Package org.saidone.service.crypto

Class AbstractCryptoService

java.lang.Object

org.saidone.component.BaseComponent

org.saidone.service.crypto.AbstractCryptoService

All Implemented Interfaces:

CryptoService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

Direct Known Subclasses:

BcCryptoServiceImpl, JcaCryptoServiceImpl

public abstract class AbstractCryptoService
extends BaseComponent
implements CryptoService

Base implementation for CryptoService that provides common functionality for the concrete encryption services. It offers helper methods to derive secret keys using PBKDF2, HKDF or Argon2 and defines configuration beans for the supported key derivation algorithms.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AbstractCryptoService.Kdf	Configuration holder for key derivation settings.

Field Summary

Fields

Modifier and Type	Field	Description
protected @Valid @NotNull AbstractCryptoService.Kdf	kdf

Constructor Summary

Constructors

Constructor	Description
AbstractCryptoService()

Method Summary

Modifier and Type	Method	Description
String	decryptText(String encryptedText)	Decrypts a Base64 encoded encrypted text string
protected org.apache.commons.lang3.tuple.Pair<SecretKeySpec,Integer>	deriveSecretKey(Secret secret, String algorithm, byte[] salt)	Derives a secret key based on the specified key derivation function (KDF) implementation.
String	encryptText(String text, Secret secret)	Encrypts a plain text string and returns a Base64 encoded result.

Methods inherited from class org.saidone.component.BaseComponent

init, setApplicationContext, shutDown, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.saidone.service.crypto.CryptoService

decrypt, encrypt

Field Details

kdf

@Valid
@NotNull
protected @Valid @NotNull AbstractCryptoService.Kdf kdf

Constructor Details

AbstractCryptoService

public AbstractCryptoService()

Method Details

deriveSecretKey

protected org.apache.commons.lang3.tuple.Pair<SecretKeySpec,Integer> deriveSecretKey(Secret secret,
 String algorithm,
 byte[] salt)

Derives a secret key based on the specified key derivation function (KDF) implementation.

This method selects the key derivation algorithm implementation configured in kdf and derives a secret key accordingly. Supported KDF implementations include HKDF, Argon2, and PBKDF2 (default).

Parameters:

secret - the secret fetched from Vault

algorithm - the name of the cryptographic algorithm for which the secret key is derived

salt - the salt value used in the key derivation process

Returns:

a Pair containing the derived SecretKeySpec and an Integer representing the key version

encryptText

public String encryptText(String text,
 Secret secret)

Encrypts a plain text string and returns a Base64 encoded result.

Specified by:

encryptText in interface CryptoService

Parameters:

text - The text to encrypt

secret - secret material used to derive the encryption key

Returns:

Base64 encoded encrypted text

decryptText

public String decryptText(String encryptedText)

Decrypts a Base64 encoded encrypted text string

Specified by:

decryptText in interface CryptoService

Parameters:

encryptedText - The Base64 encoded encrypted text

Returns:

Decrypted plain text