View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.crypto;
21  
22  import java.io.IOException;
23  
24  import javax.security.auth.callback.Callback;
25  import javax.security.auth.callback.CallbackHandler;
26  import javax.security.auth.callback.UnsupportedCallbackException;
27  
28  import org.apache.wss4j.common.ext.WSPasswordCallback;
29  import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
30  
31  
32  /**
33   * An implementation of PasswordEncryptor that relies on Jasypt's StandardPBEStringEncryptor to
34   * encrypt and decrypt passwords. The default algorithm that is used is "PBEWithMD5AndTripleDES".
35   */
36  public class JasyptPasswordEncryptor implements PasswordEncryptor {
37  
38      public static final String DEFAULT_ALGORITHM = "PBEWithMD5AndTripleDES";
39  
40      private static final org.slf4j.Logger LOG =
41          org.slf4j.LoggerFactory.getLogger(JasyptPasswordEncryptor.class);
42  
43      private final StandardPBEStringEncryptor passwordEncryptor;
44      private CallbackHandler callbackHandler;
45  
46      public JasyptPasswordEncryptor(String password) {
47          this(password, DEFAULT_ALGORITHM);
48      }
49  
50      public JasyptPasswordEncryptor(String password, String algorithm) {
51          passwordEncryptor = new StandardPBEStringEncryptor();
52          passwordEncryptor.setPassword(password);
53          passwordEncryptor.setAlgorithm(algorithm);
54      }
55  
56      public JasyptPasswordEncryptor(CallbackHandler callbackHandler) {
57          this(callbackHandler, DEFAULT_ALGORITHM);
58      }
59  
60      public JasyptPasswordEncryptor(CallbackHandler callbackHandler, String algorithm) {
61          passwordEncryptor = new StandardPBEStringEncryptor();
62          passwordEncryptor.setAlgorithm(algorithm);
63          this.callbackHandler = callbackHandler;
64      }
65  
66      /**
67       * Encrypt the given password
68       * @param password the password to be encrypted
69       * @return the encrypted password
70       */
71      public String encrypt(String password) {
72          if (callbackHandler != null) {
73              WSPasswordCallback pwCb =
74                  new WSPasswordCallback("", WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD);
75              try {
76                  callbackHandler.handle(new Callback[]{pwCb});
77              } catch (IOException | UnsupportedCallbackException e) {
78                  LOG.debug("Error in getting password: ", e);
79              }
80              if (pwCb.getPassword() != null) {
81                  passwordEncryptor.setPassword(pwCb.getPassword());
82              }
83          }
84          return passwordEncryptor.encrypt(password);
85      }
86  
87      /**
88       * Decrypt the given encrypted password
89       * @param encryptedPassword the encrypted password to decrypt
90       * @return the decrypted password
91       */
92      public String decrypt(String encryptedPassword) {
93          if (callbackHandler != null) {
94              WSPasswordCallback pwCb =
95                  new WSPasswordCallback("", WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD);
96              try {
97                  callbackHandler.handle(new Callback[]{pwCb});
98              } catch (IOException | UnsupportedCallbackException e) {
99                  LOG.debug("Error in getting password: ", e);
100             }
101             if (pwCb.getPassword() != null) {
102                 passwordEncryptor.setPassword(pwCb.getPassword());
103             }
104         }
105         return passwordEncryptor.decrypt(encryptedPassword);
106     }
107 
108 }