Home » geronimo-2.2-source-release » org.apache.geronimo.crypto » [javadoc | source]

    1   /**
    2    *  Licensed to the Apache Software Foundation (ASF) under one or more
    3    *  contributor license agreements.  See the NOTICE file distributed with
    4    *  this work for additional information regarding copyright ownership.
    5    *  The ASF licenses this file to You under the Apache License, Version 2.0
    6    *  (the "License"); you may not use this file except in compliance with
    7    *  the License.  You may obtain a copy of the License at
    8    *
    9    *     http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    *  Unless required by applicable law or agreed to in writing, software
   12    *  distributed under the License is distributed on an "AS IS" BASIS,
   13    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    *  See the License for the specific language governing permissions and
   15    *  limitations under the License.
   16    */
   17   package org.apache.geronimo.crypto;
   18   
   19   import java.util.Collections;
   20   import java.util.HashMap;
   21   import java.util.Map;
   22   import java.io.Serializable;
   23   
   24   /**
   25    * A static class that uses registered Encryption instances to encypt and decrypt objects, typically strings.
   26    * The encrypted strings are preceded by the name of the Encryption object, such as {Simple}, followed by the base64
   27    * encoded encrypted bytes.
   28    *
   29    * Any number of Encryption instances can be registered but only the first to be explicitly registered will be used.
   30    * However, when decrypting the Encryption instance is looked up from the name prefix so may be any registered Encryption instance.
   31    * Furthermore, encrypt and decrypt are idempotent.  Calling encrypt on a string encrypted with a registered Encryption that is not
   32    * the one in use will decrypt the string and re-encrypt it with the one in use.  This can be useful when changing Encryption.
   33    *
   34    * The default Encryption instance (that does not need to be registered) is SimpleEncryption which uses a fixed key hardcoded into
   35    * the Encryption class itself.  Thus it is useful only to hide information from those who don't read code.  On the other hand
   36    * you can't lose the key and make your server permanently unusable.
   37    *
   38    * n.b. calling these methods idempotent is a slight exageration as this would apply only if all arguments and return values are Strings.
   39    *
   40    * @version $Rev: 617737 $ $Date: 2008-02-01 17:39:58 -0800 (Fri, 01 Feb 2008) $
   41    */
   42   public class EncryptionManager {
   43   
   44       private static final Map<String, Encryption> ENCRYPTORS = Collections.synchronizedMap(new HashMap<String, Encryption>());
   45       private final static String SIMPLE_ENCRYPTION_PREFIX = "{Simple}";
   46   
   47       static {
   48           ENCRYPTORS.put(SIMPLE_ENCRYPTION_PREFIX, SimpleEncryption.INSTANCE);
   49           //login properties files used to have this
   50           ENCRYPTORS.put("{Standard}", SimpleEncryption.INSTANCE);
   51       }
   52   
   53       private static String encryptionPrefix = SIMPLE_ENCRYPTION_PREFIX;
   54   
   55       /**
   56        * Encryption instances should call this to register themselves.
   57        *
   58        * @param prefix id in form {name} for the Encryption instance
   59        * @param encryption Encryption instance to do the work.
   60        */
   61       public synchronized static void setEncryptionPrefix(String prefix, Encryption encryption) {
   62           if (SIMPLE_ENCRYPTION_PREFIX.equals(encryptionPrefix)) {
   63               encryptionPrefix = prefix;
   64           }
   65           ENCRYPTORS.put(prefix, encryption);
   66       }
   67   
   68       /**
   69        * Idempotent method that outputs string starting with the active registered encryption prefix followed by
   70        * the output of the registered Encryption instance.  If called with a string encrypted by another
   71        * registered Encryption it will re-encrypt with the active Encryption instance.
   72        * @param source Serializable object to encrypt, usually a password string or an already encrypted string.
   73        * @return the name of the registered Encryption followed by its output.
   74        */
   75       public static String encrypt(Serializable source) {
   76           if (source instanceof String) {
   77               String sourceString = (String) source;
   78               if (sourceString.startsWith(encryptionPrefix)) {
   79                   return (String) source;
   80               } else if (sourceString.startsWith("{")) {
   81                   source = decrypt(sourceString);
   82               }
   83           }
   84           Encryption encryption = ENCRYPTORS.get(encryptionPrefix);
   85           return encryptionPrefix + encryption.encrypt(source);
   86       }
   87   
   88       /**
   89        * Idempotent method that given a String starting with a registered Encryption name will remove the
   90        * name prefix and return the result of applying the Encryption to the suffix.  If no registered Encryption
   91        * name matches the start of the string the input will be returned.
   92        * @param source String that is possibly the output of calling encrypt, consisting of a Encryption name followed by its encrypt output.
   93        * @return the result of applying the Encryption.decrypt method to the input suffix after identifying the Encryption from the prefix, or the
   94        * input if no Encryption name matches.
   95        */
   96       public static Serializable decrypt(String source) {
   97           String prefix = null;
   98           Encryption encryption = null;
   99           synchronized (ENCRYPTORS) {
  100               for (Map.Entry<String, Encryption> entry : ENCRYPTORS.entrySet()) {
  101                   prefix = entry.getKey();
  102                   if (source.startsWith(prefix)) {
  103                       encryption = entry.getValue();
  104                       break;
  105                   }
  106               }
  107           }
  108           if (encryption != null) {
  109               return encryption.decrypt(source.substring(prefix.length()));
  110           }
  111           return source;
  112       }
  113   }

Home » geronimo-2.2-source-release » org.apache.geronimo.crypto » [javadoc | source]