Examples with CasConfigurationJasyptCipherExecutor org.apereo.cas.configuration.support.CasConfigurationJasyptCipherExecutor used on opensource projects

Example 1 with CasConfigurationJasyptCipherExecutor

use of org.apereo.cas.configuration.support.CasConfigurationJasyptCipherExecutor in project cas by apereo.

the class JasyptTestAlgorithmsCommand method testAlgorithms.

/**
 * List algorithms you can use Jasypt.
 * @param includeBC      whether to include the BouncyCastle provider
 */
@CliCommand(value = "jasypt-test-algorithms", help = "Test encryption alogrithms you can use with Jasypt to make sure encryption and decryption both work")
public void testAlgorithms(@CliOption(key = { "includeBC" }, mandatory = false, help = "Include Bouncy Castle provider", specifiedDefaultValue = "true", unspecifiedDefaultValue = "false") final boolean includeBC) {
    final String[] providers;
    if (includeBC) {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        providers = new String[] { BouncyCastleProvider.PROVIDER_NAME, "SunJCE" };
    } else {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        providers = new String[] { "SunJCE" };
    }
    LOGGER.info("==== JASYPT Password Based Encryption Algorithms ====\n");
    final String password = "SecretKeyValue";
    final String value = "ValueToEncrypt";
    final Set<String> pbeAlgos = AlgorithmRegistry.getAllPBEAlgorithms();
    for (final String provider : providers) {
        for (final String algorithm : pbeAlgos) {
            final CasConfigurationJasyptCipherExecutor cipher = new CasConfigurationJasyptCipherExecutor(this.environment);
            cipher.setPassword(password);
            cipher.setKeyObtentionIterations("1");
            cipher.setAlgorithm(algorithm);
            cipher.setProviderName(provider);
            try {
                final String encryptedValue;
                try {
                    encryptedValue = cipher.encryptValuePropagateExceptions(value);
                } catch (final EncryptionInitializationException e) {
                    // encryption doesn't work for this algorithm/provider combo
                    continue;
                }
                LOGGER.info("Provider: [{}] Algorithm: [{}]", provider, algorithm);
                try {
                    cipher.decryptValuePropagateExceptions(encryptedValue);
                    LOGGER.info("Encrypted Value: [{}] Decryption Succeeded", encryptedValue);
                } catch (final Exception e) {
                    LOGGER.info("Encrypted Value: [{}] Decryption Failed", encryptedValue);
                }
            } catch (final EncryptionInitializationException e) {
                if (e.getCause() instanceof NoSuchAlgorithmException) {
                    LOGGER.info("Provider: [{}] does not support Algorithm: [{}]", provider, algorithm);
                } else {
                    LOGGER.info("Error encrypting using provider: [{}] and algorithm: [{}], Message: {}", provider, algorithm, e.getMessage());
                }
            }
        }
    }
}

Example 2 with CasConfigurationJasyptCipherExecutor

use of org.apereo.cas.configuration.support.CasConfigurationJasyptCipherExecutor in project cas by apereo.

the class EncryptPropertyCommand method encryptValue.

/**
 * Encrypt a value using Jasypt.
 *
 * @param value      the value
 * @param alg        the alg
 * @param provider   the provider
 * @param password   the password
 * @param iterations the iterations
 */
@CliCommand(value = "encrypt-value", help = "Encrypt a CAS property value/setting via Jasypt")
public void encryptValue(@CliOption(key = { "value" }, help = "Value to encrypt", mandatory = true, optionContext = "Value to encrypt") final String value, @CliOption(key = { "alg" }, help = "Algorithm to use to encrypt", optionContext = "Algorithm to use to encrypt", specifiedDefaultValue = StringUtils.EMPTY, unspecifiedDefaultValue = StringUtils.EMPTY) final String alg, @CliOption(key = { "provider" }, help = "Security provider to use to encrypt", optionContext = "Security provider to use to encrypt (Enter BC for BouncyCastle)", specifiedDefaultValue = StringUtils.EMPTY, unspecifiedDefaultValue = StringUtils.EMPTY) final String provider, @CliOption(key = { "password" }, mandatory = true, help = "Password (encryption key) to encrypt", optionContext = "Password (encryption key) to encrypt") final String password, @CliOption(key = { "iterations" }, help = "Key obtention iterations to encrypt", optionContext = "Key obtention iterations to encrypt", specifiedDefaultValue = StringUtils.EMPTY, unspecifiedDefaultValue = StringUtils.EMPTY) final String iterations) {
    final CasConfigurationJasyptCipherExecutor cipher = new CasConfigurationJasyptCipherExecutor(this.environment);
    cipher.setAlgorithm(alg);
    cipher.setPassword(password);
    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
        Security.addProvider(new BouncyCastleProvider());
    }
    cipher.setProviderName(provider);
    cipher.setKeyObtentionIterations(iterations);
    final String encrypted = cipher.encryptValue(value);
    LOGGER.info("==== Encrypted Value ====\n{}", encrypted);
    try {
        cipher.decryptValue(encrypted);
    } catch (final Exception e) {
        LOGGER.error("Decryption failed for value: {}", encrypted, e);
    }
}