com.gemstone.gemfire.internal.util.PasswordUtil Maven / Gradle / Ivy
Show all versions of gemfire-core Show documentation
/*
* Copyright (c) 2010-2015 Pivotal Software, Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you
* may not use this file except in compliance with the License. You
* may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License. See accompanying
* LICENSE file.
*/
package com.gemstone.gemfire.internal.util;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.shared.ClientSharedUtils;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
/**
* Generates an encrypted password, used by the gemfire encrypt-password
* command. Makes use of Blowfish algorithm to encrypt/decrypt password string
*
*
* This shows a sample command invocation and output (assuming password is the
* actual password for the datasource):
*
* bash-2.05$ $GEMFIRE/bin/gemfire encrypt-password password
* Using system directory "/home/users/jpearson/gemfire/defaultSystem".
* Encrypted to 83f0069202c571faf1ae6c42b4ad46030e4e31c17409e19a
*
* Copy the output from the gemfire command to the cache.xml file as the value
* of the password attribute of the jndi-binding tag embedded in encrypted(),
* just like a method parameter.
* Enter it as encrypted, in this format:
* password="encrypted(83f0069202c571faf1ae6c42b4ad46030e4e31c17409e19a)"
* To use a non-encrypted password, put the actual password as the value of the
* password attribute of the jndi-binding tag, like this: password="password"
*
*
* @author Yogesh Mahajan
*/
public class PasswordUtil {
private static byte[] init = "string".getBytes();
/**
* Encrypts a password string
*
* @param password
* String to be encrypted.
* @return String encrypted String
*/
public static String encrypt(String password) {
return encrypt(password, true);
}
/**
*
* @param password String to be encrypted
* @param echo if true prints result to system.out
* @return String encrypted String
*/
public static String encrypt(String password, boolean echo) {
String encryptedString = null;
try {
SecretKeySpec key = new SecretKeySpec(init, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encrypted = cipher.doFinal(password.getBytes());
encryptedString = byteArrayToHexString(encrypted);
if (echo) {
System.out.println(LocalizedStrings.PasswordUtil_ENCRYPTED_TO_0
.toLocalizedString(encryptedString));
}
}
catch (Exception e) {
e.printStackTrace();
}
return encryptedString;
}
/**
* Decrypts an encrypted password string.
*
* @param password
* String to be decrypted
* @return String decrypted String
*/
public static String decrypt(String password) {
if (password.startsWith("encrypted(") && password.endsWith(")")) {
byte[] decrypted = null;
try {
String toDecrypt = password.substring(10, password.length() - 1);
SecretKeySpec key = new SecretKeySpec(init, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.DECRYPT_MODE, key);
decrypted = cipher.doFinal(hexStringToByteArray(toDecrypt));
return new String(decrypted);
}
catch (Exception e) {
e.printStackTrace();
}
}
return password;
}
private static String byteArrayToHexString(byte[] b) {
return ClientSharedUtils.toHexStringUpperCase(b, 0, b.length);
}
private static byte[] hexStringToByteArray(String s) {
return ClientSharedUtils.fromHexString(s, 0, s.length());
}
}