Package at.favre.lib.idmask

Class Config.Builder

    • Constructor Detail

      • Builder

        public Builder()

    • Method Detail

      • encoding

        public abstract Config.Builder encoding​(ByteToTextEncoding encoding)
        Used byte to text encoding.

        Implementations for Base64, Base32Rfc4648 and Hex are available. You may provide your own however.

        E.g. 

            new ByteToTextEncoding.Base32Rfc4648()
        The library internally converts everything to bytes, encrypts it and then requires an encoding schema to make the output printable. Per default the url-safe version of Base64 (RFC4648) is used. This is a well supported, fast and reasonable space efficient (needs ~25% more storage than the raw bytes) encoding. Note that the output size is constant using the same settings a type and does _not_ grow or shrink depending on e.g. how big the number is.
        Parameters:
        encoding - to use
        Returns:
        builder

      • highSecurityMode

        public abstract Config.Builder highSecurityMode​(boolean isHighSecurityMode)
        If better security settings should be used sacrificing output size and / or performance. Only applicable with 16 byte ids (e.g. UUID, byte[], BigInteger, ...) it is optionally possible to increase the security strength of the masked id in expense for increased id lengths. By default a 8-byte MAC is appended to the ID and, if randomization is enabled, a 8-byte random nonce is prepended. In high security mode these numbers double to 16 byte, therefore high security IDs are 16 bytes longer. If you generate a massive amount of ids (more than 2^32) or don't mind the longer output length, high security mode is recommended. Issue with smaller MAC is increased chance of not recognizing a forgery and issue with smaller randomization nonce is higher chance of finding duplicated randomization values and recognizing equal ids (chance of duplicate after 5,000,000,000 randomized ids with 8 byte nonce is 50%). Increasing these numbers to 16 bytes make both those issue negligible.
        Parameters:
        isHighSecurityMode - true if enabled
        Returns:
        builder

      • randomizedIds

        public abstract Config.Builder randomizedIds​(boolean isRandomized)
        If the masking should create non-deterministic ids (different output for every call). If tolerable, this setting should always be activated because it drastically improves the effectiveness of masking.

        Use this randomized ids

        • Shareable links
        • Single Use Tokens
        • Ids where the client must not compare equality (e.g. are those 2 models the same?)

        If this is enabled, cache for encoding wil be disabled.

        Parameters:
        isRandomized - true if enabled
        Returns:
        builder

      • securityProvider

        public abstract Config.Builder securityProvider​(Provider provider)
        Optionally provide your own security provider, e.g. for using BouncyCastle. Use this only if you are know what you do, usually the default setting is fine.
        Parameters:
        provider - to use
        Returns:
        builder

      • secureRandom

        public abstract Config.Builder secureRandom​(SecureRandom secureRandom)
        Optionally provide your own secure random implementation. Use this only if you are know what you do, usually the default setting is fine.
        Parameters:
        secureRandom - to use
        Returns:
        builder

      • cacheImpl

        public abstract Config.Builder cacheImpl​(Cache cache)
        Optionally provide your own cache implementation.
        Parameters:
        cache - to use
        Returns:
        builder

      • enableCache

        public abstract Config.Builder enableCache​(boolean shouldCache)
        If masking/unmasking should be cached to speed up performance. Note:
        • Caching for masking will only work if randomizedIds are disabled
        • only makes sense if same ids will be masked from time to time
        • use slightly more memory (when using the default in-memory lru cache)
        • exposes the raw/masked ids mappings in memory which might be bad for Android
        Parameters:
        shouldCache - true if enabled
        Returns:
        builder

      • autoWipeMemory

        public abstract Config.Builder autoWipeMemory​(boolean shouldAutoWipe)
        Wipes memory of security relevant date (e.g. byte arrays) immediately after usage in the expensive of making masking a bit slower. This is an advanced security feature.
        Parameters:
        shouldAutoWipe - true if enabled
        Returns:
        builder

      • build

        public abstract Config build()
        Create config
        Returns:
        new config instance