Index: jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/value/BinaryReferenceMessageTest.java
===================================================================
--- jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/value/BinaryReferenceMessageTest.java	(revision 0)
+++ jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/value/BinaryReferenceMessageTest.java	(revision 0)
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.value;
+
+import javax.jcr.Binary;
+
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNotNull;
+
+/**
+ * Testcase for {@link BinaryReferenceMessage}
+ */
+public class BinaryReferenceMessageTest {
+
+    @Test
+    public void testParsing() throws Exception {
+        Binary binary = new BinaryImpl("message=20e00392babecb66deae2de6f556d011cdf437c8&signature=b0508a18ed7b3ed0d3391baf00f3c60eee3fb4ea&length=1203012".getBytes());
+        BinaryReferenceMessage parsedMessage = BinaryReferenceMessage.readBinary(binary, "UTF-8");
+        assertNotNull(parsedMessage);
+        assertEquals("20e00392babecb66deae2de6f556d011cdf437c8", parsedMessage.getMessage());
+        assertEquals("b0508a18ed7b3ed0d3391baf00f3c60eee3fb4ea", parsedMessage.getSignature());
+        assertEquals(1203012l, parsedMessage.getReferencedBinaryLength());
+    }
+}

Property changes on: jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/value/BinaryReferenceMessageTest.java
___________________________________________________________________
Added: svn:eol-style
   + native

Index: jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/util/HMACTest.java
===================================================================
--- jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/util/HMACTest.java	(revision 0)
+++ jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/util/HMACTest.java	(revision 0)
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.util;
+
+import org.junit.Test;
+
+import aQute.lib.hex.Hex;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Testcase for {@link HMAC}
+ */
+public class HMACTest {
+
+    @Test
+    public void testCorrectDefaultCodeGeneration() throws Exception {
+        assertEquals("B180187B5E06C3C6ACDB22E04EF9413C3D15715D",
+                Hex.toHexString(HMAC.generateCode("hit that hot hat".getBytes(), "tattoo".getBytes())));
+    }
+
+    @Test
+    public void testCorrectSHA256CodeGeneration() throws Exception {
+        assertEquals("F49757F70114277DE7B24F40DE4E07D783A56C45BA1BEF463C9F686B0639B327",
+                Hex.toHexString(HMAC.generateCode("hit that hot hat".getBytes(), "tattoo".getBytes(), "HmacSHA256")));
+    }
+}

Property changes on: jackrabbit-jcr-commons/src/test/java/org/apache/jackrabbit/util/HMACTest.java
___________________________________________________________________
Added: svn:eol-style
   + native

Index: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/value/BinaryReferenceMessage.java
===================================================================
--- jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/value/BinaryReferenceMessage.java	(revision 0)
+++ jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/value/BinaryReferenceMessage.java	(revision 0)
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.value;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.jcr.Binary;
+import javax.jcr.RepositoryException;
+
+import org.apache.commons.codec.binary.Hex;
+import org.apache.jackrabbit.util.HMAC;
+
+/**
+ * A {@link BinaryReferenceMessage} consists of an (encrypted) DataIdentifier,
+ * the actual referenced {@link Binary}'s length, plus the signature of the
+ * DataIdentifier.
+ * <p/>
+ * The encryption key for the DataIdentifier is the the DataStoreSecret.
+ * The signature is the HMAC of the message, with the DataStoreSecret as the key.
+ * To simplify development/support, the message should be readable, for example, as an URL.
+ * Example (shortened): "message=0123456789abcd&signature=4567&length=1024".
+ * <p/>
+ * For now, we could use the following algorithms / formats:
+ * 128 bit DataStoreSecret ; AES-256 encryption / AES-CTR mode; HMAC-SHA-1.
+ */
+public class BinaryReferenceMessage implements Binary {
+
+    private String message;
+    private String signature;
+    private long referencedBinaryLength;
+    private byte[] referenceMessage;
+
+    public BinaryReferenceMessage(String contentIdentity, String key, long referencedBinaryLength) {
+        message = contentIdentity; // TODO : add AES encryption here
+        this.referencedBinaryLength = referencedBinaryLength;
+        try {
+            signature = Hex.encodeHexString(HMAC.generateCode(contentIdentity.getBytes(), key.getBytes()));
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        referenceMessage = ("message=" + message + "&signature=" + signature + "&length=" + referencedBinaryLength).getBytes();
+    }
+
+    private BinaryReferenceMessage() {
+    }
+
+    private void setMessage(String message) {
+        this.message = message;
+    }
+
+    private void setSignature(String signature) {
+        this.signature = signature;
+    }
+
+    private void setReferenceMessage(byte[] referenceMessage) {
+        this.referenceMessage = referenceMessage;
+    }
+
+    private void setReferencedBinaryLength(long referencedBinaryLength) {
+        this.referencedBinaryLength = referencedBinaryLength;
+    }
+
+    private static final Pattern binaryMessagePattern = Pattern.compile("(message\\=)(\\w{40})(\\&signature\\=)(\\w{40})(&length\\=)(\\d+)");
+
+    public static BinaryReferenceMessage readBinary(Binary binary, String encoding) throws RepositoryException {
+        final char[] binaryBuffer = new char[(int) binary.getSize()];
+        final StringBuilder out = new StringBuilder();
+        try {
+            final Reader in = new InputStreamReader(binary.getStream(), encoding);
+            int charsRead;
+            try {
+                while ((charsRead = in.read(binaryBuffer, 0, binaryBuffer.length)) >= 0) {
+                    out.append(binaryBuffer, 0, charsRead);
+                }
+            } finally {
+                in.close();
+            }
+        } catch (Exception e) {
+            throw new RepositoryException(e);
+        }
+        String binaryString = out.toString();
+
+        Matcher matcher = binaryMessagePattern.matcher(binaryString);
+        if (matcher.matches()) {
+            BinaryReferenceMessage binaryReferenceMessage = new BinaryReferenceMessage();
+            binaryReferenceMessage.setMessage(matcher.group(2));
+            binaryReferenceMessage.setSignature(matcher.group(4));
+            binaryReferenceMessage.setReferencedBinaryLength(Long.valueOf(matcher.group(6)));
+            binaryReferenceMessage.setReferenceMessage(matcher.group(0).getBytes());
+            return binaryReferenceMessage;
+        } else {
+            throw new RepositoryException("the passed Binary is not a BinaryReerenceMessage");
+        }
+
+    }
+
+    @Override
+    public InputStream getStream() throws RepositoryException {
+        checkDisposal();
+        return new ByteArrayInputStream(referenceMessage);
+    }
+
+    @Override
+    public int read(byte[] b, long position) throws IOException, RepositoryException {
+        checkDisposal();
+        int length = Math.min(b.length, referenceMessage.length - (int) position);
+        if (length > 0) {
+            System.arraycopy(referenceMessage, (int) position, b, 0, length);
+            return length;
+        } else {
+            return -1;
+        }
+    }
+
+    @Override
+    public long getSize() throws RepositoryException {
+        checkDisposal();
+        return referenceMessage.length;
+    }
+
+    @Override
+    public void dispose() {
+        referenceMessage = null;
+        message = null;
+        signature = null;
+        referencedBinaryLength = 0l;
+    }
+
+    private void checkDisposal() {
+        if (referenceMessage == null) {
+            throw new IllegalStateException("this Binary has already been disposed");
+        }
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public String getSignature() {
+        return signature;
+    }
+
+
+    public long getReferencedBinaryLength() {
+        return referencedBinaryLength;
+    }
+}

Property changes on: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/value/BinaryReferenceMessage.java
___________________________________________________________________
Added: svn:eol-style
   + native

Index: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/util/HMAC.java
===================================================================
--- jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/util/HMAC.java	(revision 0)
+++ jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/util/HMAC.java	(revision 0)
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.util;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Utility class to calculate the HMAC of a message, given a secret key.
+ * SHA-1 is used as default but other (MD5, SHA-256, etc.) can be used.
+ */
+public class HMAC {
+
+    private static final String DEFAULT_ALGORITHM = "HmacSHA1";
+
+    public static byte[] generateCode(byte[] message, final byte[] key) throws Exception {
+        return generateCode(message, key, DEFAULT_ALGORITHM);
+    }
+
+    public static byte[] generateCode(byte[] message, final byte[] key, String algorithm) throws Exception {
+        Mac mac = Mac.getInstance(algorithm);
+        SecretKeySpec k = new SecretKeySpec(key, algorithm);
+        mac.init(k);
+        return mac.doFinal(message);
+    }
+}

Property changes on: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/util/HMAC.java
___________________________________________________________________
Added: svn:eol-style
   + native

Index: jackrabbit-jcr-commons/pom.xml
===================================================================
--- jackrabbit-jcr-commons/pom.xml	(revision 1478286)
+++ jackrabbit-jcr-commons/pom.xml	(working copy)
@@ -104,6 +104,11 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
+      <groupId>commons-codec</groupId>
+      <artifactId>commons-codec</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
       <scope>test</scope>
Index: jackrabbit-core/src/test/repository/repository.xml
===================================================================
--- jackrabbit-core/src/test/repository/repository.xml	(revision 1478286)
+++ jackrabbit-core/src/test/repository/repository.xml	(working copy)
@@ -30,7 +30,9 @@
     <!--
         data store configuration
     -->
-	<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
+	<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
+    <param name="secret" value="a very well kept secret"/>
+  </DataStore>
     <!--
         sample database data store configuration
         <DataStore class="org.apache.jackrabbit.core.data.db.DbDataStore">
Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/value/ReferenceBinaryTest.java
===================================================================
--- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/value/ReferenceBinaryTest.java	(revision 0)
+++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/value/ReferenceBinaryTest.java	(revision 0)
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.value;
+
+import javax.jcr.Binary;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Value;
+
+import org.apache.commons.codec.binary.Hex;
+import org.apache.jackrabbit.api.JackrabbitValue;
+import org.apache.jackrabbit.core.RepositoryImpl;
+import org.apache.jackrabbit.core.data.DataIdentifier;
+import org.apache.jackrabbit.core.data.DataRecord;
+import org.apache.jackrabbit.core.data.DataStore;
+import org.apache.jackrabbit.core.data.RandomInputStream;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.util.HMAC;
+import org.apache.jackrabbit.value.BinaryReferenceMessage;
+import org.junit.After;
+import org.junit.Before;
+
+/**
+ * Testcase for JCR-3534.
+ */
+public class ReferenceBinaryTest extends AbstractJCRTest {
+
+    private static final int STREAM_LENGTH = 256 * 1024;
+
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        super.tearDown();
+    }
+
+    public void testBinaryReferenceMessageWithSharedRepository() throws Exception {
+
+        Session firstSession = superuser;
+
+        // create a binary
+        Binary b = vf.createBinary(new RandomInputStream(1, STREAM_LENGTH));
+
+        // crete a value
+        Value value = firstSession.getValueFactory().createValue(b);
+        JackrabbitValue jv = (JackrabbitValue) value;
+
+        // put the value in some property on a node
+        String contentNodeName = "content_" + System.nanoTime();
+        firstSession.getRootNode().addNode(contentNodeName).setProperty("jcr:data", jv);
+
+        String id = jv.getContentIdentity(); // get the data identifier
+
+        assertNotNull("content identity cannot be null", id);
+
+        // get the data store secret from the first session
+        String firstSessionSecret = ((RepositoryImpl) firstSession.getRepository()).getConfig().getDataStore().getSecret();
+
+        assertNotNull("data store firstSessionSecret should not be null here", firstSessionSecret);
+
+        // crete the binary reference message
+        BinaryReferenceMessage binaryReferenceMessage = new BinaryReferenceMessage(id, firstSessionSecret, b.getSize());
+
+        String message = binaryReferenceMessage.getMessage();
+        assertNotNull(message);
+        String signature = binaryReferenceMessage.getSignature();
+        assertNotNull(signature);
+
+        // put the reference message value in a property on a node
+        String newNode = "sample_" + System.nanoTime();
+        firstSession.getRootNode().addNode(newNode).setProperty("jcr:data", firstSession.getValueFactory().createValue(binaryReferenceMessage));
+
+        // save the first session
+        firstSession.save();
+
+
+        // get a second session over the same repository / ds
+        Session secondSession = getHelper().getRepository().login(new SimpleCredentials("admin", "admin".toCharArray()));
+
+        // read the binary referencing the binary
+        Binary binary = secondSession.getRootNode().getNode(newNode).getProperty("jcr:data").getBinary();
+
+        // check it's a binary reference message
+        BinaryReferenceMessage parsedMessage = BinaryReferenceMessage.readBinary(binary, "UTF-8");
+
+        // get the ds secret from the second session
+        DataStore dataStore = ((RepositoryImpl) secondSession.getRepository()).getConfig().getDataStore();
+        String secondSessionSecret = dataStore.getSecret();
+
+        // check signatures to verify the message comes from the same repository (since it's using the second DS secret to generate the signature)
+        assertEquals(parsedMessage.getSignature(), Hex.encodeHexString(HMAC.generateCode(parsedMessage.getMessage().getBytes(), secondSessionSecret.getBytes())));
+
+        // this checks the identifier identifies an existing item in the datastore
+        DataRecord record = dataStore.getRecord(new DataIdentifier(parsedMessage.getMessage()));
+
+        assertNotNull(record);
+        assertEquals(parsedMessage.getMessage(), record.getIdentifier().toString());
+        assertEquals(parsedMessage.getReferencedBinaryLength(), record.getLength());
+
+        try {
+            dataStore.getRecord(new DataIdentifier("someunexistingidentifier"));
+            fail("unknown identifier should not return a record");
+        } catch (Throwable e) {
+            // expected
+        }
+
+    }
+
+    public void testNotExistingBinary() throws Exception {
+        // get the datastore
+        DataStore dataStore = ((RepositoryImpl) superuser.getRepository()).getConfig().getDataStore();
+
+        // if we try to get the record of a not existing content id we'll get an error, regardless of where this id comes from
+        try {
+            dataStore.getRecord(new DataIdentifier("someunexistingidentifier"));
+            fail("unknown identifier should not return a record");
+        } catch (Throwable e) {
+            // expected
+        }
+    }
+
+
+}

Property changes on: jackrabbit-core/src/test/java/org/apache/jackrabbit/core/value/ReferenceBinaryTest.java
___________________________________________________________________
Added: svn:eol-style
   + native

Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/MultiDataStore.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/MultiDataStore.java	(revision 1478286)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/MultiDataStore.java	(working copy)
@@ -103,6 +103,11 @@
      */
     private static Logger log = LoggerFactory.getLogger(MultiDataStore.class);
 
+    /**
+     * the data store secret
+     */
+    private String secret;
+
     private DataStore primaryDataStore;
     private DataStore archiveDataStore;
 
@@ -520,6 +525,14 @@
         }
     }
 
+    public String getSecret() {
+        return secret;
+    }
+
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
+
     /**
      * Class for maintaining the MultiDataStore. It will be used to move the
      * content of the primary data store to the archive data store.
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/db/DbDataStore.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/db/DbDataStore.java	(revision 1478286)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/db/DbDataStore.java	(working copy)
@@ -188,6 +188,11 @@
     private boolean schemaCheckEnabled = true;
 
     /**
+     * the data store secret
+     */
+    private String secret;
+
+    /**
      * The logical name of the DataSource to use.
      */
     protected String dataSourceName;
@@ -1003,4 +1008,12 @@
     public void setDataSourceName(String dataSourceName) {
         this.dataSourceName = dataSourceName;
     }
+
+    public String getSecret() {
+        return secret;
+    }
+
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
 }
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/DataStore.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/DataStore.java	(revision 1478286)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/DataStore.java	(working copy)
@@ -137,4 +137,10 @@
      */
     void clearInUse();
 
+    /**
+     * Get the data store secret used for encrypting and decrypting binary igests
+     * @return a <code>String</code> representing the data store secret
+     */
+    String getSecret();
+
 }
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/FileDataStore.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/FileDataStore.java	(revision 1478286)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/data/FileDataStore.java	(working copy)
@@ -111,6 +111,11 @@
     private int minRecordLength = DEFAULT_MIN_RECORD_LENGTH;
 
     /**
+     * the data store secret
+     */
+    private String secret;
+
+    /**
      * All data identifiers that are currently in use are in this set until they are garbage collected.
      */
     protected Map<DataIdentifier, WeakReference<DataIdentifier>> inUse =
@@ -468,4 +473,12 @@
             }
         }
     }
+
+    public String getSecret() {
+        return secret;
+    }
+
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
 }
Index: jackrabbit-parent/pom.xml
===================================================================
--- jackrabbit-parent/pom.xml	(revision 1478286)
+++ jackrabbit-parent/pom.xml	(working copy)
@@ -320,6 +320,11 @@
         <version>3.2.1</version>
       </dependency>
       <dependency>
+        <groupId>commons-codec</groupId>
+        <artifactId>commons-codec</artifactId>
+        <version>1.7</version>
+      </dependency>
+      <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
         <version>2.2</version>