Understanding the encryption extension point plug‑in
The encryption extension point plug‑in is installed with the following products in the following locations:
*BIRT Designer Professional in <BDPro_HOME>\eclipse\plugins
\com.actuate.ais.encryption_<version>
*BIRT iHub in AC_SERVER_HOME/Jar/BIRT/platform/plugins
/com.actuate.ais.encryption_<version>
The directory com.actuate.ais.encryption contains the following items:
*The file plugin.xml
*The file encryption.jar
*The directory schema, which contains the EncryptionProviderID.exsd file
To extend the encryption extension point plug‑in, you must implement both the encrypt and decrypt methods in the IEncryptionProvider interface, shown in Listing 2‑1.
Listing 2‑1 The IEncryptionProvider interface
package com.actuate.ais.encryption;
 
 
/**
* This interface specifies a couple of functions that need to
* be implemented in any encryption provider implementation
*/
public interface IEncryptionProvider {
/**
* Encrypt function that takes in a string value to be
* encrypted. The return value is an encrypted text obtained
* after applying the implementation specific encryption
* algorithm.
*
* @param value
* @return
*/
public String encrypt(String value);
/**
* Decrypt function that takes in an encrypted text string.
* The return value is the plain text obtained after applying
* the implementation decryption algorithm.
*
* @param value
* @return
*/
public String decrypt(String value);
 
}
The extension JAR file must be installed in the following locations:
*<BDPro_HOME>\eclipse\plugins in the BIRT Designer Professional installation
*AC_SERVER_HOME/Jar/BIRT/platform/plugins in BIRT iHub
When you launch the IO Design perspective, BIRT Designer Professional detects the encryption extension point plug-in. This plug-in is used for all connection types, for example Oracle and DB2. When the data modeler enters connection property values such as user name, password, host name, and port on the Data source connection properties page, the IO Design perspective determines if the property is tagged as masked. If so, the value entered for that property is passed to the encrypt method. The encrypt method returns the String value you programmed it to return, and this return value is stored in the data connection definition (.dcd) file. The encrypt method is called only when the value of a masked property is modified. When an information object is executed in the IO Design perspective or on BIRT iHub, the values of the connection properties that are tagged as masked are read from the DCD file and passed to the decrypt method. The decrypt method returns the String value you programmed it to return.
You can have the encrypt method return an encrypted version of the string that a data modeler enters on the Data source connection properties page. This encrypted value is then stored in the DCD file and passed to the decrypt method when an information object is executed.
You can also program the encrypt and decrypt methods to implement lookup mechanisms to retrieve the actual property values, such as the user name and password, from an external LDAP source. The values that the data modeler enters on the Data source connection properties page serve as tokens to identify the actual values. This approach can handle multiple data sources.
For example, the encrypt method can simply return any string value the data modeler provides without modification, and this token is stored in the DCD file. So, if a data modeler enters the password for an Oracle connection definition as Password_OracleDevelopment, the encrypt method returns Password_OracleDevelopment, and Password_OracleDevelopment is stored in the DCD file. When the decrypt method receives Password_OracleDevelopment, the decrypt method logic uses this token to query an external data source or to search a local encrypted file to retrieve the actual password.