序
本文次要钻研一下jasypt的SaltGenerator
SaltGenerator
org/jasypt/salt/SaltGenerator.java
/** * <p> * Common interface for all salt generators which can be applied in digest * or encryption operations. * </p> * <p> * <b>Every implementation of this interface must be thread-safe</b>. * </p> * * @since 1.2 * * @author Daniel Fernández * */public interface SaltGenerator { /** * <p> * This method will be called for requesting the generation of a new * salt of the specified length. * </p> * * @param lengthBytes the requested length for the salt. * @return the generated salt. */ public byte[] generateSalt(int lengthBytes); /** * <p> * Determines if the digests and encrypted messages created with a * specific salt generator will include (prepended) the unencrypted * salt itself, so that it can be used for matching and decryption * operations. * </p> * <p> * Generally, including the salt unencrypted in encryption results will * be mandatory for randomly generated salts, or for those generated in a * non-predictable manner. * Otherwise, digest matching and decryption operations will always fail. * For fixed salts, inclusion will be optional (and in fact undesirable * if we want to hide the salt value). * </p> * * @return whether the plain (unencrypted) salt has to be included in * encryption results or not. */ public boolean includePlainSaltInEncryptionResults(); }SaltGenerator接口定义了generateSalt及includePlainSaltInEncryptionResults办法,其中generateSalt办法依据指定的长度参数来生成salt,而includePlainSaltInEncryptionResults则返回是否须要将salt蕴含在加密后果中,通常对于随机生成的须要返回true,对于固定salt的则不须要,它有几类,别离是FixedSaltGenerator、ZeroSaltGenerator、RandomSaltGenerator
FixedSaltGenerator
org/jasypt/salt/FixedSaltGenerator.java
/** * <p> * Marker interface for all implementations of {@link SaltGenerator} that * will always return the same salt (for the same amount of bytes asked). * </p> * <p> * Use of this interface in salt generators enables encryptors to perform * some performance optimizations whenever they are used. * </p> * * @since 1.9.2 * * @author Daniel Fernández * */public interface FixedSaltGenerator extends SaltGenerator { // Marker interface - no methods added }FixedSaltGenerator继承了SaltGenerator,它没有新定义方法,仅仅是作为接口标识,ByteArrayFixedSaltGenerator、StringFixedSaltGenerator都实现了FixedSaltGenerator接口
ByteArrayFixedSaltGenerator
org/jasypt/salt/ByteArrayFixedSaltGenerator.java
public class ByteArrayFixedSaltGenerator implements FixedSaltGenerator { private final byte[] salt; /** * Creates a new instance of <tt>FixedByteArraySaltGenerator</tt> * * @param salt the specified salt. */ public ByteArrayFixedSaltGenerator(final byte[] salt) { super(); CommonUtils.validateNotNull(salt, "Salt cannot be set null"); this.salt = (byte[]) salt.clone(); } /** * Return salt with the specified byte length. * * @param lengthBytes length in bytes. * @return the generated salt. */ public byte[] generateSalt(final int lengthBytes) { if (this.salt.length < lengthBytes) { throw new EncryptionInitializationException( "Requested salt larger than set"); } final byte[] generatedSalt = new byte[lengthBytes]; System.arraycopy(this.salt, 0, generatedSalt, 0, lengthBytes); return generatedSalt; } /** * As this salt generator provides a fixed salt, its inclusion * unencrypted in encryption results * is not necessary, and in fact not desirable (so that it remains hidden). * * @return false */ public boolean includePlainSaltInEncryptionResults() { return false; } }ByteArrayFixedSaltGenerator的结构器要求输出salt的byte数组,其的generateSalt要求申请的lengthBytes小于等于salt的长度,否则抛出EncryptionInitializationException异样,对于salt的长度大于申请的lengthBytes的,则取后面的lengthBytes;其includePlainSaltInEncryptionResults返回false
StringFixedSaltGenerator
org/jasypt/salt/StringFixedSaltGenerator.java
public class StringFixedSaltGenerator implements FixedSaltGenerator { private static final String DEFAULT_CHARSET = "UTF-8"; private final String salt; private final String charset; private final byte[] saltBytes; /** * Creates a new instance of <tt>FixedStringSaltGenerator</tt> using * the default charset. * * @param salt the specified salt. */ public StringFixedSaltGenerator(final String salt) { this(salt, null); } /** * Creates a new instance of <tt>FixedStringSaltGenerator</tt> * * @param salt the specified salt. * @param charset the specified charset */ public StringFixedSaltGenerator(final String salt, final String charset) { super(); CommonUtils.validateNotNull(salt, "Salt cannot be set null"); this.salt = salt; this.charset = (charset != null? charset : DEFAULT_CHARSET); try { this.saltBytes = this.salt.getBytes(this.charset); } catch (UnsupportedEncodingException e) { throw new EncryptionInitializationException( "Invalid charset specified: " + this.charset); } } /** * Return salt with the specified byte length. * * @param lengthBytes length in bytes. * @return the generated salt. */ public byte[] generateSalt(final int lengthBytes) { if (this.saltBytes.length < lengthBytes) { throw new EncryptionInitializationException( "Requested salt larger than set"); } final byte[] generatedSalt = new byte[lengthBytes]; System.arraycopy(this.saltBytes, 0, generatedSalt, 0, lengthBytes); return generatedSalt; } /** * As this salt generator provides a fixed salt, its inclusion * unencrypted in encryption results * is not necessary, and in fact not desirable (so that it remains hidden). * * @return false */ public boolean includePlainSaltInEncryptionResults() { return false; } }StringFixedSaltGenerator跟ByteArrayFixedSaltGenerator相似,只不过入参是String类型,但外部是转为byte[]类型
ZeroSaltGenerator
org/jasypt/salt/ZeroSaltGenerator.java
public class ZeroSaltGenerator implements SaltGenerator { /** * Creates a new instance of <tt>ZeroSaltGenerator</tt> * */ public ZeroSaltGenerator() { super(); } /** * Return salt with the specified byte length. This will return * an array of <i>zero</i> bytes, with the specified length. * * @param lengthBytes length in bytes. * @return the generated salt. */ public byte[] generateSalt(final int lengthBytes) { final byte[] result = new byte[lengthBytes]; Arrays.fill(result, (byte)0); return result; } /** * As this salt generator provides a predictable salt, its inclusion * unencrypted in encryption results * is not necessary, and in fact not desirable (so that it remains hidden). * * @return false */ public boolean includePlainSaltInEncryptionResults() { return false; } }ZeroSaltGenerator则返回一个空byte[]
RandomSaltGenerator
org/jasypt/salt/RandomSaltGenerator.java
public class RandomSaltGenerator implements SaltGenerator { /** * The default algorithm to be used for secure random number * generation: set to SHA1PRNG. */ public static final String DEFAULT_SECURE_RANDOM_ALGORITHM = "SHA1PRNG"; private final SecureRandom random; /** * Creates a new instance of <tt>RandomSaltGenerator</tt> using the * default secure random number generation algorithm. */ public RandomSaltGenerator() { this(DEFAULT_SECURE_RANDOM_ALGORITHM); } /** * Creates a new instance of <tt>RandomSaltGenerator</tt> specifying a * secure random number generation algorithm. * * @since 1.5 * */ public RandomSaltGenerator(final String secureRandomAlgorithm) { super(); try { this.random = SecureRandom.getInstance(secureRandomAlgorithm); } catch (NoSuchAlgorithmException e) { throw new EncryptionInitializationException(e); } } /** * Generate a random salt of the specified length in bytes. * * @param lengthBytes length in bytes. * @return the generated salt. */ public byte[] generateSalt(final int lengthBytes) { final byte[] salt = new byte[lengthBytes]; synchronized (this.random) { this.random.nextBytes(salt); } return salt; } /** * This salt generator needs the salt to be included unencrypted in * encryption results, because of its being random. This method will always * return true. * * @return true */ public boolean includePlainSaltInEncryptionResults() { return true; } }RandomSaltGenerator采取的是SHA1PRNG的SecureRandom进行随机生成salt,其includePlainSaltInEncryptionResults返回true
小结
SaltGenerator接口定义了generateSalt及includePlainSaltInEncryptionResults办法,其中generateSalt办法依据指定的长度参数来生成salt,而includePlainSaltInEncryptionResults则返回是否须要将salt蕴含在加密后果中,通常对于随机生成的须要返回true,对于固定salt的则不须要,它有几类,别离是FixedSaltGenerator、ZeroSaltGenerator、RandomSaltGenerator。