Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.config.encode;
014
015import static org.apache.juneau.internal.StringUtils.*;
016
017import static org.apache.juneau.internal.IOUtils.*;
018
019/**
020 * Simply XOR+Base64 encoder for obscuring passwords and other sensitive data in INI config files.
021 *
022 * <p>
023 * This is not intended to be used as strong encryption.
024 *
025 * <h5 class='section'>See Also:</h5>
026 * <ul class='doctree'>
027 *    <li class='link'>{@doc juneau-config.EncodedEntries}
028 * </ul>
029 */
030public final class ConfigXorEncoder implements ConfigEncoder {
031
032   /** Reusable XOR-ConfigEncoder instance. */
033   public static final ConfigXorEncoder INSTANCE = new ConfigXorEncoder();
034
035   private static final String key = System.getProperty("org.apache.juneau.config.XorEncoder.key",
036      "nuy7og796Vh6G9O6bG230SHK0cc8QYkH");   // The super-duper-secret key
037
038   @Override /* ConfigEncoder */
039   public String encode(String fieldName, String in) {
040      byte[] b = in.getBytes(UTF8);
041      for (int i = 0; i < b.length; i++) {
042            int j = i % key.length();
043         b[i] = (byte)(b[i] ^ key.charAt(j));
044      }
045      return '{' + base64Encode(b) + '}';
046   }
047
048   @Override /* ConfigEncoder */
049   public String decode(String fieldName, String in) {
050      if (! isEncoded(in))
051         return in;
052      in = in.substring(1, in.length()-1);
053      byte[] b = base64Decode(in);
054      for (int i = 0; i < b.length; i++) {
055         int j = i % key.length();
056         b[i] = (byte)(b[i] ^ key.charAt(j));
057   }
058      return new String(b, UTF8);
059   }
060
061   @Override /* ConfigEncoder */
062   public boolean isEncoded(String in) {
063      return in != null && in.length() > 1 && in.charAt(0) == '{' && in.charAt(in.length()-1) == '}';
064   }
065}