@Override public String getPlaintext(ProtectedStringType protectedStringType) throws EncryptionException { if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
/** * Creates the protector without actually initializing it. */ public Protector buildOnly() { return protectorCreator.createProtector(this); } }
public Protector initialize() { return protectorCreator.createInitializedProtector(this); }
public String decrypt(ProtectedStringType protectedString) { try { return protector.decryptString(protectedString); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
public static Protector createInitializedProtector(PrismContext prismContext) { return KeyStoreBasedProtectorBuilder.create(prismContext) .keyStorePath(MidPointTestConstants.KEYSTORE_PATH) .keyStorePassword(MidPointTestConstants.KEYSTORE_PASSWORD) .initialize(); }
private static void encryptProtectedStringType(Protector protector, ProtectedStringType ps, String propName) throws EncryptionException { if (ps == null) { return; } if (ps.isHashed()) { return; } if (ps.getClearValue() != null) { try { protector.encrypt(ps); } catch (EncryptionException e) { throw new EncryptionException("Failed to encrypt value for field " + propName + ": " + e.getMessage(), e); } } }
public ProtectedStringType encrypt(String string) { try { return protector.encryptString(string); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
private boolean passwordEquals(ProtectedStringType newPasswordPs, ProtectedStringType currentPassword) throws SchemaException { if (currentPassword == null) { return newPasswordPs == null; } try { return protector.compare(newPasswordPs, currentPassword); } catch (EncryptionException e) { throw new SystemException("Failed to compare " + shortDesc + ": " + e.getMessage(), e); } } }
public KeyStoreBasedProtectorImpl(KeyStoreBasedProtectorBuilder builder) { setKeyStorePath(builder.getKeyStorePath()); setKeyStorePassword(builder.getKeyStorePassword()); if (builder.getEncryptionKeyAlias() != null) { setEncryptionKeyAlias(builder.getEncryptionKeyAlias()); } else { // using the pre-initialized default one } setRequestedJceProviderName(builder.getRequestedJceProviderName()); setEncryptionAlgorithm(builder.getEncryptionAlgorithm()); digestAlgorithm = builder.getDigestAlgorithm(); trustManagers = builder.getTrustManagers(); }
public Object createProtectedString(String string) throws EncryptionException { return protector.encryptString(string); }
@Override public String decryptString(ProtectedData<String> protectedString) throws EncryptionException { try { if (!protectedString.isEncrypted()) { return protectedString.getClearValue(); } else { byte[] clearBytes = decryptBytes(protectedString); return ProtectedStringType.bytesToString(clearBytes); } } catch (SchemaException ex){ throw new EncryptionException(ex); } }
@Override public <T> void decrypt(ProtectedData<T> protectedData) throws EncryptionException, SchemaException { if (!protectedData.isEncrypted()) { return; //TODO: is this exception really needed?? isn't it better just return the same protected data?? // throw new IllegalArgumentException("Attempt to decrypt protected data that are not encrypted"); } else { byte[] decryptedData = decryptBytes(protectedData); protectedData.setClearBytes(decryptedData); protectedData.setEncryptedData(null); } }
private SecretKey getSecretKeyByDigest(String digest) throws EncryptionException { if (digest == null || digest.isEmpty()) { throw new EncryptionException("Key digest must be specified and cannot be blank."); } if (digestToSecretKeyHashMap.containsKey(digest)) { return digestToSecretKeyHashMap.get(digest); } throw new EncryptionException("No key mapped to key digest " + digest + " could be found in the keystore. Keys digests must be recomputed during initialization"); }
private char[] getClearChars(ProtectedData<String> protectedData) throws EncryptionException { if (protectedData.isEncrypted()) { return decryptString(protectedData).toCharArray(); } else { return protectedData.getClearValue().toCharArray(); } }
public static KeyStoreBasedProtectorBuilder create(@NotNull ProtectorCreator protectorCreator) { return new KeyStoreBasedProtectorBuilder(protectorCreator); }
private String getClearValue(ProtectedStringType protectedString) { if (protectedString == null) { return null; } String passwordStr = protectedString.getClearValue(); if (passwordStr == null && protectedString.isEncrypted()) { try { passwordStr = protector.decryptString(protectedString); } catch (EncryptionException e) { throw new SystemException("Failed to decrypt " + shortDesc + ": " + e.getMessage(), e); } } return passwordStr; }
private Protector createCompromisedProtector() { return KeyStoreBasedProtectorBuilder.create(getPrismContext()) .keyStorePassword(KEYSTORE_PASSWORD) .keyStorePath(KEYSTORE_PATH) .encryptionKeyAlias("compromised") .encryptionAlgorithm(XMLCipher.AES_256) .initialize(); }
private String getClearValue(ProtectedStringType protectedString) throws SchemaException, PolicyViolationException { try { if (protectedString.isEncrypted()) { return protector.decryptString(protectedString); } else if (protectedString.getClearValue() != null) { return protector.decryptString(protectedString); } else if (protectedString.isHashed()) { throw new SchemaException("Cannot validate value of hashed password"); } } catch (EncryptionException e) { throw new PolicyViolationException(e.getMessage(), e); } return null; }
public static Protector createProtector(String xmlCipher){ return KeyStoreBasedProtectorBuilder.create(getPrismContext()) .keyStorePassword(KEYSTORE_PASSWORD) .keyStorePath(KEYSTORE_PATH) .encryptionAlgorithm(xmlCipher) .initialize(); } }
private Protector createProtector() { return KeyStoreBasedProtectorBuilder.create(getPrismContext()) .keyStorePassword(KEYSTORE_PASSWORD) .keyStorePath(KEYSTORE_PATH) .encryptionAlgorithm(XMLCipher.AES_256) .initialize(); }