Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.nifi.encrypt; import java.security.Security; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.util.NiFiProperties; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; import org.jasypt.exceptions.EncryptionInitializationException; import org.jasypt.exceptions.EncryptionOperationNotPossibleException; /** * <p> * An application specific string encryptor that collects configuration from the * application properties, system properties, and/or system environment. * </p> * * <p> * Instance of this class are thread-safe</p> * * <p> * The encryption provider and algorithm is configured using the application * properties: * <ul> * <li>nifi.sensitive.props.provider</li> * <li>nifi.sensitive.props.algorithm</li> * </ul> * </p> * * <p> * The encryptor's password may be set by configuring the below property: * <ul> * <li>nifi.sensitive.props.key</li> * </ul> * </p> * */ public final class StringEncryptor { static { Security.addProvider(new BouncyCastleProvider()); } public static final String NF_SENSITIVE_PROPS_KEY = "nifi.sensitive.props.key"; public static final String NF_SENSITIVE_PROPS_ALGORITHM = "nifi.sensitive.props.algorithm"; public static final String NF_SENSITIVE_PROPS_PROVIDER = "nifi.sensitive.props.provider"; private static final String DEFAULT_SENSITIVE_PROPS_KEY = "nififtw!"; private static final String TEST_PLAINTEXT = "this is a test"; private final StandardPBEStringEncryptor encryptor; private StringEncryptor(final String aglorithm, final String provider, final String key) { encryptor = new StandardPBEStringEncryptor(); encryptor.setAlgorithm(aglorithm); encryptor.setProviderName(provider); encryptor.setPassword(key); encryptor.setStringOutputType("hexadecimal"); encryptor.initialize(); } /** * Creates an instance of the nifi sensitive property encryptor. Validates * that the encryptor is actually working. * * @param niFiProperties properties * @return encryptor * @throws EncryptionException if any issues arise initializing or * validating the encryptor */ public static StringEncryptor createEncryptor(final NiFiProperties niFiProperties) throws EncryptionException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); final String sensitivePropAlgorithmVal = niFiProperties.getProperty(NF_SENSITIVE_PROPS_ALGORITHM); final String sensitivePropProviderVal = niFiProperties.getProperty(NF_SENSITIVE_PROPS_PROVIDER); final String sensitivePropValueNifiPropVar = niFiProperties.getProperty(NF_SENSITIVE_PROPS_KEY, DEFAULT_SENSITIVE_PROPS_KEY); if (StringUtils.isBlank(sensitivePropAlgorithmVal)) { throw new EncryptionException(NF_SENSITIVE_PROPS_ALGORITHM + "must bet set"); } if (StringUtils.isBlank(sensitivePropProviderVal)) { throw new EncryptionException(NF_SENSITIVE_PROPS_PROVIDER + "must bet set"); } if (StringUtils.isBlank(sensitivePropValueNifiPropVar)) { throw new EncryptionException(NF_SENSITIVE_PROPS_KEY + "must bet set"); } final StringEncryptor nifiEncryptor; try { nifiEncryptor = new StringEncryptor(sensitivePropAlgorithmVal, sensitivePropProviderVal, sensitivePropValueNifiPropVar); //test that we can infact encrypt and decrypt something if (!nifiEncryptor.decrypt(nifiEncryptor.encrypt(TEST_PLAINTEXT)).equals(TEST_PLAINTEXT)) { throw new EncryptionException( "NiFi property encryptor does appear to be working - decrypt/encrypt return invalid results"); } } catch (final EncryptionInitializationException | EncryptionOperationNotPossibleException ex) { throw new EncryptionException("Cannot initialize sensitive property encryptor", ex); } return nifiEncryptor; } /** * Encrypts the given clear text. * * @param clearText the message to encrypt * * @return the cipher text * * @throws EncryptionException if the encrypt fails */ public String encrypt(String clearText) throws EncryptionException { try { return encryptor.encrypt(clearText); } catch (final EncryptionOperationNotPossibleException | EncryptionInitializationException eonpe) { throw new EncryptionException(eonpe); } } /** * Decrypts the given cipher text. * * @param cipherText the message to decrypt * * @return the clear text * * @throws EncryptionException if the decrypt fails */ public String decrypt(String cipherText) throws EncryptionException { try { return encryptor.decrypt(cipherText); } catch (final EncryptionOperationNotPossibleException | EncryptionInitializationException eonpe) { throw new EncryptionException(eonpe); } } }