PasswordEncryptionService.java

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package org.pieShare.pieTools.pieUtilities.service.security.pbe;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.pieShare.pieTools.pieUtilities.model.EncryptedPassword;
import org.pieShare.pieTools.pieUtilities.model.PlainTextPassword;
import org.pieShare.pieTools.pieUtilities.service.pieLogger.PieLogger;
import org.pieShare.pieTools.pieUtilities.service.security.IProviderService;

/**
 *
 * @author Svetoslav
 */
public class PasswordEncryptionService implements IPasswordEncryptionService {

	//todo-sv: change this
	public byte[] salt = "changeThis".getBytes();
	public int iterations = 5000;

	private IProviderService providerService;

	public PasswordEncryptionService() {

	}

	public void setProviderService(IProviderService service) {
		this.providerService = service;
	}

	@Override
	public EncryptedPassword encryptPassword(PlainTextPassword plainTextPassword) {
		try {
			PBEKeySpec keySpec = new PBEKeySpec(Arrays.toString(plainTextPassword.password).toCharArray(), salt, iterations);
			//this does not ensure that there won't be any plain text copies of this array anywhere else in the memory
			//reason is that some JVMs may have copied the array without updating all copies until GC collects them
			Arrays.fill(Arrays.toString(plainTextPassword.password).toCharArray(), '\0');

			SecretKeyFactory keyFactory = providerService.getSecretKeyFactory();
			SecretKey key = keyFactory.generateSecret(keySpec);

			//todo-sv: check if returning secretKey or byte array is better
			//what is the difference
			EncryptedPassword encPwd = new EncryptedPassword();
			encPwd.setPassword(key.getEncoded());
			encPwd.setSecretKey(key);
			return encPwd;
		}
		catch (InvalidKeySpecException ex) {
			PieLogger.error(this.getClass(), "Encryption failed!", ex);
		}
		return null;
	}
}