Package com.atlassian.secrets.store.algorithm

Class AlgorithmSecretStore

java.lang.Object
com.atlassian.secrets.store.algorithm.AlgorithmSecretStore
All Implemented Interfaces:
SecretStore
Direct Known Subclasses:
AesOnlyAlgorithmSecretStore
public class AlgorithmSecretStore extends Object implements SecretStore
Advanced implementation of Cipher. Uses, specified by user, algorithm to encrypt data and stores it in a file.

It's advanced, because it operates on data stored in files, which are separate from the configuration file. Therefore they can be secured.

see docs for store(String) and get(String)} to learn more.

Supported algorithms (in brackets key size which will be used for key generation): AES/CBC/PKCS5Padding (128) DES/CBC/PKCS5Padding (56) DESede/CBC/PKCS5Padding (168)

  • Constructor Details

    • AlgorithmSecretStore

      public AlgorithmSecretStore()

  • Method Details

    • store

      public String store(String encryptionParamsInJson)
      Creates and then saves in file SealedObject which stores encrypted data. Data is encrypted using: SecretKeySpec, AlgorithmParameters and algorithm specified by user.

      As parameter expects EncryptionParameters in JSON format Mandatory fields in JSON:

      EncryptionParameters.plainTextPassword - password in plain text

      EncryptionParameters.algorithm - one of: - AES/CBC/PKCS5Padding - DES/CBC/PKCS5Padding - DESede/CBC/PKCS5Padding

      EncryptionParameters.algorithmKey - should correspond with algorithm field and be one of: - AES - DES - DESede

      Optional fields in JSON: (if missing data is searched in environmental variable, if environmental variable is empty then they are generated)

      EncryptionParameters.algorithmParametersFilePath - path to file which contains AlgorithmParameters stored in encoded form. see AlgorithmParametersSerializationFile to check how it will be read / saved. They should be generated for same algorithm as used for encryption. In case parameter it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + java_security_AlgorithmParameters In case environmental variable does not exist, they will be generated and then saved in file in encoded form, under unique name using pattern: java.security.AlgorithmParameters_[current system UTC time]

      EncryptionParameters.keyFilePath - path to file which contains SecretKeySpec stored as serialized object. see SerializationFile to check how it will be read /saved. Should be generated using same algorithm as used for encryption. In case it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_spec_SecretKeySpec In case environmental variable does not exist, key will be generated and then saved in file as serialized object, under unique name using pattern: javax.crypto.spec.SecretKeySpec_[current system UTC time] see UniqueFilePathGenerator

      EncryptionParameters.outputFilesBasePath - store path where created SealedObject, SecretKeySpec and AlgorithmParameters will be saved. If not provided files will be saved in the default directory. If provided, it must be ended with file separator ('/' or '\')

      Specified by:
      store in interface SecretStore
      Parameters:
      encryptionParamsInJson - EncryptionParameters in JSON format
      Returns:
      DecryptionParameters in JSON format

    • get

      public String get(String decryptionParamsInJson)
      Decrypts data stored in SealedObject using SecretKeySpec.

      As parameter expects DecryptionParameters in JSON format.

      Optional fields in JSON: (if missing data is searched in environmental variable)

      DecryptionParameters.serializedSealedObject - string which contains SealedObject stored as serialized object. In case it's missing, the data about SealedObject in stored by DecryptionParameters.sealedObjectFilePath.

      DecryptionParameters.sealedObjectFilePath - path to file which contains SealedObject stored as serialized object. see SerializationFile to check how it will be read. If DecryptionParameters.serializedSealedObject is not null, this param will not be taken into account. But in case when DecryptionParameters.sealedObjectFilePath and DecryptionParameters.serializedSealedObject are missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_SealedObject

      DecryptionParameters.keyFilePath - path to file which contains SecretKeySpec stored as serialized object. see SerializationFile to check how it will be read /saved. In case it's missing, path will be searched in environmental variable under key: EnvironmentVarBasedConfiguration.ENV_VARIABLE_PREFIX + javax_crypto_spec_SecretKeySpec

      Specified by:
      get in interface SecretStore
      Parameters:
      decryptionParamsInJson - DecryptionParameters in JSON format
      Returns:
      plain text password

    • getEncryptedPassword

      protected SealedObject getEncryptedPassword(DecryptionParameters dataToDecrypt)

    • encrypt

      protected DecryptionParameters encrypt(EncryptionParameters parameters)