All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jasypt.digest.config.DigesterConfig Maven / Gradle / Ivy

The newest version!
/*
 * =============================================================================
 * 
 *   Copyright (c) 2007-2010, The JASYPT team (http://www.jasypt.org)
 * 
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 * 
 *       http://www.apache.org/licenses/LICENSE-2.0
 * 
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 * 
 * =============================================================================
 */
package org.jasypt.digest.config;

import java.security.Provider;

import org.jasypt.salt.SaltGenerator;

/**
 * 

* Common interface for config classes applicable to * {@link org.jasypt.digest.StandardByteDigester}, * {@link org.jasypt.digest.StandardStringDigester}, * {@link org.jasypt.digest.PooledByteDigester} or * {@link org.jasypt.digest.PooledStringDigester} * objects. *

*

* This interface lets the user create new DigesterConfig * classes which retrieve values for this parameters from different * (and maybe more secure) sources (remote servers, LDAP, other databases...), * and do this transparently for the digester object. *

*

* The config objects passed to a digester will only be queried once * for each configuration parameter, and this will happen * during the initialization of the digester object. *

*

* For a default implementation, see {@link SimpleDigesterConfig}. *

* * @since 1.0 * * @author Daniel Fernández * */ public interface DigesterConfig { /** *

* Returns the name of an algorithm to be used for hashing, like "MD5" or * "SHA-1". *

*

* This algorithm has to be supported by your Java Virtual Machine, and * it should be allowed as an algorithm for creating * java.security.MessageDigest instances. *

*

* If this method returns null, the digester will ignore the config object * when deciding the algorithm to be used. *

* * @return the name of the algorithm to be used, or null if this object * will not want to set an algorithm. See Appendix A * in the Java * Cryptography Architecture API Specification & * Reference * for information about standard algorithm names. */ public String getAlgorithm(); /** *

* Returns the size of the salt to be used to compute the digest. * This mechanism is explained in * PKCS #5: Password-Based Cryptography Standard. *

*

* If salt size is set to zero, then no salt will be used. *

*

* If this method returns null, the digester will ignore the config object * when deciding the size of the salt to be used. *

* * @return the size of the salt to be used, in bytes, or null if * this object will not want to set a size for salt. */ public Integer getSaltSizeBytes(); /** *

* Returns the number of times the hash function will be applied recursively. *
* The hash function will be applied to its own results as many times as * specified: h(h(...h(x)...)) *

*

* This mechanism is explained in * PKCS #5: Password-Based Cryptography Standard. *

*

* If this method returns null, the digester will ignore the config object * when deciding the number of hashing iterations. *

* * @return the number of iterations, or null if this object will not want * to set the number of iterations. */ public Integer getIterations(); /** *

* Returns a {@link SaltGenerator} implementation to be used by the digester. *

*

* If this method returns null, the digester will ignore the config object * when deciding the salt generator to be used. *

* * @since 1.2 * * @return the salt generator, or null if this object will not want to set * a specific SaltGenerator implementation. */ public SaltGenerator getSaltGenerator(); /** *

* Returns the name of the java.security.Provider implementation * to be used by the digester for obtaining the digest algorithm. This * provider must have been registered beforehand. *

*

* If this method returns null, the digester will ignore this parameter * when deciding the name of the security provider to be used. *

*

* If this method does not return null, and neither does {@link #getProvider()}, * providerName will be ignored, and the provider object returned * by getProvider() will be used. *

* * @since 1.3 * * @return the name of the security provider to be used. */ public String getProviderName(); /** *

* Returns the java.security.Provider implementation object * to be used by the digester for obtaining the digest algorithm. *

*

* If this method returns null, the digester will ignore this parameter * when deciding the security provider object to be used. *

*

* If this method does not return null, and neither does {@link #getProviderName()}, * providerName will be ignored, and the provider object returned * by getProvider() will be used. *

*

* The provider returned by this method does not need to be * registered beforehand, and its use will not result in its * being registered. *

* * @since 1.3 * * @return the security provider object to be asked for the digest * algorithm. */ public Provider getProvider(); /** *

* Returns Boolean.TRUE if the salt bytes are to be appended after the * message ones before performing the digest operation on the whole. The * default behaviour is to insert those bytes before the message bytes, but * setting this configuration item to true allows compatibility * with some external systems and specifications (e.g. LDAP {SSHA}). *

* * @since 1.7 * * @return whether salt will be appended after the message before applying * the digest operation on the whole, instead of inserted before it * (which is the default). If null is returned, the default * behaviour will be applied. */ public Boolean getInvertPositionOfSaltInMessageBeforeDigesting(); /** *

* Returns Boolean.TRUE if the plain (not hashed) salt bytes are to * be appended after the digest operation result bytes. The default behaviour is * to insert them before the digest result, but setting this configuration * item to true allows compatibility with some external systems * and specifications (e.g. LDAP {SSHA}). *

* * @since 1.7 * * @return whether plain salt will be appended after the digest operation * result instead of inserted before it (which is the * default). If null is returned, the default behaviour will be * applied. */ public Boolean getInvertPositionOfPlainSaltInEncryptionResults(); /** *

* Returns Boolean.TRUE if digest matching operations will allow matching * digests with a salt size different to the one configured in the "saltSizeBytes" * property. This is possible because digest algorithms will produce a fixed-size * result, so the remaining bytes from the hashed input will be considered salt. *

*

* This will allow the digester to match digests produced in environments which do not * establish a fixed salt size as standard (for example, SSHA password encryption * in LDAP systems). *

*

* The value of this property will not affect the creation of digests, * which will always have a salt of the size established by the "saltSizeBytes" * property. It will only affect digest matching. *

*

* Setting this property to true is not compatible with {@link SaltGenerator} * implementations which return false for their * {@link SaltGenerator#includePlainSaltInEncryptionResults()} property. *

*

* Also, be aware that some algorithms or algorithm providers might not support * knowing the size of the digests beforehand, which is also incompatible with * a lenient behaviour. *

*

* Default is FALSE. *

* * @since 1.7 * * @return whether the digester will allow matching of digests with different * salt sizes than established or not (default is false). */ public Boolean getUseLenientSaltSizeCheck(); /** *

* Get the size of the pool of digesters to be created. *

*

* This parameter will be ignored if used with a non-pooled digester. *

* * @since 1.7 * * @return the size of the pool to be used if this configuration is used with a * pooled digester */ public Integer getPoolSize(); }