broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java - qpid-broker-j - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.server.security.encryption;


 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;

 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.xml.bind.DatatypeConverter;

 import org.apache.qpid.util.Strings;

 class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
 {
     private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
     private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
     private static final String AES_ALGORITHM = "AES";
     private final SecretKey _secretKey;
     private final SecureRandom _random = new SecureRandom();

     AESKeyFileEncrypter(SecretKey secretKey)
     {
         if(secretKey == null)
         {
             throw new NullPointerException("A non null secret key must be supplied");
         }
         if(!AES_ALGORITHM.equals(secretKey.getAlgorithm()))
         {
             throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm()
                                                 + "when" + AES_ALGORITHM + "was needed.");
         }
         _secretKey = secretKey;
     }

     @Override
     public String encrypt(final String unencrypted)
     {
         byte[] unencryptedBytes = unencrypted.getBytes(StandardCharsets.UTF_8);
         try
         {
             byte[] ivbytes = new byte[AES_INITIALIZATION_VECTOR_LENGTH];
             _random.nextBytes(ivbytes);
             Cipher cipher = Cipher.getInstance(CIPHER_NAME);
             cipher.init(Cipher.ENCRYPT_MODE, _secretKey, new IvParameterSpec(ivbytes));
             byte[] encryptedBytes = readFromCipherStream(unencryptedBytes, cipher);
             byte[] output = new byte[AES_INITIALIZATION_VECTOR_LENGTH + encryptedBytes.length];
             System.arraycopy(ivbytes, 0, output, 0, AES_INITIALIZATION_VECTOR_LENGTH);
             System.arraycopy(encryptedBytes, 0, output, AES_INITIALIZATION_VECTOR_LENGTH, encryptedBytes.length);
             return DatatypeConverter.printBase64Binary(output);
         }
         catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e)
         {
             throw new IllegalArgumentException("Unable to encrypt secret", e);
         }
     }

     @Override
     public String decrypt(final String encrypted)
     {
         if(!isValidBase64(encrypted))
         {
             throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
         }
         byte[] encryptedBytes = Strings.decodeBase64(encrypted);
         try
         {
             Cipher cipher = Cipher.getInstance(CIPHER_NAME);

             IvParameterSpec ivParameterSpec = new IvParameterSpec(encryptedBytes, 0, AES_INITIALIZATION_VECTOR_LENGTH);

             cipher.init(Cipher.DECRYPT_MODE, _secretKey, ivParameterSpec);

             return new String(readFromCipherStream(encryptedBytes,
                                                    AES_INITIALIZATION_VECTOR_LENGTH,
                                                    encryptedBytes.length - AES_INITIALIZATION_VECTOR_LENGTH,
                                                    cipher), StandardCharsets.UTF_8);
         }
         catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e)
         {
             throw new IllegalArgumentException("Unable to decrypt secret", e);
         }
     }

     private boolean isValidBase64(final String encrypted)
     {
         return encrypted.matches("^([\\w\\d+/]{4})*([\\w\\d+/]{2}==|[\\w\\d+/]{3}=)?$");
     }


     private byte[] readFromCipherStream(final byte[] unencryptedBytes, final Cipher cipher) throws IOException
     {
         return readFromCipherStream(unencryptedBytes, 0, unencryptedBytes.length, cipher);
     }

     private byte[] readFromCipherStream(final byte[] unencryptedBytes, int offset, int length, final Cipher cipher)
             throws IOException
     {
         final byte[] encryptedBytes;
         try (CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(unencryptedBytes,
                                                                                                   offset,
                                                                                                   length), cipher))
         {
             byte[] buf = new byte[512];
             int pos = 0;
             int read;
             while ((read = cipherInputStream.read(buf, pos, buf.length - pos)) != -1)
             {
                 pos += read;
                 if (pos == buf.length)
                 {
                     byte[] tmp = buf;
                     buf = new byte[buf.length + 512];
                     System.arraycopy(tmp, 0, buf, 0, tmp.length);
                 }
             }
             encryptedBytes = new byte[pos];
             System.arraycopy(buf, 0, encryptedBytes, 0, pos);
         }
         return encryptedBytes;
     }


 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.server.security.encryption;


	import java.io.ByteArrayInputStream;
	import java.io.IOException;
	import java.nio.charset.StandardCharsets;
	import java.security.InvalidAlgorithmParameterException;
	import java.security.InvalidKeyException;
	import java.security.NoSuchAlgorithmException;
	import java.security.SecureRandom;

	import javax.crypto.Cipher;
	import javax.crypto.CipherInputStream;
	import javax.crypto.NoSuchPaddingException;
	import javax.crypto.SecretKey;
	import javax.crypto.spec.IvParameterSpec;
	import javax.xml.bind.DatatypeConverter;

	import org.apache.qpid.util.Strings;

	class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
	{
	private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
	private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
	private static final String AES_ALGORITHM = "AES";
	private final SecretKey _secretKey;
	private final SecureRandom _random = new SecureRandom();

	AESKeyFileEncrypter(SecretKey secretKey)
	{
	if(secretKey == null)
	{
	throw new NullPointerException("A non null secret key must be supplied");
	}
	if(!AES_ALGORITHM.equals(secretKey.getAlgorithm()))
	{
	throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm()
	+ "when" + AES_ALGORITHM + "was needed.");
	}
	_secretKey = secretKey;
	}

	@Override
	public String encrypt(final String unencrypted)
	{
	byte[] unencryptedBytes = unencrypted.getBytes(StandardCharsets.UTF_8);
	try
	{
	byte[] ivbytes = new byte[AES_INITIALIZATION_VECTOR_LENGTH];
	_random.nextBytes(ivbytes);
	Cipher cipher = Cipher.getInstance(CIPHER_NAME);
	cipher.init(Cipher.ENCRYPT_MODE, _secretKey, new IvParameterSpec(ivbytes));
	byte[] encryptedBytes = readFromCipherStream(unencryptedBytes, cipher);
	byte[] output = new byte[AES_INITIALIZATION_VECTOR_LENGTH + encryptedBytes.length];
	System.arraycopy(ivbytes, 0, output, 0, AES_INITIALIZATION_VECTOR_LENGTH);
	System.arraycopy(encryptedBytes, 0, output, AES_INITIALIZATION_VECTOR_LENGTH, encryptedBytes.length);
	return DatatypeConverter.printBase64Binary(output);
	}
	catch (IOException \| InvalidAlgorithmParameterException \| InvalidKeyException \| NoSuchAlgorithmException \| NoSuchPaddingException e)
	{
	throw new IllegalArgumentException("Unable to encrypt secret", e);
	}
	}

	@Override
	public String decrypt(final String encrypted)
	{
	if(!isValidBase64(encrypted))
	{
	throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
	}
	byte[] encryptedBytes = Strings.decodeBase64(encrypted);
	try
	{
	Cipher cipher = Cipher.getInstance(CIPHER_NAME);

	IvParameterSpec ivParameterSpec = new IvParameterSpec(encryptedBytes, 0, AES_INITIALIZATION_VECTOR_LENGTH);

	cipher.init(Cipher.DECRYPT_MODE, _secretKey, ivParameterSpec);

	return new String(readFromCipherStream(encryptedBytes,
	AES_INITIALIZATION_VECTOR_LENGTH,
	encryptedBytes.length - AES_INITIALIZATION_VECTOR_LENGTH,
	cipher), StandardCharsets.UTF_8);
	}
	catch (IOException \| InvalidAlgorithmParameterException \| InvalidKeyException \| NoSuchAlgorithmException \| NoSuchPaddingException e)
	{
	throw new IllegalArgumentException("Unable to decrypt secret", e);
	}
	}

	private boolean isValidBase64(final String encrypted)
	{
	return encrypted.matches("^([\\w\\d+/]{4})*([\\w\\d+/]{2}==\|[\\w\\d+/]{3}=)?$");
	}


	private byte[] readFromCipherStream(final byte[] unencryptedBytes, final Cipher cipher) throws IOException
	{
	return readFromCipherStream(unencryptedBytes, 0, unencryptedBytes.length, cipher);
	}

	private byte[] readFromCipherStream(final byte[] unencryptedBytes, int offset, int length, final Cipher cipher)
	throws IOException
	{
	final byte[] encryptedBytes;
	try (CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(unencryptedBytes,
	offset,
	length), cipher))
	{
	byte[] buf = new byte[512];
	int pos = 0;
	int read;
	while ((read = cipherInputStream.read(buf, pos, buf.length - pos)) != -1)
	{
	pos += read;
	if (pos == buf.length)
	{
	byte[] tmp = buf;
	buf = new byte[buf.length + 512];
	System.arraycopy(tmp, 0, buf, 0, tmp.length);
	}
	}
	encryptedBytes = new byte[pos];
	System.arraycopy(buf, 0, encryptedBytes, 0, pos);
	}
	return encryptedBytes;
	}



	}