View Javadoc 

1   /*
2    * Copyright 2013 smartics, Kronseder & Reiner GmbH
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package de.smartics.properties.security.esapi;
17  
18  import org.apache.commons.codec.binary.Base64;
19  import org.owasp.esapi.Encryptor;
20  import org.owasp.esapi.crypto.CipherText;
21  import org.owasp.esapi.crypto.PlainText;
22  import org.owasp.esapi.errors.EncryptionException;
23  
24  import de.smartics.properties.api.core.domain.PropertyCode;
25  import de.smartics.properties.api.core.domain.PropertyDescriptor;
26  import de.smartics.properties.api.core.domain.PropertyDescriptorMessageBean;
27  import de.smartics.properties.api.core.security.SecurityException;
28  import de.smartics.properties.api.core.security.PropertyValueSecurity;
29  
30  /**
31   * Base implementation based on OWASP ESAPI.
32   */
33  public abstract class AbstractEsapiPropertyValueSecurity implements
34      PropertyValueSecurity
35  {
36    // ********************************* Fields *********************************
37  
38    // --- constants ------------------------------------------------------------
39  
40    /**
41     * The class version identifier.
42     */
43    private static final long serialVersionUID = 1L;
44  
45    // --- members --------------------------------------------------------------
46  
47    // ****************************** Initializer *******************************
48  
49    // ****************************** Constructors ******************************
50  
51    /**
52     * Default constructor.
53     */
54    public AbstractEsapiPropertyValueSecurity()
55    {
56    }
57  
58    // ****************************** Inner Classes *****************************
59  
60    // ********************************* Methods ********************************
61  
62    // --- init -----------------------------------------------------------------
63  
64    // --- get&set --------------------------------------------------------------
65  
66    // --- business -------------------------------------------------------------
67  
68    @Override
69    public String decrypt(final PropertyDescriptor descriptor,
70        final String encryptedValue) throws SecurityException
71    {
72      try
73      {
74        final Encryptor encryptor = provideEncryptor();
75        final byte[] bytes = Base64.decodeBase64(encryptedValue);
76        final CipherText cipherText =
77            CipherText.fromPortableSerializedBytes(bytes);
78        final PlainText plainText = encryptor.decrypt(cipherText);
79        final String plainValue = plainText.toString();
80        return plainValue;
81      }
82      catch (final EncryptionException e)
83      {
84        throw new SecurityException(new PropertyDescriptorMessageBean(
85            PropertyCode.SECURITY, e, descriptor));
86      }
87    }
88  
89    /**
90     * Provides the encryptor to use for encryption.
91     *
92     * @return the encryptor to use for encryption.
93     * @throws EncryptionException on any encryption problem.
94     */
95    protected abstract Encryptor provideEncryptor() throws EncryptionException;
96  
97    @Override
98    public String encrypt(final PropertyDescriptor descriptor,
99        final String plainValue) throws SecurityException
100   {
101     try
102     {
103       final Encryptor encryptor = provideEncryptor();
104       final PlainText plainText = new PlainText(plainValue);
105       final CipherText cipherText = encryptor.encrypt(plainText);
106       final byte[] bytes = cipherText.asPortableSerializedByteArray();
107       final String encryptedValue = Base64.encodeBase64String(bytes);
108       return encryptedValue;
109     }
110     catch (final EncryptionException e)
111     {
112       throw new SecurityException(new PropertyDescriptorMessageBean(
113           PropertyCode.SECURITY, e, descriptor));
114     }
115   }
116 
117   // --- object basics --------------------------------------------------------
118 
119 }