com.atlassian.secrets.store.algorithm

Class AlgorithmSecretStore

java.lang.Object

com.atlassian.secrets.store.algorithm.AlgorithmSecretStore

All Implemented Interfaces:

SecretStore

Direct Known Subclasses:

AesOnlyAlgorithmSecretStore

public class AlgorithmSecretStore
extends Object
implements SecretStore

Advanced implementation of Cipher. Uses, specified by user, algorithm to encrypt data and stores it in a file.

It's advanced, because it operates on data stored in files, which are separate from the configuration file. Therefore they can be secured.

see docs for store(String) and get(String)} to learn more.

Supported algorithms (in brackets key size which will be used for key generation): AES/CBC/PKCS5Padding (128) DES/CBC/PKCS5Padding (56) DESede/CBC/PKCS5Padding (168)

Constructor Summary

Constructors

Constructor and Description
AlgorithmSecretStore()

Method Summary

Modifier and Type	Method and Description
protected DecryptionParameters	encrypt(EncryptionParameters parameters)
String	get(String decryptionParamsInJson) Decrypts data stored in SealedObject using SecretKeySpec.
protected SealedObject	getEncryptedPassword(DecryptionParameters dataToDecrypt)
String	store(String encryptionParamsInJson) Creates and then saves in file SealedObject which stores encrypted data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AlgorithmSecretStore

public AlgorithmSecretStore()

Method Detail

store

public String store(String encryptionParamsInJson)

Creates and then saves in file SealedObject which stores encrypted data. Data is encrypted using: SecretKeySpec, AlgorithmParameters and algorithm specified by user.

As parameter expects EncryptionParameters in JSON format Mandatory fields in JSON:

EncryptionParameters.plainTextPassword - password in plain text

EncryptionParameters.algorithm - one of: - AES/CBC/PKCS5Padding - DES/CBC/PKCS5Padding - DESede/CBC/PKCS5Padding

EncryptionParameters.algorithmKey - should correspond with algorithm field and be one of: - AES - DES - DESede

Optional fields in JSON: (if missing data is searched in environmental variable, if environmental variable is empty then they are generated)

EncryptionParameters.algorithmParametersFilePath - path to file which contains AlgorithmParameters stored in encoded form. see AlgorithmParametersSerializationFile to check how it will be read / saved. They should be generated for same algorithm as used for encryption. In case parameter it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + java_security_AlgorithmParameters In case environmental variable does not exist, they will be generated and then saved in file in encoded form, under unique name using pattern: java.security.AlgorithmParameters_[current system UTC time]

EncryptionParameters.keyFilePath - path to file which contains SecretKeySpec stored as serialized object. see SerializationFile to check how it will be read /saved. Should be generated using same algorithm as used for encryption. In case it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_spec_SecretKeySpec In case environmental variable does not exist, key will be generated and then saved in file as serialized object, under unique name using pattern: javax.crypto.spec.SecretKeySpec_[current system UTC time] see UniqueFilePathGenerator

EncryptionParameters.outputFilesBasePath - store path where created SealedObject, SecretKeySpec and AlgorithmParameters will be saved. If not provided files will be saved in the default directory. If provided, it must be ended with file separator ('/' or '\')

Specified by:

store in interface SecretStore

Parameters:

encryptionParamsInJson - EncryptionParameters in JSON format

Returns:

DecryptionParameters in JSON format

get

public String get(String decryptionParamsInJson)

Decrypts data stored in SealedObject using SecretKeySpec.

As parameter expects DecryptionParameters in JSON format.

Optional fields in JSON: (if missing data is searched in environmental variable)

DecryptionParameters.serializedSealedObject - string which contains SealedObject stored as serialized object. In case it's missing, the data about SealedObject in stored by DecryptionParameters.sealedObjectFilePath.

DecryptionParameters.sealedObjectFilePath - path to file which contains SealedObject stored as serialized object. see SerializationFile to check how it will be read. If DecryptionParameters.serializedSealedObject is not null, this param will not be taken into account. But in case when DecryptionParameters.sealedObjectFilePath and DecryptionParameters.serializedSealedObject are missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_SealedObject

DecryptionParameters.keyFilePath - path to file which contains SecretKeySpec stored as serialized object. see SerializationFile to check how it will be read /saved. In case it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_spec_SecretKeySpec

Specified by:

get in interface SecretStore

Parameters:

decryptionParamsInJson - DecryptionParameters in JSON format

Returns:

plain text password

getEncryptedPassword

protected SealedObject getEncryptedPassword(DecryptionParameters dataToDecrypt)

encrypt

protected DecryptionParameters encrypt(EncryptionParameters parameters)