org.jasypt.encryption.pbe.config
Class SimplePBEConfig

Object
  org.jasypt.encryption.pbe.config.SimplePBEConfig

All Implemented Interfaces:

PBECleanablePasswordConfig, PBEConfig

Direct Known Subclasses:

EnvironmentPBEConfig, SimpleStringPBEConfig, WebPBEConfig

public class SimplePBEConfig
extends Object
implements PBEConfig, PBECleanablePasswordConfig

Bean implementation for PBEConfig. This class allows the values for the configuration parameters to be set via "standard" setX methods.

For any of the configuration parameters, if its setX method is not called, a null value will be returned by the corresponding getX method.

Note that there is not an exact correspondence between setX() and getX() methods, as sometimes two methods like setProvider() and setProviderClassName() will affect the same configuration parameter (getProvider()). This means that several combinations of setX() methods collide, and should not be called together (a call to setProviderClassName() will override any previous call to setProvider()).

Also note that, in order to satisfy the needs of extreme security-conscious environments in which no immutable String containing the password is allowed to be kept in memory, this configuration objects stores the password as char[] that is cleaned (reset to '') by the jasypt engine as soon as encryption operations start (and therefore the specified password is no longer needed as an attribute) (see PBECleanablePasswordConfig).

Setting and getting the password as a char[] is also allowed via the getPasswordCharArray() and setPasswordCharArray(char[]) methods.

Since:

1.0

Author:

Daniel Fernández

Constructor Summary

SimplePBEConfig()
Creates a new SimplePBEConfig instance.

Method Summary

void	cleanPassword() Clean the password stored in this configuration object.
String	getAlgorithm() Returns the algorithm to be used for encryption, like PBEWithMD5AndDES.
Integer	getKeyObtentionIterations() Returns the number of hashing iterations applied to obtain the encryption key.
String	getPassword() Returns the password to be used.
char[]	getPasswordCharArray() Return the password set, as a char array.
Integer	getPoolSize() Get the size of the pool of encryptors to be created.
Provider	getProvider() Returns the java.security.Provider implementation object to be used by the encryptor for obtaining the encryption algorithm.
String	getProviderName() Returns the name of the java.security.Provider implementation to be used by the encryptor for obtaining the encryption algorithm.
SaltGenerator	getSaltGenerator() Returns a SaltGenerator implementation to be used by the encryptor.
void	setAlgorithm(String algorithm) Sets a value for the encryption algorithm
void	setKeyObtentionIterations(Integer keyObtentionIterations) Sets the number of hashing iterations applied to obtain the encryption key.
void	setKeyObtentionIterations(String keyObtentionIterations) Sets the number of hashing iterations applied to obtain the encryption key.
void	setPassword(String password) Sets the password to be used for encryption.
void	setPasswordCharArray(char[] password) Sets the password to be used for encryption, as a char[].
void	setPoolSize(Integer poolSize) Sets the size of the pool of encryptors to be created.
void	setPoolSize(String poolSize) Sets the size of the pool of encryptors to be created.
void	setProvider(Provider provider) Sets the security provider to be used for obtaining the encryption algorithm.
void	setProviderClassName(String providerClassName) Sets the security provider to be used for obtaining the encryption algorithm.
void	setProviderName(String providerName) Sets the name of the security provider to be asked for the encryption algorithm.
void	setSaltGenerator(SaltGenerator saltGenerator) Sets the salt generator.
void	setSaltGeneratorClassName(String saltGeneratorClassName) Sets the salt generator.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimplePBEConfig

public SimplePBEConfig()

Creates a new SimplePBEConfig instance.

Method Detail

setAlgorithm

public void setAlgorithm(String algorithm)

Sets a value for the encryption algorithm

This algorithm has to be supported by your JCE provider and, if this provider supports it, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.

Determines the result of: getAlgorithm()

Parameters:

algorithm - the name of the algorithm to be used

setPassword

public void setPassword(String password)

Sets the password to be used for encryption.

Determines the result of: getPassword() and getPasswordCharArray().

Parameters:

password - the password to be used.

setPasswordCharArray

public void setPasswordCharArray(char[] password)

Sets the password to be used for encryption, as a char[].

This allows the password to be specified as a cleanable char[] instead of a String, in extreme security conscious environments in which no copy of the password as an immutable String should be kept in memory.

Important: the array specified as a parameter WILL BE COPIED in order to be stored in the configuration object. The caller of this method will therefore be responsible for its cleaning (jasypt will only clean the internally stored copy).

Determines the result of: getPassword() and getPasswordCharArray().

Parameters:

password - the password to be used.

Since:

1.8

setKeyObtentionIterations

public void setKeyObtentionIterations(Integer keyObtentionIterations)

Sets the number of hashing iterations applied to obtain the encryption key.

Determines the result of: getKeyObtentionIterations()

Parameters:

keyObtentionIterations - the number of iterations.

setKeyObtentionIterations

public void setKeyObtentionIterations(String keyObtentionIterations)

Sets the number of hashing iterations applied to obtain the encryption key.

Determines the result of: getKeyObtentionIterations()

Parameters:

keyObtentionIterations - the number of iterations.

Since:

1.4

setSaltGenerator

public void setSaltGenerator(SaltGenerator saltGenerator)

Sets the salt generator.

If not set, null will returned.

Determines the result of: getSaltGenerator()

Parameters:

saltGenerator - the salt generator.

setSaltGeneratorClassName

public void setSaltGeneratorClassName(String saltGeneratorClassName)

Sets the salt generator.

If not set, null will returned.

Determines the result of: getSaltGenerator()

Parameters:

saltGeneratorClassName - the name of the salt generator class.

Since:

1.4

setProviderName

public void setProviderName(String providerName)

Sets the name of the security provider to be asked for the encryption algorithm. This provider should be already registered.

If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

If not set, null will be returned.

Determines the result of: getProviderName()

Parameters:

providerName - the name of the security provider.

Since:

1.3

setProvider

public void setProvider(Provider provider)

Sets the security provider to be used for obtaining the encryption algorithm. This method is an alternative to both setProviderName(String) and setProviderClassName(String) and they should not be used altogether. The provider specified with setProvider(Provider) does not have to be registered beforehand, and its use will not result in its being registered.

If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

If not set, null will be returned.

Determines the result of: getProvider()

Parameters:

provider - the security provider object.

Since:

1.3

setProviderClassName

public void setProviderClassName(String providerClassName)

Sets the security provider to be used for obtaining the encryption algorithm. This method is an alternative to both setProviderName(String) and setProvider(Provider) and they should not be used altogether. The provider specified with setProviderClassName(String) does not have to be registered beforehand, and its use will not result in its being registered.

If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

If not set, null will be returned.

Determines the result of: getProvider()

Parameters:

providerClassName - the name of the security provider class.

Since:

1.4

setPoolSize

public void setPoolSize(Integer poolSize)

Sets the size of the pool of encryptors to be created.

This parameter will be ignored if used with a non-pooled encryptor.

If not set, null will be returned.

Determines the result of: getPoolSize()

Parameters:

poolSize - the size of the pool to be used if this configuration is used with a pooled encryptor

Since:

1.7

setPoolSize

public void setPoolSize(String poolSize)

Sets the size of the pool of encryptors to be created.

This parameter will be ignored if used with a non-pooled encryptor.

If not set, null will be returned.

Determines the result of: getPoolSize()

Parameters:

poolSize - the size of the pool to be used if this configuration is used with a pooled encryptor

Since:

1.7

getAlgorithm

public String getAlgorithm()

Description copied from interface: PBEConfig

Returns the algorithm to be used for encryption, like PBEWithMD5AndDES.

This algorithm has to be supported by the specified JCE provider (or the default one if no provider has been specified) and, if the provider supports it, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.

Specified by:

getAlgorithm in interface PBEConfig

Returns:

the name of the algorithm to be used.

getPassword

public String getPassword()

Description copied from interface: PBEConfig

Returns the password to be used.

There is no default value for password, so not setting this parameter either from a PBEConfig object or from a call to setPassword will result in an EncryptionInitializationException being thrown during initialization.

Specified by:

getPassword in interface PBEConfig

Returns:

the password to be used.

getPasswordCharArray

public char[] getPasswordCharArray()

Description copied from interface: PBECleanablePasswordConfig

Return the password set, as a char array.

Important: the returned array MUST BE A COPY of the one stored in the configuration object. The caller of this method is therefore be responsible for cleaning this resulting char[].

Specified by:

getPasswordCharArray in interface PBECleanablePasswordConfig

getKeyObtentionIterations

public Integer getKeyObtentionIterations()

Description copied from interface: PBEConfig

Returns the number of hashing iterations applied to obtain the encryption key.

This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.

Specified by:

getKeyObtentionIterations in interface PBEConfig

Returns:

the number of iterations

getSaltGenerator

public SaltGenerator getSaltGenerator()

Description copied from interface: PBEConfig

Returns a SaltGenerator implementation to be used by the encryptor.

If this method returns null, the encryptor will ignore the config object when deciding the salt generator to be used.

Specified by:

getSaltGenerator in interface PBEConfig

Returns:

the salt generator, or null if this object will not want to set a specific SaltGenerator implementation.

getProviderName

public String getProviderName()

Description copied from interface: PBEConfig

Returns the name of the java.security.Provider implementation to be used by the encryptor for obtaining the encryption algorithm. This provider must have been registered beforehand.

If this method returns null, the encryptor will ignore this parameter when deciding the name of the security provider to be used.

If this method does not return null, and neither does PBEConfig.getProvider(), providerName will be ignored, and the provider object returned by getProvider() will be used.

Specified by:

getProviderName in interface PBEConfig

Returns:

the name of the security provider to be used.

getProvider

public Provider getProvider()

Description copied from interface: PBEConfig

Returns the java.security.Provider implementation object to be used by the encryptor for obtaining the encryption algorithm.

If this method returns null, the encryptor will ignore this parameter when deciding the security provider object to be used.

If this method does not return null, and neither does PBEConfig.getProviderName(), providerName will be ignored, and the provider object returned by getProvider() will be used.

The provider returned by this method does not need to be registered beforehand, and its use will not result in its being registered.

Specified by:

getProvider in interface PBEConfig

Returns:

the security provider object to be asked for the digest algorithm.

getPoolSize

public Integer getPoolSize()

Description copied from interface: PBEConfig

Get the size of the pool of encryptors to be created.

This parameter will be ignored if used with a non-pooled encryptor.

Specified by:

getPoolSize in interface PBEConfig

Returns:

the size of the pool to be used if this configuration is used with a pooled encryptor

cleanPassword

public void cleanPassword()

Description copied from interface: PBECleanablePasswordConfig

Clean the password stored in this configuration object.

A common implementation of this cleaning operation consists of iterating the array of chars and setting each of its positions to (char)0.

Specified by:

cleanPassword in interface PBECleanablePasswordConfig