Protector and ProtectedString support for hasing (PBKDF)

infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismConstants.java

@@ -48,6 +48,10 @@ public class PrismConstants {
 
 	public static final String NS_MATCHING_RULE = NS_PREFIX + "matching-rule-3";
 	public static final String PREFIX_NS_MATCHING = "mr";
+
+	public static final String NS_PREFIX_CRYPTO = NS_PREFIX + "crypto/";
+	public static final String NS_PREFIX_CRYPTO_ALGORITHM = NS_PREFIX_CRYPTO + "algorithm/";
+	public static final String NS_CRYPTO_ALGORITHM_PBKD = NS_PREFIX_CRYPTO_ALGORITHM + "pbkd-3";
 
 	// Annotations
 

infra/prism/src/main/java/com/evolveum/midpoint/prism/crypto/BaseProtector.java

@@ -68,5 +68,5 @@ public boolean isEncrypted(ProtectedStringType ps) {
         Validate.notNull(ps, "Protected string must not be null.");
         return ps.isEncrypted();
     }
-
+    
 }

infra/prism/src/main/java/com/evolveum/midpoint/prism/crypto/ProtectedData.java

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2014 Evolveum
+ * Copyright (c) 2014-2017 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 package com.evolveum.midpoint.prism.crypto;
 
 import com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType;
+import com.evolveum.prism.xml.ns._public.types_3.HashedDataType;
 
 /**
  * @author Radovan Semancik
@@ -27,6 +28,10 @@ public interface ProtectedData<T> {
 
 	abstract void setClearBytes(byte[] bytes);
 
+	abstract T getClearValue();
+
+	abstract void setClearValue(T data);
+
 	abstract void destroyCleartext();
 
 	EncryptedDataType getEncryptedDataType();
@@ -35,4 +40,11 @@ public interface ProtectedData<T> {
 
 	boolean isEncrypted();
 
+	HashedDataType getHashedDataType();
+
+	void setHashedData(HashedDataType hashedDataType);
+
+	boolean isHashed();
+
+	boolean canSupportType(Class<?> type);
 }

infra/prism/src/main/java/com/evolveum/midpoint/prism/crypto/Protector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2017 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,19 +52,6 @@ public interface Protector {
 	 */
 	String decryptString(ProtectedStringType protectedString) throws EncryptionException;
 
-//	/**
-//	 * 
-//	 * @param protectedString
-//	 * @return decrypted DOM {@link Element}
-//	 * @throws EncryptionException
-//	 *             this is thrown probably in case JRE/JDK doesn't have JCE
-//	 *             installed
-//	 * @throws IllegalArgumentException
-//	 *             if protectedString argument is null or EncryptedData in
-//	 *             protectedString argument is null
-//	 */
-//	Element decrypt(ProtectedStringType protectedString) throws EncryptionException;
-
 	/**
 	 *
 	 * @param text
@@ -76,29 +63,15 @@ public interface Protector {
 	 */
 	ProtectedStringType encryptString(String text) throws EncryptionException;
 
-//	/**
-//	 * 
-//	 * @param plain
-//	 * @return {@link ProtectedStringType} with encrypted element inside it. If
-//	 *         input argument is null, method returns null.
-//	 * @throws EncryptionException
-//	 *             this is thrown probably in case JRE/JDK doesn't have JCE
-//	 *             installed
-//	 */
-//	ProtectedStringType encrypt(Element plain) throws EncryptionException;
-//
-//	/**
-//	 * Encrypts the ProtectedStringType "in place".
-//	 * @param ps
-//	 * @throws EncryptionException 
-//	 */
-//	void encrypt(ProtectedStringType ps) throws EncryptionException;
-//
 	/**
 	 * Returns true if protected string contains encrypted data that seems valid.
+	 * DEPRECATED. Use ProtectedStringType.isEncrypted() instead
 	 */
+	@Deprecated
 	boolean isEncrypted(ProtectedStringType ps);
-
-	boolean compare(ProtectedStringType a, ProtectedStringType b) throws EncryptionException;
+
+	<T> void hash(ProtectedData<T> protectedData) throws EncryptionException, SchemaException;
+
+	boolean compare(ProtectedStringType a, ProtectedStringType b) throws EncryptionException, SchemaException;
 
 }