com.ulisesbocchio.jasyptspringboot.properties.JasyptEncryptorConfigurationProperties Maven / Gradle / Ivy
package com.ulisesbocchio.jasyptspringboot.properties;
import com.ulisesbocchio.jasyptspringboot.EncryptablePropertyFilter;
import com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricConfig;
import com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMConfig;
import com.ulisesbocchio.jasyptspringboot.util.AsymmetricCryptography.KeyFormat;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import org.springframework.boot.context.properties.bind.BindHandler;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.boot.context.properties.bind.PropertySourcesPlaceholdersResolver;
import org.springframework.boot.context.properties.bind.handler.IgnoreErrorsBindHandler;
import org.springframework.boot.context.properties.source.ConfigurationPropertySources;
import org.springframework.boot.convert.ApplicationConversionService;
import org.springframework.core.ResolvableType;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.List;
import static java.util.Collections.emptyList;
import static java.util.Collections.singletonList;
/**
* Partially used to load {@link EncryptablePropertyFilter} config.
*
* @author Ulises Bocchio
*/
@SuppressWarnings("ConfigurationProperties")
@ConfigurationProperties(prefix = "jasypt.encryptor", ignoreUnknownFields = true)
@Data
public class JasyptEncryptorConfigurationProperties {
public static JasyptEncryptorConfigurationProperties bindConfigProps(ConfigurableEnvironment environment) {
final BindHandler handler = new IgnoreErrorsBindHandler(BindHandler.DEFAULT);
final MutablePropertySources propertySources = environment.getPropertySources();
final Binder binder = new Binder(ConfigurationPropertySources.from(propertySources),
new PropertySourcesPlaceholdersResolver(propertySources),
ApplicationConversionService.getSharedInstance());
final JasyptEncryptorConfigurationProperties config = new JasyptEncryptorConfigurationProperties();
final ResolvableType type = ResolvableType.forClass(JasyptEncryptorConfigurationProperties.class);
final Annotation annotation = AnnotationUtils.findAnnotation(JasyptEncryptorConfigurationProperties.class,
ConfigurationProperties.class);
final Annotation[] annotations = new Annotation[]{annotation};
final Bindable target = Bindable.of(type).withExistingValue(config).withAnnotations(annotations);
binder.bind("jasypt.encryptor", target, handler);
return config;
}
/**
* Whether to use JDK/Cglib (depending on classpath availability) proxy with an AOP advice as a decorator for
* existing {@link org.springframework.core.env.PropertySource} or just simply use targeted wrapper Classes. Default
* Value is {@code false}.
*/
private Boolean proxyPropertySources = false;
/**
* Define a list of {@link org.springframework.core.env.PropertySource} to skip from wrapping/proxying. Properties held
* in classes on this list will not be eligible for decryption. Default Value is {@code empty list}.
*/
private List skipPropertySources = Collections.emptyList();
/**
* Specify the name of bean to override jasypt-spring-boot's default properties based
* {@link org.jasypt.encryption.StringEncryptor}. Default Value is {@code jasyptStringEncryptor}.
*/
private String bean = "jasyptStringEncryptor";
/**
* Master Password used for Encryption/Decryption of properties.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getPassword()
* @see SimpleGCMConfig#getSecretKeyPassword()
*/
private String password;
/**
* Encryption/Decryption Algorithm to be used by Jasypt. For more info on how to get available algorithms visit:
* Jasypt CLI Tools Page. Default Value is {@code "PBEWITHHMACSHA512ANDAES_256"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getAlgorithm()
* @see SimpleGCMConfig#getAlgorithm()
*/
private String algorithm = "PBEWITHHMACSHA512ANDAES_256";
/**
* Number of hashing iterations to obtain the signing key. Default Value is {@code "1000"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getKeyObtentionIterations()
* @see SimpleGCMConfig#getSecretKeyIterations()
*/
private String keyObtentionIterations = "1000";
/**
* The size of the pool of encryptors to be created. Default Value is {@code "1"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getPoolSize()
*/
private String poolSize = "1";
/**
* The name of the {@link java.security.Provider} implementation to be used by the encryptor for obtaining the
* encryption algorithm. Default Value is {@code null}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getProviderName()
*/
private String providerName = null;
/**
* The class name of the {@link java.security.Provider} implementation to be used by the encryptor for obtaining the
* encryption algorithm. Default Value is {@code null}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.SimpleStringPBEConfig#setProviderClassName(String)
*/
private String providerClassName = null;
/**
* A {@link org.jasypt.salt.SaltGenerator} implementation to be used by the encryptor. Default Value is
* {@code "org.jasypt.salt.RandomSaltGenerator"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getSaltGenerator()
*/
private String saltGeneratorClassname = "org.jasypt.salt.RandomSaltGenerator";
/**
* A {@link org.jasypt.iv.IvGenerator} implementation to be used by the encryptor. Default Value is
* {@code "org.jasypt.iv.RandomIvGenerator"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getIvGenerator()
*/
private String ivGeneratorClassname = "org.jasypt.iv.RandomIvGenerator";
/**
* Specify the form in which String output will be encoded. {@code "base64"} or {@code "hexadecimal"}. Default Value
* is {@code "base64"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getStringOutputType()
*/
private String stringOutputType = "base64";
/**
* Specify a PEM/DER base64 encoded string. PEM encoded keys can simply omit the "BEGIN/END PRIVATE KEY" header/footer
* and just specify the base64 encoded key. This property takes precedence over {@link #setPrivateKeyLocation(String)}
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPrivateKey()
*/
private String privateKeyString = null;
/**
* Specify a PEM/DER private key location, in Spring's resource nomenclature (i.e. classpath:resource/path or file://path/to/file)
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPrivateKeyLocation()
*/
private String privateKeyLocation = null;
/**
* Specify the private key format to use: DER (default) or PEM
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPrivateKeyFormat()
*/
private KeyFormat privateKeyFormat = KeyFormat.DER;
/**
* Specify a PEM/DER base64 encoded string. PEM encoded keys can simply omit the "BEGIN/END PUBLIC KEY" header/footer
* and just specify the base64 encoded key. This property takes precedence over {@link #setPrivateKeyLocation(String)}
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPublicKey()
*/
private String publicKeyString = null;
/**
* Specify a PEM/DER public key location, in Spring's resource nomenclature (i.e. classpath:resource/path or file://path/to/file)
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPublicKeyLocation()
*/
private String publicKeyLocation = null;
/**
* Specify the public key format to use: DER (default) or PEM
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleAsymmetricStringEncryptor
* @see SimpleAsymmetricConfig#getPublicKeyFormat()
*/
private KeyFormat publicKeyFormat = KeyFormat.DER;
/**
* Specify a secret key String in base64 for the GCM Algorithm
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see SimpleGCMConfig#getSecretKey()
*/
private String gcmSecretKeyString = null;
/**
* Specify a secret key resource location in base64 for the GCM Algorithm
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see SimpleGCMConfig#getSecretKeyLocation()
*/
private String gcmSecretKeyLocation = null;
/**
* Specify a password for the GCM Algorithm
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see SimpleGCMConfig#getSecretKeyPassword()
*/
private String gcmSecretKeyPassword = null;
/**
* Specify a salt base64 String when using GCM encryption when used with master password
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see SimpleGCMConfig#getSecretKeySalt()
*/
private String gcmSecretKeySalt = null;
/**
* Specify the class names of extra {@link org.springframework.context.ApplicationEvent} events that should trigger a property cache refresh.
* @see com.ulisesbocchio.jasyptspringboot.caching.RefreshScopeRefreshedEventListener
*/
private List refreshedEventClasses = emptyList();
/**
* Specify an algorithm for the secret key when used with master password
*
* @see com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMStringEncryptor
* @see SimpleGCMConfig#getSecretKeyAlgorithm() ()
*/
private String gcmSecretKeyAlgorithm = "PBKDF2WithHmacSHA256";
@NestedConfigurationProperty
private PropertyConfigurationProperties property = new PropertyConfigurationProperties();
public int getKeyObtentionIterationsInt() {
return Integer.parseInt(keyObtentionIterations);
}
@Data
public static class PropertyConfigurationProperties {
/**
* Specify the name of the bean to be provided for a custom
* {@link com.ulisesbocchio.jasyptspringboot.EncryptablePropertyDetector}. Default value is
* {@code "encryptablePropertyDetector"}
*/
private String detectorBean = "encryptablePropertyDetector";
/**
* Specify the name of the bean to be provided for a custom
* {@link com.ulisesbocchio.jasyptspringboot.EncryptablePropertyResolver}. Default value is
* {@code "encryptablePropertyResolver"}
*/
private String resolverBean = "encryptablePropertyResolver";
/**
* Specify the name of the bean to be provided for a custom {@link EncryptablePropertyFilter}. Default value is
* {@code "encryptablePropertyFilter"}
*/
private String filterBean = "encryptablePropertyFilter";
/**
* Specify a custom {@link String} to identify as prefix of encrypted properties. Default value is
* {@code "ENC("}
*/
private String prefix = "ENC(";
/**
* Specify a custom {@link String} to identify as suffix of encrypted properties. Default value is {@code ")"}
*/
private String suffix = ")";
@NestedConfigurationProperty
private FilterConfigurationProperties filter = new FilterConfigurationProperties();
@Data
public static class FilterConfigurationProperties {
/**
* Specify the property sources name patterns to be included for decryption
* by{@link EncryptablePropertyFilter}. Default value is {@code null}
*/
private List includeSources = null;
/**
* Specify the property sources name patterns to be EXCLUDED for decryption
* by{@link EncryptablePropertyFilter}. Default value is {@code null}
*/
private List excludeSources = null;
/**
* Specify the property name patterns to be included for decryption by{@link EncryptablePropertyFilter}.
* Default value is {@code null}
*/
private List includeNames = null;
/**
* Specify the property name patterns to be EXCLUDED for decryption by{@link EncryptablePropertyFilter}.
* Default value is {@code jasypt\\.encryptor\\.*}
*/
private List excludeNames = singletonList("^jasypt\\.encryptor\\.*");
}
}
}