package com.ulisesbocchio.jasyptspringboot.properties;
import com.ulisesbocchio.jasyptspringboot.EncryptablePropertyFilter;
import com.ulisesbocchio.jasyptspringboot.util.AsymmetricCryptography.KeyFormat;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import org.springframework.boot.context.properties.bind.BindHandler;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.boot.context.properties.bind.PropertySourcesPlaceholdersResolver;
import org.springframework.boot.context.properties.bind.handler.IgnoreErrorsBindHandler;
import org.springframework.boot.context.properties.source.ConfigurationPropertySources;
import org.springframework.boot.convert.ApplicationConversionService;
import org.springframework.core.ResolvableType;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.List;
import static java.util.Collections.singletonList;
/**
* Partially used to load {@link EncryptablePropertyFilter} config.
*
* @author Ulises Bocchio
*/
@SuppressWarnings("ConfigurationProperties")
@ConfigurationProperties(prefix = "jasypt.encryptor", ignoreUnknownFields = true)
@Data
public class JasyptEncryptorConfigurationProperties {
public static JasyptEncryptorConfigurationProperties bindConfigProps(ConfigurableEnvironment environment) {
final BindHandler handler = new IgnoreErrorsBindHandler(BindHandler.DEFAULT);
final MutablePropertySources propertySources = environment.getPropertySources();
final Binder binder = new Binder(ConfigurationPropertySources.from(propertySources),
new PropertySourcesPlaceholdersResolver(propertySources),
ApplicationConversionService.getSharedInstance());
final JasyptEncryptorConfigurationProperties config = new JasyptEncryptorConfigurationProperties();
final ResolvableType type = ResolvableType.forClass(JasyptEncryptorConfigurationProperties.class);
final Annotation annotation = AnnotationUtils.findAnnotation(JasyptEncryptorConfigurationProperties.class,
ConfigurationProperties.class);
final Annotation[] annotations = new Annotation[]{annotation};
final Bindable<?> target = Bindable.of(type).withExistingValue(config).withAnnotations(annotations);
binder.bind("jasypt.encryptor", target, handler);
return config;
}
/**
* Whether to use JDK/Cglib (depending on classpath availability) proxy with an AOP advice as a decorator for
* existing {@link org.springframework.core.env.PropertySource} or just simply use targeted wrapper Classes. Default
* Value is {@code false}.
*/
private Boolean proxyPropertySources = false;
/**
* Define a list of {@link org.springframework.core.env.PropertySource} to skip from wrapping/proxying. Properties held
* in classes on this list will not be eligible for decryption. Default Value is {@code empty list}.
*/
private List<String> skipPropertySources = Collections.emptyList();
/**
* Specify the name of bean to override jasypt-spring-boot's default properties based
* {@link org.jasypt.encryption.StringEncryptor}. Default Value is {@code jasyptStringEncryptor}.
*/
private String bean = "jasyptStringEncryptor";
/**
* Master Password used for Encryption/Decryption of properties.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getPassword()
*/
private String password;
/**
* Encryption/Decryption Algorithm to be used by Jasypt. For more info on how to get available algorithms visit:
* <a href="http://www.jasypt.org/cli.html"/>Jasypt CLI Tools Page</a>. Default Value is {@code "PBEWITHHMACSHA512ANDAES_256"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getAlgorithm()
*/
private String algorithm = "PBEWITHHMACSHA512ANDAES_256";
/**
* Number of hashing iterations to obtain the signing key. Default Value is {@code "1000"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getKeyObtentionIterations()
*/
private String keyObtentionIterations = "1000";
/**
* The size of the pool of encryptors to be created. Default Value is {@code "1"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getPoolSize()
*/
private String poolSize = "1";
/**
* The name of the {@link java.security.Provider} implementation to be used by the encryptor for obtaining the
* encryption algorithm. Default Value is {@code null}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getProviderName()
*/
private String providerName = null;
/**
* The class name of the {@link java.security.Provider} implementation to be used by the encryptor for obtaining the
* encryption algorithm. Default Value is {@code null}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.SimpleStringPBEConfig#setProviderClassName(String)
*/
private String providerClassName = null;
/**
* A {@link org.jasypt.salt.SaltGenerator} implementation to be used by the encryptor. Default Value is
* {@code "org.jasypt.salt.RandomSaltGenerator"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getSaltGenerator()
*/
private String saltGeneratorClassname = "org.jasypt.salt.RandomSaltGenerator";
/**
* A {@link org.jasypt.iv.IvGenerator} implementation to be used by the encryptor. Default Value is
* {@code "org.jasypt.iv.RandomIvGenerator"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getIvGenerator()
*/
private String ivGeneratorClassname = "org.jasypt.iv.RandomIvGenerator";
/**
* Specify the form in which String output will be encoded. {@code "base64"} or {@code "hexadecimal"}. Default Value
* is {@code "base64"}.
*
* @see org.jasypt.encryption.pbe.PBEStringEncryptor
* @see org.jasypt.encryption.pbe.config.StringPBEConfig#getStringOutputType()
*/
private String stringOutputType = "base64";
/**
* Specify a PEM/DER base64 encoded string. PEM encoded keys can simply omit the "BEGIN/END PRIVATE KEY" header/footer
* and just specify the base64 encoded key. This property takes precedence over {@link #setPrivateKeyLocation(String)}
*/
private String privateKeyString = null;
/**
* Specify a PEM/DER private key location, in Spring's resource nomenclature (i.e. classpath:resource/path or file://path/to/file)
*/
private String privateKeyLocation = null;
/**
* Specify the private key format to use: DER (default) or PEM
*/
private KeyFormat privateKeyFormat = KeyFormat.DER;
/**
* Specify a PEM/DER base64 encoded string. PEM encoded keys can simply omit the "BEGIN/END PUBLIC KEY" header/footer
* and just specify the base64 encoded key. This property takes precedence over {@link #setPrivateKeyLocation(String)}
*/
private String publicKeyString = null;
/**
* Specify a PEM/DER public key location, in Spring's resource nomenclature (i.e. classpath:resource/path or file://path/to/file)
*/
private String publicKeyLocation = null;
/**
* Specify the public key format to use: DER (default) or PEM
*/
private KeyFormat publicKeyFormat = KeyFormat.DER;
@NestedConfigurationProperty
private PropertyConfigurationProperties property = new PropertyConfigurationProperties();
@Data
public static class PropertyConfigurationProperties {
/**
* Specify the name of the bean to be provided for a custom
* {@link com.ulisesbocchio.jasyptspringboot.EncryptablePropertyDetector}. Default value is
* {@code "encryptablePropertyDetector"}
*/
private String detectorBean = "encryptablePropertyDetector";
/**
* Specify the name of the bean to be provided for a custom
* {@link com.ulisesbocchio.jasyptspringboot.EncryptablePropertyResolver}. Default value is
* {@code "encryptablePropertyResolver"}
*/
private String resolverBean = "encryptablePropertyResolver";
/**
* Specify the name of the bean to be provided for a custom {@link EncryptablePropertyFilter}. Default value is
* {@code "encryptablePropertyFilter"}
*/
private String filterBean = "encryptablePropertyFilter";
/**
* Specify a custom {@link String} to identify as prefix of encrypted properties. Default value is
* {@code "ENC("}
*/
private String prefix = "ENC(";
/**
* Specify a custom {@link String} to identify as suffix of encrypted properties. Default value is {@code ")"}
*/
private String suffix = ")";
@NestedConfigurationProperty
private FilterConfigurationProperties filter = new FilterConfigurationProperties();
@Data
public static class FilterConfigurationProperties {
/**
* Specify the property sources name patterns to be included for decryption
* by{@link EncryptablePropertyFilter}. Default value is {@code null}
*/
private List<String> includeSources = null;
/**
* Specify the property sources name patterns to be EXCLUDED for decryption
* by{@link EncryptablePropertyFilter}. Default value is {@code null}
*/
private List<String> excludeSources = null;
/**
* Specify the property name patterns to be included for decryption by{@link EncryptablePropertyFilter}.
* Default value is {@code null}
*/
private List<String> includeNames = null;
/**
* Specify the property name patterns to be EXCLUDED for decryption by{@link EncryptablePropertyFilter}.
* Default value is {@code jasypt\\.encryptor\\.*}
*/
private List<String> excludeNames = singletonList("^jasypt\\.encryptor\\.*");
}
}
}
