Package org.jasypt.encryption.pbe.config

Class SimplePBEConfig

Object
org.jasypt.encryption.pbe.config.SimplePBEConfig
All Implemented Interfaces:
PBECleanablePasswordConfig, PBEConfig
Direct Known Subclasses:
EnvironmentPBEConfig, SimpleStringPBEConfig, WebPBEConfig
public class SimplePBEConfig extends Object implements PBEConfig, PBECleanablePasswordConfig

Bean implementation for PBEConfig. This class allows the values for the configuration parameters to be set via "standard" setX methods.

For any of the configuration parameters, if its setX method is not called, a null value will be returned by the corresponding getX method.

Note that there is not an exact correspondence between setX() and getX() methods, as sometimes two methods like setProvider() and setProviderClassName() will affect the same configuration parameter (getProvider()). This means that several combinations of setX() methods collide, and should not be called together (a call to setProviderClassName() will override any previous call to setProvider()).

Also note that, in order to satisfy the needs of extreme security-conscious environments in which no immutable String containing the password is allowed to be kept in memory, this configuration objects stores the password as char[] that is cleaned (reset to '') by the jasypt engine as soon as encryption operations start (and therefore the specified password is no longer needed as an attribute) (see PBECleanablePasswordConfig).

Setting and getting the password as a char[] is also allowed via the getPasswordCharArray() and setPasswordCharArray(char[]) methods.

Since:
1.0
Author:
Daniel Fernández

  • Constructor Details

    • SimplePBEConfig

      public SimplePBEConfig()

      Creates a new SimplePBEConfig instance.

  • Method Details

    • setAlgorithm

      public void setAlgorithm(String algorithm)

      Sets a value for the encryption algorithm

      This algorithm has to be supported by your JCE provider and, if this provider supports it, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.

      Determines the result of: getAlgorithm()

      Parameters:
      algorithm - the name of the algorithm to be used

    • setPassword

      public void setPassword(String password)
      Sets the password to be used for encryption.

      Determines the result of: getPassword() and getPasswordCharArray().

      Parameters:
      password - the password to be used.

    • setPasswordCharArray

      public void setPasswordCharArray(char[] password)
      Sets the password to be used for encryption, as a char[].

      This allows the password to be specified as a cleanable char[] instead of a String, in extreme security conscious environments in which no copy of the password as an immutable String should be kept in memory.

      Important: the array specified as a parameter WILL BE COPIED in order to be stored in the configuration object. The caller of this method will therefore be responsible for its cleaning (jasypt will only clean the internally stored copy).

      Determines the result of: getPassword() and getPasswordCharArray().

      Parameters:
      password - the password to be used.
      Since:
      1.8

    • setKeyObtentionIterations

      public void setKeyObtentionIterations(Integer keyObtentionIterations)
      Sets the number of hashing iterations applied to obtain the encryption key.

      Determines the result of: getKeyObtentionIterations()

      Parameters:
      keyObtentionIterations - the number of iterations.

    • setKeyObtentionIterations

      public void setKeyObtentionIterations(String keyObtentionIterations)
      Sets the number of hashing iterations applied to obtain the encryption key.

      Determines the result of: getKeyObtentionIterations()

      Parameters:
      keyObtentionIterations - the number of iterations.
      Since:
      1.4

    • setSaltGenerator

      public void setSaltGenerator(SaltGenerator saltGenerator)

      Sets the salt generator.

      If not set, null will returned.

      Determines the result of: getSaltGenerator()

      Parameters:
      saltGenerator - the salt generator.

    • setSaltGeneratorClassName

      public void setSaltGeneratorClassName(String saltGeneratorClassName)

      Sets the salt generator.

      If not set, null will returned.

      Determines the result of: getSaltGenerator()

      Parameters:
      saltGeneratorClassName - the name of the salt generator class.
      Since:
      1.4

    • setIvGenerator

      public void setIvGenerator(IvGenerator ivGenerator)

      Sets the IV generator.

      If not set, null will returned.

      Determines the result of: getIvGenerator()

      Parameters:
      ivGenerator - the IV generator.
      Since:
      1.9.3

    • setIvGeneratorClassName

      public void setIvGeneratorClassName(String ivGeneratorClassName)

      Sets the IV generator.

      If not set, null will returned.

      Determines the result of: getIvGenerator()

      Parameters:
      ivGeneratorClassName - the name of the IV generator class.
      Since:
      1.9.3

    • setProviderName

      public void setProviderName(String providerName)

      Sets the name of the security provider to be asked for the encryption algorithm. This provider should be already registered.

      If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

      If not set, null will be returned.

      Determines the result of: getProviderName()

      Parameters:
      providerName - the name of the security provider.
      Since:
      1.3

    • setProvider

      public void setProvider(Provider provider)

      Sets the security provider to be used for obtaining the encryption algorithm. This method is an alternative to both setProviderName(String) and setProviderClassName(String) and they should not be used altogether. The provider specified with setProvider(Provider) does not have to be registered beforehand, and its use will not result in its being registered.

      If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

      If not set, null will be returned.

      Determines the result of: getProvider()

      Parameters:
      provider - the security provider object.
      Since:
      1.3

    • setProviderClassName

      public void setProviderClassName(String providerClassName)

      Sets the security provider to be used for obtaining the encryption algorithm. This method is an alternative to both setProviderName(String) and setProvider(Provider) and they should not be used altogether. The provider specified with setProviderClassName(String) does not have to be registered beforehand, and its use will not result in its being registered.

      If both the providerName and provider properties are set, only provider will be used, and providerName will have no meaning for the encryptor object.

      If not set, null will be returned.

      Determines the result of: getProvider()

      Parameters:
      providerClassName - the name of the security provider class.
      Since:
      1.4

    • setPoolSize

      public void setPoolSize(Integer poolSize)

      Sets the size of the pool of encryptors to be created.

      This parameter will be ignored if used with a non-pooled encryptor.

      If not set, null will be returned.

      Determines the result of: getPoolSize()

      Parameters:
      poolSize - the size of the pool to be used if this configuration is used with a pooled encryptor
      Since:
      1.7

    • setPoolSize

      public void setPoolSize(String poolSize)

      Sets the size of the pool of encryptors to be created.

      This parameter will be ignored if used with a non-pooled encryptor.

      If not set, null will be returned.

      Determines the result of: getPoolSize()

      Parameters:
      poolSize - the size of the pool to be used if this configuration is used with a pooled encryptor
      Since:
      1.7

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: PBEConfig

      Returns the algorithm to be used for encryption, like PBEWithMD5AndDES.

      This algorithm has to be supported by the specified JCE provider (or the default one if no provider has been specified) and, if the provider supports it, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.

      Specified by:
      getAlgorithm in interface PBEConfig
      Returns:
      the name of the algorithm to be used.

    • getPassword

      public String getPassword()
      Description copied from interface: PBEConfig

      Returns the password to be used.

      There is no default value for password, so not setting this parameter either from a PBEConfig object or from a call to setPassword will result in an EncryptionInitializationException being thrown during initialization.

      Specified by:
      getPassword in interface PBEConfig
      Returns:
      the password to be used.

    • getPasswordCharArray

      public char[] getPasswordCharArray()
      Description copied from interface: PBECleanablePasswordConfig

      Return the password set, as a char array.

      Important: the returned array MUST BE A COPY of the one stored in the configuration object. The caller of this method is therefore be responsible for cleaning this resulting char[].

      Specified by:
      getPasswordCharArray in interface PBECleanablePasswordConfig

    • getKeyObtentionIterations

      public Integer getKeyObtentionIterations()
      Description copied from interface: PBEConfig

      Returns the number of hashing iterations applied to obtain the encryption key.

      This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.

      Specified by:
      getKeyObtentionIterations in interface PBEConfig
      Returns:
      the number of iterations

    • getSaltGenerator

      public SaltGenerator getSaltGenerator()
      Description copied from interface: PBEConfig

      Returns a SaltGenerator implementation to be used by the encryptor.

      If this method returns null, the encryptor will ignore the config object when deciding the salt generator to be used.

      Specified by:
      getSaltGenerator in interface PBEConfig
      Returns:
      the salt generator, or null if this object will not want to set a specific SaltGenerator implementation.

    • getIvGenerator

      public IvGenerator getIvGenerator()
      Description copied from interface: PBEConfig

      Returns a IvGenerator implementation to be used by the encryptor.

      If this method returns null, the encryptor will ignore the config object when deciding the IV generator to be used.

      Specified by:
      getIvGenerator in interface PBEConfig
      Returns:
      the IV generator, or null if this object will not want to set a specific IvGenerator implementation.

    • getProviderName

      public String getProviderName()
      Description copied from interface: PBEConfig

      Returns the name of the java.security.Provider implementation to be used by the encryptor for obtaining the encryption algorithm. This provider must have been registered beforehand.

      If this method returns null, the encryptor will ignore this parameter when deciding the name of the security provider to be used.

      If this method does not return null, and neither does PBEConfig.getProvider(), providerName will be ignored, and the provider object returned by getProvider() will be used.

      Specified by:
      getProviderName in interface PBEConfig
      Returns:
      the name of the security provider to be used.

    • getProvider

      public Provider getProvider()
      Description copied from interface: PBEConfig

      Returns the java.security.Provider implementation object to be used by the encryptor for obtaining the encryption algorithm.

      If this method returns null, the encryptor will ignore this parameter when deciding the security provider object to be used.

      If this method does not return null, and neither does PBEConfig.getProviderName(), providerName will be ignored, and the provider object returned by getProvider() will be used.

      The provider returned by this method does not need to be registered beforehand, and its use will not result in its being registered.

      Specified by:
      getProvider in interface PBEConfig
      Returns:
      the security provider object to be asked for the digest algorithm.

    • getPoolSize

      public Integer getPoolSize()
      Description copied from interface: PBEConfig

      Get the size of the pool of encryptors to be created.

      This parameter will be ignored if used with a non-pooled encryptor.

      Specified by:
      getPoolSize in interface PBEConfig
      Returns:
      the size of the pool to be used if this configuration is used with a pooled encryptor

    • cleanPassword

      public void cleanPassword()
      Description copied from interface: PBECleanablePasswordConfig

      Clean the password stored in this configuration object.

      A common implementation of this cleaning operation consists of iterating the array of chars and setting each of its positions to (char)0.

      Specified by:
      cleanPassword in interface PBECleanablePasswordConfig