Encrypting connection profile properties
BIRT supports encrypting the connection profile properties by using the cipherProvider extension point. To define a new encryption method you must extend org.eclipse.datatools.connectivity.cipherProvider extension point.
To define a new encryption plug-in you must define the file extension and its corresponding provider of javax.crypto.Cipher class for the encryption of connection profile store files. Listing 27-1 shows an example of such definition.
*
fileExtension – The file extension of connection profile store files that shall be encrypted and decrypted using the cipher provider class specified in the class attribute. The out-of-the-box encryption implementation defines .acconnprofiles as a default extension.
The fileExtension attribute value may include an optional dot (.) before the file extension, for example you can define profiles or .profiles. A keyword default may be specified as an attribute value to match files with no file extension.
*
class – The concrete class that implements the org.eclipse.datatools.connectivity.security.ICipherProvider interface to provide the javax.crypto.Cipher instances for the encryption and decryption of connection profile store files. The custom class may optionally extend the org.eclipse.datatools.connectivity.security.CipherProviderBase base class, which reads a secret (symmetric) key specification from a bundled resource. The base implementation class of the org.eclipse.datatools.connectivity.security.ICipherProvider interface is org.eclipse.datatools.connectivity.security.CipherProviderBase. The class uses a default bundled encryption key as its javax.crypto.spec.SecretKeySpec.
The example in Listing 27-1 registers org.company.connectivity.security.ProfileStoreCipherProvider as the provider for files with the extension .profile and for those with no file extension.
Listing 27-1  
<extension
id="org.company.connectivity.security.cipherProvider"
point="org.eclipse.datatools.connectivity.cipherProvider">
 
<cipherProvider fileExtension="profile"
class="org.company.connectivity.security.
ProfileStoreCipherProvider">
</cipherProvider>
 
<cipherProvider fileExtension="default" class="org.company.connectivity.security.
ProfileStoreCipherProvider">
</cipherProvider>
 
</extension>
Listing 27-2 shows an example implementation of org.company.connectivity.security.ProfileStoreCipherProvider class.
Listing 27-2  
import org.eclipse.core.runtime.Platform;
import org.eclipse.datatools.connectivity.security.CipherProviderBase;
import org.eclipse.datatools.connectivity.security.ICipherProvider;
import org.osgi.framework.Bundle;
 
public class ProfileStoreCipherProvider extends CipherProviderBase
 
implements ICipherProvider
{
/* (non-Javadoc)
* @see org.eclipse.datatools.connectivity.security.CipherProviderBase#getKeyResource()
*/
@Override
protected URL getKeyResource()
{
Bundle bundle = Platform.getBundle( "org.company.connectivity.security" );
return bundle != null ?
bundle.getResource( "cpkey" ) : //$NON-NLS-1$
super.getKeyResource();
}
}

Additional Links:

Copyright Actuate Corporation 2012