Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.config.encode;
014
015import static org.apache.juneau.internal.StringUtils.*;
016
017import static org.apache.juneau.internal.IOUtils.*;
018
019/**
020 * Simply XOR+Base64 encoder for obscuring passwords and other sensitive data in INI config files.
021 *
022 * <p>
023 * This is not intended to be used as strong encryption.
024 *
025 * <ul class='seealso'>
026 *    <li class='link'>{@doc ConfigEncodedEntries}
027 * </ul>
028 */
029public final class ConfigXorEncoder implements ConfigEncoder {
030
031   /** Reusable XOR-ConfigEncoder instance. */
032   public static final ConfigXorEncoder INSTANCE = new ConfigXorEncoder();
033
034   private static final String key = System.getProperty("org.apache.juneau.config.XorEncoder.key",
035      "nuy7og796Vh6G9O6bG230SHK0cc8QYkH");   // The super-duper-secret key
036
037   @Override /* ConfigEncoder */
038   public String encode(String fieldName, String in) {
039      byte[] b = in.getBytes(UTF8);
040      for (int i = 0; i < b.length; i++) {
041            int j = i % key.length();
042         b[i] = (byte)(b[i] ^ key.charAt(j));
043      }
044      return '{' + base64Encode(b) + '}';
045   }
046
047   @Override /* ConfigEncoder */
048   public String decode(String fieldName, String in) {
049      if (! isEncoded(in))
050         return in;
051      in = in.substring(1, in.length()-1);
052      byte[] b = base64Decode(in);
053      for (int i = 0; i < b.length; i++) {
054         int j = i % key.length();
055         b[i] = (byte)(b[i] ^ key.charAt(j));
056   }
057      return new String(b, UTF8);
058   }
059
060   @Override /* ConfigEncoder */
061   public boolean isEncoded(String in) {
062      return in != null && in.length() > 1 && in.charAt(0) == '{' && in.charAt(in.length()-1) == '}';
063   }
064}