Module org.tentackle.common
Package org.tentackle.common

Class Cryptor

  • All Implemented Interfaces:
    java.util.function.Function<java.lang.String,​java.lang.String>
    public class Cryptor
extends java.lang.Object
implements java.util.function.Function<java.lang.String,​java.lang.String>
    A simple en- and decryptor.
    Each application should provide a concrete instance with a confidential salt and passphase and a no-arg constructor. If provided, it is used to encrypt passwords in memory, transmission during client/server login, or decrypt passwords stored in backend.properties for database connections.
    Example: 
        @Service(Cryptor.class)
    public class MyCryptor extends Cryptor {

      public MyCryptor() {
        ...
      }
    }
    Cryptor also implements a Function<String,String> to encrypt strings like passwords to base64 and thus can directly be used by the tentackle-maven-plugin to generate properties for filtered resources.

    Notice: the security of symmetric encryption algorithms in general depends on the confidentiality of the passphrase. Thus, the passphrase should ideally not be part of the application, but provided via some external media, a mounted USB-stick, manual input, PGP keyring, whatever. However, in practice this isn't always feasible...

    • Constructor Summary

      Constructors 
      Constructor Description
      Cryptor​(byte[] salt, char[] passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      Notice that salt and passphrase will be scratched for security reasons.
      Cryptor​(byte[] salt, char[] passphrase, int iterations, int keyStrength)
      Creates a cryptor.
      Notice that salt and passphrase will be scratched for security reasons.
      Cryptor​(java.lang.String salt, java.lang.String passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      This is just a convenience method.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String apply​(java.lang.String s)
      Encrypts a string.
      Provided for the tentackle-maven-plugin.
      protected javax.crypto.spec.SecretKeySpec createSecretKeySpec​(byte[] key)
      Creates the key spec.
      The default implementation returns an AES spec.
      byte[] decrypt​(byte[] encryptedData)
      Decrypts the data.
      java.lang.String decrypt64​(java.lang.String encryptedText)
      Decrypts a base64 encoded string.
      byte[] decrypt64ToBytes​(java.lang.String encryptedText)
      Decrypts a base64 encoded string.
      char[] decrypt64ToChars​(java.lang.String encryptedText)
      Decrypts a base64 encoded string.
      The method clears all traces in memory.
      char[] decryptToChars​(byte[] encryptedData)
      Decrypts encrypted data to chars.
      byte[] encrypt​(byte[] data)
      Encrypts the data.
      byte[] encrypt​(byte[] data, int offset, int length)
      Encrypts the data.
      byte[] encrypt​(char[] chars)
      Encrypts a char array.
      The method clears all traces in memory, including the passed char array.
      java.lang.String encrypt64​(byte[] data)
      Encrypts data to base64 encoding.
      java.lang.String encrypt64​(char[] chars)
      Encrypts a char array to base64 encoding.
      The method clears all traces in memory, including the passed char array.
      java.lang.String encrypt64​(java.lang.String text)
      Encrypts a string to base64 encoding.
      protected javax.crypto.Cipher getCipher()
      Gets the cipher instance.
      The default implementation returns an AES cipher.
      static Cryptor getInstance()
      Gets the optional application specific cryptor singleton.
      protected javax.crypto.SecretKeyFactory getSecretKeyFactory()
      Gets the key factory.
      The default implementation returns an instance of PBKDF2WithHmacSHA1.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface java.util.function.Function

        andThen, compose

    • Constructor Detail

      • Cryptor

        public Cryptor​(byte[] salt,
               char[] passphrase,
               int iterations,
               int keyStrength)
        Creates a cryptor.
        Notice that salt and passphrase will be scratched for security reasons.
        Parameters:
        salt - the salt
        passphrase - the passphrase
        iterations - number of iterations for key generation
        keyStrength - the key strength

      • Cryptor

        public Cryptor​(byte[] salt,
               char[] passphrase)
        Creates a cryptor with 1024 iterations and a key strength of 256.
        Notice that salt and passphrase will be scratched for security reasons.
        Parameters:
        salt - the salt
        passphrase - the passphrase

      • Cryptor

        public Cryptor​(java.lang.String salt,
               java.lang.String passphrase)
        Creates a cryptor with 1024 iterations and a key strength of 256.
        This is just a convenience method. Consider using Cryptor(byte[], char[]) instead.
        Parameters:
        salt - the salt
        passphrase - the passphrase

    • Method Detail

      • getInstance

        public static Cryptor getInstance()
        Gets the optional application specific cryptor singleton.
        Returns:
        the cryptor, null if no @Service(Cryptor.class) configured

      • encrypt

        public byte[] encrypt​(byte[] data)
        Encrypts the data.
        Parameters:
        data - the byte array to encrypt
        Returns:
        the encrypted byte array

      • encrypt

        public byte[] encrypt​(byte[] data,
                      int offset,
                      int length)
        Encrypts the data.
        Parameters:
        data - the byte array to encrypt
        offset - the offset in data
        length - the number of bytes
        Returns:
        the encrypted byte array

      • decrypt

        public byte[] decrypt​(byte[] encryptedData)
        Decrypts the data.
        Parameters:
        encryptedData - the encrypted byte array
        Returns:
        the decrypted data

      • encrypt64

        public java.lang.String encrypt64​(byte[] data)
        Encrypts data to base64 encoding.
        Parameters:
        data - the byte array to encrypt
        Returns:
        the encrypted string in base64 encoding

      • encrypt

        public byte[] encrypt​(char[] chars)
        Encrypts a char array.
        The method clears all traces in memory, including the passed char array.
        Parameters:
        chars - the char array to encrypt
        Returns:
        the encrypted bytes

      • encrypt64

        public java.lang.String encrypt64​(char[] chars)
        Encrypts a char array to base64 encoding.
        The method clears all traces in memory, including the passed char array.
        Parameters:
        chars - the char array to encrypt
        Returns:
        the encrypted string in base64 encoding

      • encrypt64

        public java.lang.String encrypt64​(java.lang.String text)
        Encrypts a string to base64 encoding.
        Parameters:
        text - the text to encrypt
        Returns:
        the encrypted string in base64 encoding

      • decryptToChars

        public char[] decryptToChars​(byte[] encryptedData)
        Decrypts encrypted data to chars.
        Parameters:
        encryptedData - the encrypted data
        Returns:
        the char array

      • decrypt64ToBytes

        public byte[] decrypt64ToBytes​(java.lang.String encryptedText)
        Decrypts a base64 encoded string.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted data

      • decrypt64ToChars

        public char[] decrypt64ToChars​(java.lang.String encryptedText)
        Decrypts a base64 encoded string.
        The method clears all traces in memory.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted data

      • decrypt64

        public java.lang.String decrypt64​(java.lang.String encryptedText)
        Decrypts a base64 encoded string.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted text

      • apply

        public java.lang.String apply​(java.lang.String s)
        Encrypts a string.
        Provided for the tentackle-maven-plugin.
        Specified by:
        apply in interface java.util.function.Function<java.lang.String,​java.lang.String>
        Parameters:
        s - the string
        Returns:
        the encrypted string in base64 encoding

      • getSecretKeyFactory

        protected javax.crypto.SecretKeyFactory getSecretKeyFactory()
        Gets the key factory.
        The default implementation returns an instance of PBKDF2WithHmacSHA1.
        Returns:
        the factory

      • createSecretKeySpec

        protected javax.crypto.spec.SecretKeySpec createSecretKeySpec​(byte[] key)
        Creates the key spec.
        The default implementation returns an AES spec.
        Parameters:
        key - the key
        Returns:
        the spec

      • getCipher

        protected javax.crypto.Cipher getCipher()
        Gets the cipher instance.
        The default implementation returns an AES cipher.
        Returns:
        the cipher