Module org.tentackle.common
Package org.tentackle.common

Class Cryptor

  • All Implemented Interfaces:
    Function<String,​String>
    public class Cryptor
extends Object
implements Function<String,​String>
    A simple en- and decryptor.
    Each application should provide a concrete instance with a confidential salt and passphase and a no-arg constructor. If provided, it is used to encrypt passwords in memory, transmission during client/server login, or decrypt passwords stored in backend.properties for database connections.
    Example: 
        @Service(Cryptor.class)
    public class MyCryptor extends Cryptor {

      public MyCryptor() {
        ...
      }
    }
    Cryptor also implements a Function<String,String> to encrypt strings like passwords to base64 and thus can directly be used by the tentackle-maven-plugin to generate properties for filtered resources.

    Notice: the security of symmetric encryption algorithms in general depends on the confidentiality of the passphrase. Thus, the passphrase should ideally not be part of the application, but provided via some external media, a mounted USB-stick, manual input, PGP keyring, whatever. However, in practice this isn't always feasible...

    • Constructor Summary

      Constructors 
      Constructor Description
      Cryptor​(byte[] salt, char[] passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      Notice that salt and passphrase will be scratched for security reasons.
      Cryptor​(byte[] salt, char[] passphrase, int iterations, int keyStrength)
      Creates a cryptor.
      Notice that salt and passphrase will be scratched for security reasons.
      Cryptor​(String salt, String passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      This is just a convenience method.

    • Constructor Detail

      • Cryptor

        public Cryptor​(byte[] salt,
               char[] passphrase,
               int iterations,
               int keyStrength)
        Creates a cryptor.
        Notice that salt and passphrase will be scratched for security reasons.
        Parameters:
        salt - the salt
        passphrase - the passphrase
        iterations - number of iterations for key generation
        keyStrength - the key strength

      • Cryptor

        public Cryptor​(byte[] salt,
               char[] passphrase)
        Creates a cryptor with 1024 iterations and a key strength of 256.
        Notice that salt and passphrase will be scratched for security reasons.
        Parameters:
        salt - the salt
        passphrase - the passphrase

      • Cryptor

        public Cryptor​(String salt,
               String passphrase)
        Creates a cryptor with 1024 iterations and a key strength of 256.
        This is just a convenience method. Consider using Cryptor(byte[], char[]) instead.
        Parameters:
        salt - the salt
        passphrase - the passphrase

    • Method Detail

      • getInstance

        public static Cryptor getInstance()
        Gets the optional application specific cryptor singleton.
        Returns:
        the cryptor, null if no @Service(Cryptor.class) configured

      • encrypt

        public byte[] encrypt​(byte[] data)
        Encrypts the data.
        Parameters:
        data - the byte array to encrypt
        Returns:
        the encrypted byte array

      • encrypt

        public byte[] encrypt​(byte[] data,
                      int offset,
                      int length)
        Encrypts the data.
        Parameters:
        data - the byte array to encrypt
        offset - the offset in data
        length - the number of bytes
        Returns:
        the encrypted byte array

      • decrypt

        public byte[] decrypt​(byte[] encryptedData)
        Decrypts the data.
        Parameters:
        encryptedData - the encrypted byte array
        Returns:
        the decrypted data

      • encrypt64

        public String encrypt64​(byte[] data)
        Encrypts data to base64 encoding.
        Parameters:
        data - the byte array to encrypt
        Returns:
        the encrypted string in base64 encoding

      • encrypt

        public byte[] encrypt​(char[] chars)
        Encrypts a char array.
        The method clears all traces in memory, including the passed char array.
        Parameters:
        chars - the char array to encrypt
        Returns:
        the encrypted bytes

      • encrypt64

        public String encrypt64​(char[] chars)
        Encrypts a char array to base64 encoding.
        The method clears all traces in memory, including the passed char array.
        Parameters:
        chars - the char array to encrypt
        Returns:
        the encrypted string in base64 encoding

      • encrypt64

        public String encrypt64​(String text)
        Encrypts a string to base64 encoding.
        Parameters:
        text - the text to encrypt
        Returns:
        the encrypted string in base64 encoding

      • decryptToChars

        public char[] decryptToChars​(byte[] encryptedData)
        Decrypts encrypted data to chars.
        Parameters:
        encryptedData - the encrypted data
        Returns:
        the char array

      • decrypt64ToBytes

        public byte[] decrypt64ToBytes​(String encryptedText)
        Decrypts a base64 encoded string.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted data

      • decrypt64ToChars

        public char[] decrypt64ToChars​(String encryptedText)
        Decrypts a base64 encoded string.
        The method clears all traces in memory.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted data

      • decrypt64

        public String decrypt64​(String encryptedText)
        Decrypts a base64 encoded string.
        Parameters:
        encryptedText - the encrypted text in base64 encoding
        Returns:
        the decrypted text

      • apply

        public String apply​(String s)
        Encrypts a string.
        Provided for the tentackle-maven-plugin.
        Specified by:
        apply in interface Function<String,​String>
        Parameters:
        s - the string
        Returns:
        the encrypted string in base64 encoding

      • deriveURL

        public String deriveURL​(String url,
                        String[] protocols)
        Derive the unencrypted URL.
        The URL is considered to be encrypted, if started with a fake protocol unsupported by the application in the given context. The first word after =~ is taken as the encrypted URL. Example: 
           https://somehost.somedomain.org/login?id=~GK+AG1QIjpBaD51HP/kw9HzpdKZLt2FrInFxd1jtPWvGzaw5lcLcHy5RB/q9yEKQ&user=100
        Hidden gem... ;)
        Parameters:
        url - the probably encrypted URL
        protocols - the fake protocols not used by the application, such as "http:" or "https:"
        Returns:
        the decrypted URL or the unchanged url, if no encryption pattern found

      • getSecretKeyFactory

        protected SecretKeyFactory getSecretKeyFactory()
        Gets the key factory.
        The default implementation returns an instance of PBKDF2WithHmacSHA1.
        Returns:
        the factory

      • createSecretKeySpec

        protected SecretKeySpec createSecretKeySpec​(byte[] key)
        Creates the key spec.
        The default implementation returns an AES spec.
        Parameters:
        key - the key
        Returns:
        the spec

      • getCipher

        protected Cipher getCipher()
        Gets the cipher instance.
        The default implementation returns an AES cipher.
        Returns:
        the cipher