org.apache.geronimo.crypto
Class EncryptionManager

java.lang.Object
  org.apache.geronimo.crypto.EncryptionManager

public class EncryptionManager
extends Object

A static class that uses registered Encryption instances to encypt and decrypt objects, typically strings. The encrypted strings are preceded by the name of the Encryption object, such as {Simple}, followed by the base64 encoded encrypted bytes. Any number of Encryption instances can be registered but only the first to be explicitly registered will be used. However, when decrypting the Encryption instance is looked up from the name prefix so may be any registered Encryption instance. Furthermore, encrypt and decrypt are idempotent. Calling encrypt on a string encrypted with a registered Encryption that is not the one in use will decrypt the string and re-encrypt it with the one in use. This can be useful when changing Encryption. The default Encryption instance (that does not need to be registered) is SimpleEncryption which uses a fixed key hardcoded into the Encryption class itself. Thus it is useful only to hide information from those who don't read code. On the other hand you can't lose the key and make your server permanently unusable. n.b. calling these methods idempotent is a slight exageration as this would apply only if all arguments and return values are Strings.

Constructor Summary

EncryptionManager()

Method Summary

static Serializable	decrypt(String source) Idempotent method that given a String starting with a registered Encryption name will remove the name prefix and return the result of applying the Encryption to the suffix.
static String	encrypt(Serializable source) Idempotent method that outputs string starting with the active registered encryption prefix followed by the output of the registered Encryption instance.
static void	setEncryptionPrefix(String prefix, Encryption encryption) Encryption instances should call this to register themselves.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptionManager

public EncryptionManager()

Method Detail

setEncryptionPrefix

public static void setEncryptionPrefix(String prefix,
                                       Encryption encryption)

Encryption instances should call this to register themselves.

Parameters:

prefix - id in form {name} for the Encryption instance

encryption - Encryption instance to do the work.

encrypt

public static String encrypt(Serializable source)

Idempotent method that outputs string starting with the active registered encryption prefix followed by the output of the registered Encryption instance. If called with a string encrypted by another registered Encryption it will re-encrypt with the active Encryption instance.

Parameters:

source - Serializable object to encrypt, usually a password string or an already encrypted string.

Returns:

the name of the registered Encryption followed by its output.

decrypt

public static Serializable decrypt(String source)

Idempotent method that given a String starting with a registered Encryption name will remove the name prefix and return the result of applying the Encryption to the suffix. If no registered Encryption name matches the start of the string the input will be returned.

Parameters:

source - String that is possibly the output of calling encrypt, consisting of a Encryption name followed by its encrypt output.

Returns:

the result of applying the Encryption.decrypt method to the input suffix after identifying the Encryption from the prefix, or the input if no Encryption name matches.