JBossEncryptionSecretCallbackHandler.java example

Explorer
wso2-synapse-master
- modules
/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */
package org.apache.synapse.securevault.secret.handler;

import org.apache.synapse.securevault.CipherFactory;
import org.apache.synapse.securevault.CipherOperationMode;
import org.apache.synapse.securevault.DecryptionProvider;
import org.apache.synapse.securevault.EncodingType;
import org.apache.synapse.securevault.definition.CipherInformation;
import org.apache.synapse.securevault.secret.AbstractSecretCallbackHandler;
import org.apache.synapse.securevault.secret.SecretManager;
import org.apache.synapse.securevault.secret.SingleSecretCallback;

import javax.crypto.spec.SecretKeySpec;
import java.security.Key;

/**
 * SecretCallbackHandler implementation which is compatible to the default encryption used
 * within the JBoss Application Server to decrypt database passwords.
 */
public class JBossEncryptionSecretCallbackHandler extends AbstractSecretCallbackHandler {

    private static final String ALGORITHM = "Blowfish";
    private static Key key = new SecretKeySpec("jaas is the way".getBytes(), ALGORITHM);
        private final SecretManager secretManager = SecretManager.getInstance();
    /**
     * Decrypts the encrypted secret provided by the specified callback handler.
     *
     * @param singleSecretCallback The singleSecretCallback which secret has to be decrypted
     */
    @Override
    protected void handleSingleSecretCallback(SingleSecretCallback singleSecretCallback) {

        if (!secretManager.isInitialized()) {
            if (log.isWarnEnabled()) {
                log.warn("SecretManager has not been initialized.Cannot collect secrets.");
            }
            return;
        }

        String id = singleSecretCallback.getId();
        if (id != null && !"".equals(id)) {
            singleSecretCallback.setSecret(decrypt(secretManager.getEncryptedData(id)));
        }        
    }

    /**
     * Decrypts the encrypted secret using the Blowfish algorithm and the same hard-coded
     * passphrase the JBoss application server uses to decrypt database passwords.
     *
     * @param encryptedSecret the encrypted secret
     * @return the decrypted secret.
     */
    private static String decrypt(String encryptedSecret) {
        CipherInformation cipherInformation = new CipherInformation();
        cipherInformation.setAlgorithm(ALGORITHM);
        cipherInformation.setCipherOperationMode(CipherOperationMode.DECRYPT);
        cipherInformation.setInType(EncodingType.BIGINTEGER16); //TODO
        DecryptionProvider decryptionProvider = CipherFactory.createCipher(cipherInformation, key);
        return new String(decryptionProvider.decrypt(encryptedSecret.getBytes()));
    }
}