StringEncryptor.java

package com.github.rojanu.config.encryption;

import com.google.common.io.Files;

import org.apache.commons.lang3.StringUtils;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.exceptions.EncryptionInitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;

public enum StringEncryptor {
    INSTANCE();

    private final Logger logger = LoggerFactory.getLogger(StringEncryptor.class);

    public static final String DEFAULT_PASSWORD_ENVIRONMENT_VARIABLE = "CONFIG_ENC_PASSWORD";
    public static final String DEFAULT_PASSWORD_ENVIRONMENT_FILE = ".config-enc-pass";
    public static final String ENC_PREFIX = "ENC(";
    public static final String DEFAULT_ALGORITHM = "PBEWITHSHA256AND256BITAES-CBC-BC";
    public static final String DEFAULT_CONFIG_PASSWORD = "password";

    private final String configPasswordVariable = System.getProperty("password-environment-variable", DEFAULT_PASSWORD_ENVIRONMENT_VARIABLE);
    private final String configPasswordFile = System.getProperty("password-file", DEFAULT_PASSWORD_ENVIRONMENT_FILE);

    private StandardPBEStringEncryptor stringEncryptor;

    private StringEncryptor() {
        stringEncryptor = new StandardPBEStringEncryptor();
        try {
            stringEncryptor.setAlgorithm(DEFAULT_ALGORITHM);
            stringEncryptor.setPassword(getPassword());
        } catch (Exception ex) {
            logger.error("error initializing jasypt encryptor!", ex);
        }
    }

    private String getPassword() {
        String configPassword;
        try {
            configPassword= Files.toString(new File(configPasswordFile), Charset.forName("US-ASCII"));
            logger.info("Configuration password load from file: " + configPasswordFile);
        } catch (IOException ex) {
            configPassword = System.getenv(configPasswordVariable);
            if(StringUtils.isNotEmpty(configPassword)){
                logger.info("Configuration password load from environment variable: "+ configPasswordVariable);
            }else{
                configPassword = DEFAULT_CONFIG_PASSWORD;
                logger.warn("Configuration password couldn't be found");
            }
        }
        return configPassword;
    }

    public String decrypt(final String str) {
        if (StringUtils.startsWith(str, ENC_PREFIX)) {
            String encryptedText = StringUtils.substring(str, 4, StringUtils.length(str) - 1);
            if (stringEncryptor != null) {
                try {
                    return stringEncryptor.decrypt(encryptedText);
                } catch (EncryptionInitializationException ex) {
                    logger.error("error in decrypting", ex);
                    System.err.println("error in decrypting ... " + ex.getMessage());
                    System.exit(-1);
                } catch (Exception ex) {
                    logger.error("error in decrypting", ex);
                    System.err.println("error in decrypting ... " + ex.getMessage());
                    System.exit(-1);
                }
            } else {
                logger.error("stringEncryptor is null -> can't decrypt");
                return encryptedText;
            }
        }
        return str;
    }

    public String encrypt(final String str){
        if (stringEncryptor != null) {
            return stringEncryptor.encrypt(str);
        }
        return str;
    }
}