001// *************************************************************************************************************************** 002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file * 003// * distributed with this work for additional information regarding copyright ownership. The ASF licenses this file * 004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance * 005// * with the License. You may obtain a copy of the License at * 006// * * 007// * http://www.apache.org/licenses/LICENSE-2.0 * 008// * * 009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an * 010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the * 011// * specific language governing permissions and limitations under the License. * 012// *************************************************************************************************************************** 013package org.apache.juneau.config.encode; 014 015import static org.apache.juneau.internal.StringUtils.*; 016 017import static org.apache.juneau.internal.IOUtils.*; 018 019/** 020 * Simply XOR+Base64 encoder for obscuring passwords and other sensitive data in INI config files. 021 * 022 * <p> 023 * This is not intended to be used as strong encryption. 024 * 025 * <ul class='seealso'> 026 * <li class='link'>{@doc ConfigEncodedEntries} 027 * </ul> 028 */ 029public final class ConfigXorEncoder implements ConfigEncoder { 030 031 /** Reusable XOR-ConfigEncoder instance. */ 032 public static final ConfigXorEncoder INSTANCE = new ConfigXorEncoder(); 033 034 private static final String key = System.getProperty("org.apache.juneau.config.XorEncoder.key", 035 "nuy7og796Vh6G9O6bG230SHK0cc8QYkH"); // The super-duper-secret key 036 037 @Override /* ConfigEncoder */ 038 public String encode(String fieldName, String in) { 039 byte[] b = in.getBytes(UTF8); 040 for (int i = 0; i < b.length; i++) { 041 int j = i % key.length(); 042 b[i] = (byte)(b[i] ^ key.charAt(j)); 043 } 044 return '{' + base64Encode(b) + '}'; 045 } 046 047 @Override /* ConfigEncoder */ 048 public String decode(String fieldName, String in) { 049 if (! isEncoded(in)) 050 return in; 051 in = in.substring(1, in.length()-1); 052 byte[] b = base64Decode(in); 053 for (int i = 0; i < b.length; i++) { 054 int j = i % key.length(); 055 b[i] = (byte)(b[i] ^ key.charAt(j)); 056 } 057 return new String(b, UTF8); 058 } 059 060 @Override /* ConfigEncoder */ 061 public boolean isEncoded(String in) { 062 return in != null && in.length() > 1 && in.charAt(0) == '{' && in.charAt(in.length()-1) == '}'; 063 } 064}