本文主要研究一下jasypt的SaltGenerator
org/jasypt/salt/SaltGenerator.java
/**
*
* Common interface for all salt generators which can be applied in digest
* or encryption operations.
*
*
* Every implementation of this interface must be thread-safe.
*
*
* @since 1.2
*
* @author Daniel Fernández
*
*/
public interface SaltGenerator {
/**
*
* This method will be called for requesting the generation of a new
* salt of the specified length.
*
*
* @param lengthBytes the requested length for the salt.
* @return the generated salt.
*/
public byte[] generateSalt(int lengthBytes);
/**
*
* Determines if the digests and encrypted messages created with a
* specific salt generator will include (prepended) the unencrypted
* salt itself, so that it can be used for matching and decryption
* operations.
*
*
* Generally, including the salt unencrypted in encryption results will
* be mandatory for randomly generated salts, or for those generated in a
* non-predictable manner.
* Otherwise, digest matching and decryption operations will always fail.
* For fixed salts, inclusion will be optional (and in fact undesirable
* if we want to hide the salt value).
*
*
* @return whether the plain (unencrypted) salt has to be included in
* encryption results or not.
*/
public boolean includePlainSaltInEncryptionResults();
}
SaltGenerator接口定义了generateSalt及includePlainSaltInEncryptionResults方法,其中generateSalt方法根据指定的长度参数来生成salt,而includePlainSaltInEncryptionResults则返回是否需要将salt包含在加密结果中,通常对于随机生成的需要返回true,对于固定salt的则不需要,它有几类,分别是FixedSaltGenerator、ZeroSaltGenerator、RandomSaltGenerator
org/jasypt/salt/FixedSaltGenerator.java
/**
*
* Marker interface for all implementations of {@link SaltGenerator} that
* will always return the same salt (for the same amount of bytes asked).
*
*
* Use of this interface in salt generators enables encryptors to perform
* some performance optimizations whenever they are used.
*
*
* @since 1.9.2
*
* @author Daniel Fernández
*
*/
public interface FixedSaltGenerator extends SaltGenerator {
// Marker interface - no methods added
}
FixedSaltGenerator继承了SaltGenerator,它没有新定义方法,仅仅是作为接口标识,ByteArrayFixedSaltGenerator、StringFixedSaltGenerator都实现了FixedSaltGenerator接口
org/jasypt/salt/ByteArrayFixedSaltGenerator.java
public class ByteArrayFixedSaltGenerator implements FixedSaltGenerator {
private final byte[] salt;
/**
* Creates a new instance of FixedByteArraySaltGenerator
*
* @param salt the specified salt.
*/
public ByteArrayFixedSaltGenerator(final byte[] salt) {
super();
CommonUtils.validateNotNull(salt, "Salt cannot be set null");
this.salt = (byte[]) salt.clone();
}
/**
* Return salt with the specified byte length.
*
* @param lengthBytes length in bytes.
* @return the generated salt.
*/
public byte[] generateSalt(final int lengthBytes) {
if (this.salt.length < lengthBytes) {
throw new EncryptionInitializationException(
"Requested salt larger than set");
}
final byte[] generatedSalt = new byte[lengthBytes];
System.arraycopy(this.salt, 0, generatedSalt, 0, lengthBytes);
return generatedSalt;
}
/**
* As this salt generator provides a fixed salt, its inclusion
* unencrypted in encryption results
* is not necessary, and in fact not desirable (so that it remains hidden).
*
* @return false
*/
public boolean includePlainSaltInEncryptionResults() {
return false;
}
}
ByteArrayFixedSaltGenerator的构造器要求输入salt的byte数组,其的generateSalt要求请求的lengthBytes小于等于salt的长度,否则抛出EncryptionInitializationException异常,对于salt的长度大于请求的lengthBytes的,则取前面的lengthBytes;其includePlainSaltInEncryptionResults返回false
org/jasypt/salt/StringFixedSaltGenerator.java
public class StringFixedSaltGenerator implements FixedSaltGenerator {
private static final String DEFAULT_CHARSET = "UTF-8";
private final String salt;
private final String charset;
private final byte[] saltBytes;
/**
* Creates a new instance of FixedStringSaltGenerator using
* the default charset.
*
* @param salt the specified salt.
*/
public StringFixedSaltGenerator(final String salt) {
this(salt, null);
}
/**
* Creates a new instance of FixedStringSaltGenerator
*
* @param salt the specified salt.
* @param charset the specified charset
*/
public StringFixedSaltGenerator(final String salt, final String charset) {
super();
CommonUtils.validateNotNull(salt, "Salt cannot be set null");
this.salt = salt;
this.charset = (charset != null? charset : DEFAULT_CHARSET);
try {
this.saltBytes = this.salt.getBytes(this.charset);
} catch (UnsupportedEncodingException e) {
throw new EncryptionInitializationException(
"Invalid charset specified: " + this.charset);
}
}
/**
* Return salt with the specified byte length.
*
* @param lengthBytes length in bytes.
* @return the generated salt.
*/
public byte[] generateSalt(final int lengthBytes) {
if (this.saltBytes.length < lengthBytes) {
throw new EncryptionInitializationException(
"Requested salt larger than set");
}
final byte[] generatedSalt = new byte[lengthBytes];
System.arraycopy(this.saltBytes, 0, generatedSalt, 0, lengthBytes);
return generatedSalt;
}
/**
* As this salt generator provides a fixed salt, its inclusion
* unencrypted in encryption results
* is not necessary, and in fact not desirable (so that it remains hidden).
*
* @return false
*/
public boolean includePlainSaltInEncryptionResults() {
return false;
}
}
StringFixedSaltGenerator跟ByteArrayFixedSaltGenerator类似,只不过入参是String类型,但内部是转为byte[]类型
org/jasypt/salt/ZeroSaltGenerator.java
public class ZeroSaltGenerator implements SaltGenerator {
/**
* Creates a new instance of ZeroSaltGenerator
*
*/
public ZeroSaltGenerator() {
super();
}
/**
* Return salt with the specified byte length. This will return
* an array of zero bytes, with the specified length.
*
* @param lengthBytes length in bytes.
* @return the generated salt.
*/
public byte[] generateSalt(final int lengthBytes) {
final byte[] result = new byte[lengthBytes];
Arrays.fill(result, (byte)0);
return result;
}
/**
* As this salt generator provides a predictable salt, its inclusion
* unencrypted in encryption results
* is not necessary, and in fact not desirable (so that it remains hidden).
*
* @return false
*/
public boolean includePlainSaltInEncryptionResults() {
return false;
}
}
ZeroSaltGenerator则返回一个空byte[]
org/jasypt/salt/RandomSaltGenerator.java
public class RandomSaltGenerator implements SaltGenerator {
/**
* The default algorithm to be used for secure random number
* generation: set to SHA1PRNG.
*/
public static final String DEFAULT_SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
private final SecureRandom random;
/**
* Creates a new instance of RandomSaltGenerator using the
* default secure random number generation algorithm.
*/
public RandomSaltGenerator() {
this(DEFAULT_SECURE_RANDOM_ALGORITHM);
}
/**
* Creates a new instance of RandomSaltGenerator specifying a
* secure random number generation algorithm.
*
* @since 1.5
*
*/
public RandomSaltGenerator(final String secureRandomAlgorithm) {
super();
try {
this.random = SecureRandom.getInstance(secureRandomAlgorithm);
} catch (NoSuchAlgorithmException e) {
throw new EncryptionInitializationException(e);
}
}
/**
* Generate a random salt of the specified length in bytes.
*
* @param lengthBytes length in bytes.
* @return the generated salt.
*/
public byte[] generateSalt(final int lengthBytes) {
final byte[] salt = new byte[lengthBytes];
synchronized (this.random) {
this.random.nextBytes(salt);
}
return salt;
}
/**
* This salt generator needs the salt to be included unencrypted in
* encryption results, because of its being random. This method will always
* return true.
*
* @return true
*/
public boolean includePlainSaltInEncryptionResults() {
return true;
}
}
RandomSaltGenerator采取的是SHA1PRNG的SecureRandom进行随机生成salt,其includePlainSaltInEncryptionResults返回true
SaltGenerator接口定义了generateSalt及includePlainSaltInEncryptionResults方法,其中generateSalt方法根据指定的长度参数来生成salt,而includePlainSaltInEncryptionResults则返回是否需要将salt包含在加密结果中,通常对于随机生成的需要返回true,对于固定salt的则不需要,它有几类,分别是FixedSaltGenerator、ZeroSaltGenerator、RandomSaltGenerator。