nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/EncryptionMethod.java - nifi - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.security.util;

 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;

 /**
  * Enumeration capturing essential information about the various encryption
  * methods that might be supported.
  *
  */
 public enum EncryptionMethod {

     MD5_128AES("PBEWITHMD5AND128BITAES-CBC-OPENSSL", "BC", false, false),
     MD5_192AES("PBEWITHMD5AND192BITAES-CBC-OPENSSL", "BC", true, false),
     MD5_256AES("PBEWITHMD5AND256BITAES-CBC-OPENSSL", "BC", true, false),
     MD5_DES("PBEWITHMD5ANDDES", "BC", false, false),
     MD5_RC2("PBEWITHMD5ANDRC2", "BC", false, false),
     SHA1_RC2("PBEWITHSHA1ANDRC2", "BC", false, false),
     SHA1_DES("PBEWITHSHA1ANDDES", "BC", false, false),
     SHA_128AES("PBEWITHSHAAND128BITAES-CBC-BC", "BC", false, false),
     SHA_192AES("PBEWITHSHAAND192BITAES-CBC-BC", "BC", true, false),
     SHA_256AES("PBEWITHSHAAND256BITAES-CBC-BC", "BC", true, false),
     SHA_40RC2("PBEWITHSHAAND40BITRC2-CBC", "BC", false, false),
     SHA_128RC2("PBEWITHSHAAND128BITRC2-CBC", "BC", false, false),
     SHA_40RC4("PBEWITHSHAAND40BITRC4", "BC", false, false),
     SHA_128RC4("PBEWITHSHAAND128BITRC4", "BC", false, false),
     SHA256_128AES("PBEWITHSHA256AND128BITAES-CBC-BC", "BC", false, false),
     SHA256_192AES("PBEWITHSHA256AND192BITAES-CBC-BC", "BC", true, false),
     SHA256_256AES("PBEWITHSHA256AND256BITAES-CBC-BC", "BC", true, false),
     SHA_2KEYTRIPLEDES("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "BC", false, false),
     SHA_3KEYTRIPLEDES("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "BC", false, false),
     SHA_TWOFISH("PBEWITHSHAANDTWOFISH-CBC", "BC", false, false),
     PGP("PGP", "BC", false, false),
     PGP_ASCII_ARMOR("PGP-ASCII-ARMOR", "BC", false, false),
     // New encryption methods which used keyed encryption
     AES_CBC("AES/CBC/PKCS7Padding", "BC", false, true),
     AES_CTR("AES/CTR/NoPadding", "BC", false, true),
     AES_GCM("AES/GCM/NoPadding", "BC", false, true);

     private final String algorithm;
     private final String provider;
     private final boolean unlimitedStrength;
     private final boolean compatibleWithStrongKDFs;

     EncryptionMethod(String algorithm, String provider, boolean unlimitedStrength, boolean compatibleWithStrongKDFs) {
         this.algorithm = algorithm;
         this.provider = provider;
         this.unlimitedStrength = unlimitedStrength;
         this.compatibleWithStrongKDFs = compatibleWithStrongKDFs;
     }

     public String getProvider() {
         return provider;
     }

     public String getAlgorithm() {
         return algorithm;
     }

     /**
      * @return true if algorithm requires unlimited strength policies
      */
     public boolean isUnlimitedStrength() {
         return unlimitedStrength;
     }

     /**
      * @return true if algorithm is compatible with strong {@link KeyDerivationFunction}s
      */
     public boolean isCompatibleWithStrongKDFs() {
         return compatibleWithStrongKDFs;
     }

     /**
      * @return true if this algorithm does not rely on its own internal key derivation process
      */
     public boolean isKeyedCipher() {
         return !algorithm.startsWith("PBE") && !algorithm.startsWith("PGP");
     }

     @Override
     public String toString() {
         final ToStringBuilder builder = new ToStringBuilder(this);
         ToStringBuilder.setDefaultStyle(ToStringStyle.SHORT_PREFIX_STYLE);
         builder.append("Algorithm name", algorithm);
         builder.append("Requires unlimited strength JCE policy", unlimitedStrength);
         builder.append("Algorithm Provider", provider);
         builder.append("Compatible with strong KDFs", compatibleWithStrongKDFs);
         builder.append("Keyed cipher", isKeyedCipher());
         return builder.toString();
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.security.util;

	import org.apache.commons.lang3.builder.ToStringBuilder;
	import org.apache.commons.lang3.builder.ToStringStyle;

	/**
	* Enumeration capturing essential information about the various encryption
	* methods that might be supported.
	*
	*/
	public enum EncryptionMethod {

	MD5_128AES("PBEWITHMD5AND128BITAES-CBC-OPENSSL", "BC", false, false),
	MD5_192AES("PBEWITHMD5AND192BITAES-CBC-OPENSSL", "BC", true, false),
	MD5_256AES("PBEWITHMD5AND256BITAES-CBC-OPENSSL", "BC", true, false),
	MD5_DES("PBEWITHMD5ANDDES", "BC", false, false),
	MD5_RC2("PBEWITHMD5ANDRC2", "BC", false, false),
	SHA1_RC2("PBEWITHSHA1ANDRC2", "BC", false, false),
	SHA1_DES("PBEWITHSHA1ANDDES", "BC", false, false),
	SHA_128AES("PBEWITHSHAAND128BITAES-CBC-BC", "BC", false, false),
	SHA_192AES("PBEWITHSHAAND192BITAES-CBC-BC", "BC", true, false),
	SHA_256AES("PBEWITHSHAAND256BITAES-CBC-BC", "BC", true, false),
	SHA_40RC2("PBEWITHSHAAND40BITRC2-CBC", "BC", false, false),
	SHA_128RC2("PBEWITHSHAAND128BITRC2-CBC", "BC", false, false),
	SHA_40RC4("PBEWITHSHAAND40BITRC4", "BC", false, false),
	SHA_128RC4("PBEWITHSHAAND128BITRC4", "BC", false, false),
	SHA256_128AES("PBEWITHSHA256AND128BITAES-CBC-BC", "BC", false, false),
	SHA256_192AES("PBEWITHSHA256AND192BITAES-CBC-BC", "BC", true, false),
	SHA256_256AES("PBEWITHSHA256AND256BITAES-CBC-BC", "BC", true, false),
	SHA_2KEYTRIPLEDES("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "BC", false, false),
	SHA_3KEYTRIPLEDES("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "BC", false, false),
	SHA_TWOFISH("PBEWITHSHAANDTWOFISH-CBC", "BC", false, false),
	PGP("PGP", "BC", false, false),
	PGP_ASCII_ARMOR("PGP-ASCII-ARMOR", "BC", false, false),
	// New encryption methods which used keyed encryption
	AES_CBC("AES/CBC/PKCS7Padding", "BC", false, true),
	AES_CTR("AES/CTR/NoPadding", "BC", false, true),
	AES_GCM("AES/GCM/NoPadding", "BC", false, true);

	private final String algorithm;
	private final String provider;
	private final boolean unlimitedStrength;
	private final boolean compatibleWithStrongKDFs;

	EncryptionMethod(String algorithm, String provider, boolean unlimitedStrength, boolean compatibleWithStrongKDFs) {
	this.algorithm = algorithm;
	this.provider = provider;
	this.unlimitedStrength = unlimitedStrength;
	this.compatibleWithStrongKDFs = compatibleWithStrongKDFs;
	}

	public String getProvider() {
	return provider;
	}

	public String getAlgorithm() {
	return algorithm;
	}

	/**
	* @return true if algorithm requires unlimited strength policies
	*/
	public boolean isUnlimitedStrength() {
	return unlimitedStrength;
	}

	/**
	* @return true if algorithm is compatible with strong {@link KeyDerivationFunction}s
	*/
	public boolean isCompatibleWithStrongKDFs() {
	return compatibleWithStrongKDFs;
	}

	/**
	* @return true if this algorithm does not rely on its own internal key derivation process
	*/
	public boolean isKeyedCipher() {
	return !algorithm.startsWith("PBE") && !algorithm.startsWith("PGP");
	}

	@Override
	public String toString() {
	final ToStringBuilder builder = new ToStringBuilder(this);
	ToStringBuilder.setDefaultStyle(ToStringStyle.SHORT_PREFIX_STYLE);
	builder.append("Algorithm name", algorithm);
	builder.append("Requires unlimited strength JCE policy", unlimitedStrength);
	builder.append("Algorithm Provider", provider);
	builder.append("Compatible with strong KDFs", compatibleWithStrongKDFs);
	builder.append("Keyed cipher", isKeyedCipher());
	return builder.toString();
	}
	}