Module org.tentackle.common
Package org.tentackle.common

Class Cryptor

java.lang.Object
org.tentackle.common.Cryptor
All Implemented Interfaces:
Function<String,String>
public class Cryptor extends Object implements Function<String,String>
A simple en- and decryptor.
Each application should provide a concrete instance with a confidential salt and passphase and a no-arg constructor. If provided, it is used to encrypt passwords in memory, transmission during client/server login, or decrypt passwords stored in backend.properties for database connections.
Example: 
    @Service(Cryptor.class)
    public class MyCryptor extends Cryptor {

      public MyCryptor() {
        ...
      }
    }
Cryptor also implements a Function<String,String> to encrypt strings like passwords to base64 and thus can directly be used by the tentackle-maven-plugin to generate properties for filtered resources.

Notice: the security of symmetric encryption algorithms in general depends on the confidentiality of the passphrase. Thus, the passphrase should ideally not be part of the application, but provided via some external media, a mounted USB-stick, manual input, PGP keyring, whatever. However, in practice this isn't always feasible...

  • Constructor Summary

    Constructors
    Constructor
    Description
    Cryptor(byte[] salt, char[] passphrase)
    Creates a cryptor with 1024 iterations and a key strength of 256.
    Notice that salt and passphrase will be scratched for security reasons.
    Cryptor(byte[] salt, char[] passphrase, int iterations, int keyStrength)
    Creates a cryptor.
    Notice that salt and passphrase will be scratched for security reasons.
    Cryptor(String salt, String passphrase)
    Creates a cryptor with 1024 iterations and a key strength of 256.
    This is just a convenience method.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    apply(String s)
    Encrypts a string.
    Provided for the tentackle-maven-plugin.
    protected SecretKeySpec
    createSecretKeySpec(byte[] key)
    Creates the key spec.
    The default implementation returns an AES spec.
    byte[]
    decrypt(byte[] encryptedData)
    Decrypts the data.
    String
    decrypt64(String encryptedText)
    Decrypts a base64 encoded string.
    byte[]
    decrypt64ToBytes(String encryptedText)
    Decrypts a base64 encoded string.
    char[]
    decrypt64ToChars(String encryptedText)
    Decrypts a base64 encoded string.
    The method clears all traces in memory.
    char[]
    decryptToChars(byte[] encryptedData)
    Decrypts encrypted data to chars.
    String
    deriveURL(String url, String[] protocols)
    Derive the unencrypted URL.
    The URL is considered to be encrypted, if started with a fake protocol unsupported by the application in the given context.
    byte[]
    encrypt(byte[] data)
    Encrypts the data.
    byte[]
    encrypt(byte[] data, int offset, int length)
    Encrypts the data.
    byte[]
    encrypt(char[] chars)
    Encrypts a char array.
    The method clears all traces in memory, including the passed char array.
    String
    encrypt64(byte[] data)
    Encrypts data to base64 encoding.
    String
    encrypt64(char[] chars)
    Encrypts a char array to base64 encoding.
    The method clears all traces in memory, including the passed char array.
    String
    encrypt64(String text)
    Encrypts a string to base64 encoding.
    protected Cipher
    getCipher()
    Gets the cipher instance.
    The default implementation returns an AES cipher.
    static Cryptor
    getInstance()
    Gets the optional application specific cryptor singleton.
    static Cryptor
    getInstanceSafely()
    Gets the application specific cryptor singleton.
    Throws a TentackleRuntimeException if no cryptor defined.
    protected SecretKeyFactory
    getSecretKeyFactory()
    Gets the key factory.
    The default implementation returns an instance of PBKDF2WithHmacSHA1.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface java.util.function.Function

    andThen, compose

  • Constructor Details

    • Cryptor

      public Cryptor(byte[] salt, char[] passphrase, int iterations, int keyStrength)
      Creates a cryptor.
      Notice that salt and passphrase will be scratched for security reasons.
      Parameters:
      salt - the salt
      passphrase - the passphrase
      iterations - number of iterations for key generation
      keyStrength - the key strength

    • Cryptor

      public Cryptor(byte[] salt, char[] passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      Notice that salt and passphrase will be scratched for security reasons.
      Parameters:
      salt - the salt
      passphrase - the passphrase

    • Cryptor

      public Cryptor(String salt, String passphrase)
      Creates a cryptor with 1024 iterations and a key strength of 256.
      This is just a convenience method. Consider using Cryptor(byte[], char[]) instead.
      Parameters:
      salt - the salt
      passphrase - the passphrase

  • Method Details

    • getInstance

      public static Cryptor getInstance()
      Gets the optional application specific cryptor singleton.
      Returns:
      the cryptor, null if no @Service(Cryptor.class) configured

    • getInstanceSafely

      public static Cryptor getInstanceSafely()
      Gets the application specific cryptor singleton.
      Throws a TentackleRuntimeException if no cryptor defined.
      Returns:
      the cryptor, never null

    • encrypt

      public byte[] encrypt(byte[] data)
      Encrypts the data.
      Parameters:
      data - the byte array to encrypt
      Returns:
      the encrypted byte array

    • encrypt

      public byte[] encrypt(byte[] data, int offset, int length)
      Encrypts the data.
      Parameters:
      data - the byte array to encrypt
      offset - the offset in data
      length - the number of bytes
      Returns:
      the encrypted byte array

    • decrypt

      public byte[] decrypt(byte[] encryptedData)
      Decrypts the data.
      Parameters:
      encryptedData - the encrypted byte array
      Returns:
      the decrypted data

    • encrypt64

      public String encrypt64(byte[] data)
      Encrypts data to base64 encoding.
      Parameters:
      data - the byte array to encrypt
      Returns:
      the encrypted string in base64 encoding

    • encrypt

      public byte[] encrypt(char[] chars)
      Encrypts a char array.
      The method clears all traces in memory, including the passed char array.
      Parameters:
      chars - the char array to encrypt
      Returns:
      the encrypted bytes

    • encrypt64

      public String encrypt64(char[] chars)
      Encrypts a char array to base64 encoding.
      The method clears all traces in memory, including the passed char array.
      Parameters:
      chars - the char array to encrypt
      Returns:
      the encrypted string in base64 encoding

    • encrypt64

      public String encrypt64(String text)
      Encrypts a string to base64 encoding.
      Parameters:
      text - the text to encrypt
      Returns:
      the encrypted string in base64 encoding

    • decryptToChars

      public char[] decryptToChars(byte[] encryptedData)
      Decrypts encrypted data to chars.
      Parameters:
      encryptedData - the encrypted data
      Returns:
      the char array

    • decrypt64ToBytes

      public byte[] decrypt64ToBytes(String encryptedText)
      Decrypts a base64 encoded string.
      Parameters:
      encryptedText - the encrypted text in base64 encoding
      Returns:
      the decrypted data

    • decrypt64ToChars

      public char[] decrypt64ToChars(String encryptedText)
      Decrypts a base64 encoded string.
      The method clears all traces in memory.
      Parameters:
      encryptedText - the encrypted text in base64 encoding
      Returns:
      the decrypted data

    • decrypt64

      public String decrypt64(String encryptedText)
      Decrypts a base64 encoded string.
      Parameters:
      encryptedText - the encrypted text in base64 encoding
      Returns:
      the decrypted text

    • apply

      public String apply(String s)
      Encrypts a string.
      Provided for the tentackle-maven-plugin.
      Specified by:
      apply in interface Function<String,String>
      Parameters:
      s - the string
      Returns:
      the encrypted string in base64 encoding

    • deriveURL

      public String deriveURL(String url, String[] protocols)
      Derive the unencrypted URL.
      The URL is considered to be encrypted, if started with a fake protocol unsupported by the application in the given context. The first word after =~ is taken as the encrypted URL. Example: 
         https://somehost.somedomain.org/login?id=~GK+AG1QIjpBaD51HP/kw9HzpdKZLt2FrInFxd1jtPWvGzaw5lcLcHy5RB/q9yEKQ&user=100
      Hidden gem... ;)
      Parameters:
      url - the probably encrypted URL
      protocols - the fake protocols not used by the application, such as "http:" or "https:"
      Returns:
      the decrypted URL or the unchanged url, if no encryption pattern found

    • getSecretKeyFactory

      protected SecretKeyFactory getSecretKeyFactory()
      Gets the key factory.
      The default implementation returns an instance of PBKDF2WithHmacSHA1.
      Returns:
      the factory

    • createSecretKeySpec

      protected SecretKeySpec createSecretKeySpec(byte[] key)
      Creates the key spec.
      The default implementation returns an AES spec.
      Parameters:
      key - the key
      Returns:
      the spec

    • getCipher

      protected Cipher getCipher()
      Gets the cipher instance.
      The default implementation returns an AES cipher.
      Returns:
      the cipher