cipher.setKey("mySecretKey");

        final byte[] original = "Hello World".getBytes();
        final byte[] encrypted = cipher.encrypto(original);
        final byte[] decrypted = cipher.decrypto(encrypted);

        assertThat(encrypted, is(not(original)));
        assertArrayEquals(original, decrypted);
    }

    @Test
    @SuppressWarnings("deprecation")
    public void testDeprecatedEncryptoDecryptoText() {

        }
        return decrypted;
    }

    /**
     * Decrypts the given data.
     *
     * @param data
     *            the data to decrypt
     * @return the decrypted data
     * @deprecated Use {@link #decrypt(byte[])} instead. This method name contains a typo.
     */
    @Deprecated
    public byte[] decrypto(final byte[] data) {
        return decrypt(data);
    }

    /**

     * Parses the role set from a string.
     * @param value The string to parse.
     * @param encrypted Whether the string is encrypted.
     * @param roleSet The set of roles.
     */
    protected void parseRoleSet(final String value, final boolean encrypted, final Set<String> roleSet) {
        String rolesStr = value;
        if (encrypted && cipher != null) {
            try {
                rolesStr = cipher.decryptoText(rolesStr);

            throw e;
        }
    }

    /**
     * Changes the password for a user identified by username.
     * Updates both the authentication manager and the database with the new encrypted password.
     *
     * @param username the username of the user
     * @param password the new password in plain text
     * @throws FessUserNotFoundException if the user is not found
     */

Então, o cliente envia uma solicitação HTTPS. Que é apenas uma solicitação HTTP sobre uma conexão TLS encriptada.

<img src="/img/deployment/https/https04.drawio.svg">

### Desencriptando a Solicitação { #decrypt-the-request }

				"application/oebps-package+xml",
				"application/ogg",
				"application/kate",
				"application/onenote",
				"application/parityfec",
				"application/patch-ops-error+xml",
				"application/pgp-encrypted",
				"application/pgp-keys",
				"application/pgp-signature",
				"application/pics-rules",
				"application/pidf+xml",
				"application/pidf-diff+xml",
				"application/pkcs10",
				"application/pkcs7-mime",

Así que, el cliente envía un **request HTTPS**. Esto es simplemente un request HTTP a través de una conexión TLS encriptada.

<img src="/img/deployment/https/https04.drawio.svg">

### Desencriptar el Request { #decrypt-the-request }

    /** Queries field name. */
    public static final String QUERIES = "queries";

    /** Virtual hosts field name. */
    public static final String VIRTUAL_HOSTS = "virtualHosts";

    /** Prefix for encrypted/ciphered values. */
    public static final String CIPHER_PREFIX = "{cipher}";

    /** System user identifier. */
    public static final String SYSTEM_USER = "system";

    /** Empty user ID placeholder. */

        final String value = getSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS);
        if (StringUtil.isNotBlank(value) && value.startsWith(Constants.CIPHER_PREFIX)) {
            return ComponentUtil.getPrimaryCipher().decrypt(value.substring(Constants.CIPHER_PREFIX.length()));
        }
        return value;
    }

    default void setLdapBaseDn(final String value) {
        setSystemProperty(Constants.LDAP_BASE_DN, value);
    }

*PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, noCheck) } // DecryptWithCheck performs the RSA private key operation and checks the // result to defend against errors in the CRT computation. func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error) { fips140.RecordNonApproved() return decrypt(priv, ciphertext, withCheck) } // decrypt performs an RSA decryption of ciphertext into out. If check is true, // m^e is calculated...