*
 * // Decrypt text
 * String decrypted = cipher.decryptText(encrypted);
 *
 * // For AES encryption
 * CachedCipher aesCipher = new CachedCipher();
 * aesCipher.setAlgorithm("AES");
 * aesCipher.setTransformation("AES");
 * aesCipher.setKey("0123456789abcdef"); // 16-byte key for AES-128
 * </pre>
 *
 * @author higa
 */
public class CachedCipher {

    /**

                return "AES";
            }

            @Override
            public String getAppCipherKey() {
                return "1234567890123456"; // 16 bytes for AES
            }
        });

        // Create test cipher - use proper constructor with simple implementation
        InvertibleCryptographer cookieCipher = new InvertibleCryptographer("AES", "1234567890123456", null) {
            @Override

                    cipherAlgorithm);
            inver = InvertibleCryptographer.createBlowfishCipher(fessConfig.getAppCipherKey());
        } else if ("des".equalsIgnoreCase(cipherAlgorithm)) {
            logger.warn("DES cipher is deprecated due to its 56-bit key size vulnerability. Please consider migrating to AES. algorithm={}",
                    cipherAlgorithm);

                case FessConfig.search_engine_heartbeat_interval:
                    return "10000";
                case FessConfig.APP_CIPHER_ALGORITHM:
                    return "aes";
                case FessConfig.APP_CIPHER_KEY:
                    return "___change__me___";
                case FessConfig.APP_ENCRYPT_PROPERTY_PATTERN:
                    return ".*password|.*key|.*token|.*secret";

- `@Secured` annotation with role array (`"admin-user"`, `"admin-user-view"`)
- Role-based query filtering via `RoleQueryHelper`
- Authentication: Local (UserService), LDAP, OIDC, SAML, SPNEGO, Entra ID
- Security features: AES encryption, SHA256 digest, LDAP injection prevention, password policy, rate limiting

## Naming Conventions

| Element | Convention | Example |
|---------|------------|---------|

    private OneWayCryptographer oneWayCryptographer;

    @Override
    protected void setUp(TestInfo testInfo) throws Exception {
        super.setUp(testInfo);

        // Create InvertibleCryptographer with AES
        invertibleCryptographer = InvertibleCryptographer.createAesCipher("1234567890123456");

        // Create OneWayCryptographer with SHA256
        oneWayCryptographer = OneWayCryptographer.createSha256Cryptographer();

x[:], x[:]) return x } for len(m) >= aes.BlockSize { subtle.XORBytes(x[:], m[:aes.BlockSize], x[:]) if len(m) == aes.BlockSize { // Final complete block. subtle.XORBytes(x[:], c.k1[:], x[:]) } aes.EncryptBlockInternal(&c.b, x[:], x[:]) m = m[aes.BlockSize:] } if len(m) > 0 { // Final incomplete block. subtle.XORBytes(x[:], m, x[:]) subtle.XORBytes(x[:], c.k2[:], x[:]) x[len(m)] ^= 0b10000000 aes.EncryptBlockInternal(&c.b, x[:], x[:]) } return x } // shiftLeft sets x to x << 1, and returns MSB₁(x)....

search_engine.password=
# Interval (ms) for heartbeat checks to the search engine.
search_engine.heartbeat_interval=10000

# Cipher algorithm used for encryption.
app.cipher.algorithm=aes
# Secret key for encryption (change this value for production).
app.cipher.key=___change__me___
# Algorithm for digest calculation.
app.digest.algorithm=sha256
# Regex pattern for properties to encrypt.

    /** The key of the configuration. e.g. 10000 */
    String search_engine_heartbeat_interval = "search_engine.heartbeat_interval";

    /** The key of the configuration. e.g. aes */
    String APP_CIPHER_ALGORITHM = "app.cipher.algorithm";

    /** The key of the configuration. e.g. ___change__me___ */
    String APP_CIPHER_KEY = "app.cipher.key";