docs/diagrams/high-level/private_write.puml
@startuml
|privatestore|
start
-> User wants to store file\nin his privatespace;
:WriteToPrivate;
-> Read users' document\nencryption secret key;
|directory|
:PrivateKeyService;
-> Retreive users' keystore;
if (Keystore cached?) then
else (no)
|directory|
-> Locate users' keystore;
:ProfileRetreivalService;
-> Get credentials to read\nkeystore from storage;
:BucketAccessService;
-> Read users' keystore;
|storage|
:StorageReadService;
-> users' keystore;
endif
|directory|
:PrivateKeyService;
-> users' document secret key\n fom keystore;
|privatestore|
:WriteToPrivate;
-> Encrypt desired document path;
:EncryptedResourceResolver;
if (document path absolute?) then (yes - do not encrypt,\nit should be already encrypted)
else (no, encrypt path)
|encryption|
:PathEncryption;
-> obtain path encryption\nsecret key;
|directory|
:PrivateKeyService;
-> Get storage credentials\nto read keystore;
if (Keystore cached?) then
else (no)
|directory|
:BucketAccessService;
-> Read users' keystore;
|storage|
:StorageReadService;
-> users' keystore;
endif
|directory|
:PrivateKeyService;
-> Path encryption secret key\nfrom keystore;
|encryption|
:PathEncryption;
-> Encrypt path with\nsecret key;
:SymmetricPathEncryptionService;
-> Encrypted path;
|privatestore|
:EncryptedResourceResolver;
|directory|
-> Get absolute location and access\nfor resulting resource;
:ResourceResolver;
-> Enhance with credentials;
endif
:BucketAccessService;
|privatestore|
-> Absolute resource with\nstorage access details;
:WriteToPrivate;
|encryption|
-> Open encryption stream at resolved location\nwith document secret key;
:EncryptedDocumentWriteService;
-> Wrap data to encrypted stream\n with secret key;
:CMSEncryptionService;
|storage|
-> Push encrypted\ndata to storage;
:StorageWriteService;
stop
@enduml