for it and install it on our orientDB instance, picked up pretty flawlessly and helped us to encrypt the necessary fields without noticing any speed decreases.