Security-related extended synchronization rules

The class SecurityUtils offers 3 methods, available from all Javascript contexts.

To hash a value using MD5 or SHA1, you can call the **SecurityUtils.hash** method.

As an example, the following code will return the SHA1 hash of the string “phrase to hash”:

SecurityUtils.hash(SecurityUtils.HASH_SHA1, "phrase to hash")

Using a pre-generated key, you can encrypt or decrypt values using a two-way encryption algorithm.

All values passed to and returned from these fuctions are handled as base64 values, so they can be stored directly.

Example:

SecurityUtils.encrypt("something secret")
SecurityUtils.decrypt(srcBean.getAttributeValueById("encryptedAttribute"))

Symmetric encryption can be configured via the 3 following parameters in lsc.properties:

• lsc.security.encryption.keyfile: the path to the file used to encrypt/decrypt data. Defaults to “lsc.key” in the current configuration directory.
• lsc.security.encryption.algorithm: the algorithm to use. Defaults to AES.
• lsc.security.encryption.strength: the strength in bits. Defaults to 128.

You can call a special method to create a key in the keypath configured above (or, by default, in “lsc.key” in the current configuration directory).

# cd /path/to/your/lsc/installation
# LSC_SEC_CP=""; for jar in lib/*.jar; do LSC_SEC_CP="$LSC_SEC_CP:$jar"; done
# java -cp $LSC_SEC_CP org.lsc.utils.security.SymmetricEncryption -f $PWD/etc

In some situations, it is necessary to install the “unrestricted policy files” for Java to be able to use 256 bit keys.

LSC expects the encoded password to be retrieved from LDAP base 64 encoded. So, if storing it using another tools, it must be base64 encoded before being inserted into LDAP.