broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java - qpid-broker-j - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.server.security.encryption;


 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Base64;

 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;

 import org.apache.qpid.server.util.Strings;

 class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
 {
     private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
     private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
     private static final String AES_ALGORITHM = "AES";
     private final SecretKey _secretKey;
     private final SecureRandom _random = new SecureRandom();

     AESKeyFileEncrypter(SecretKey secretKey)
     {
         if(secretKey == null)
         {
             throw new NullPointerException("A non null secret key must be supplied");
         }
         if(!AES_ALGORITHM.equals(secretKey.getAlgorithm()))
         {
             throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm()
                                                 + "when" + AES_ALGORITHM + "was needed.");
         }
         _secretKey = secretKey;
     }

     @Override
     public String encrypt(final String unencrypted)
     {
         byte[] unencryptedBytes = unencrypted.getBytes(StandardCharsets.UTF_8);
         try
         {
             byte[] ivbytes = new byte[AES_INITIALIZATION_VECTOR_LENGTH];
             _random.nextBytes(ivbytes);
             Cipher cipher = Cipher.getInstance(CIPHER_NAME);
             cipher.init(Cipher.ENCRYPT_MODE, _secretKey, new IvParameterSpec(ivbytes));
             byte[] encryptedBytes = EncryptionHelper.readFromCipherStream(unencryptedBytes, cipher);
             byte[] output = new byte[AES_INITIALIZATION_VECTOR_LENGTH + encryptedBytes.length];
             System.arraycopy(ivbytes, 0, output, 0, AES_INITIALIZATION_VECTOR_LENGTH);
             System.arraycopy(encryptedBytes, 0, output, AES_INITIALIZATION_VECTOR_LENGTH, encryptedBytes.length);
             return Base64.getEncoder().encodeToString(output);
         }
         catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e)
         {
             throw new IllegalArgumentException("Unable to encrypt secret", e);
         }
     }

     @Override
     public String decrypt(final String encrypted)
     {
         if(!EncryptionHelper.isValidBase64(encrypted))
         {
             throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
         }
         byte[] encryptedBytes = Strings.decodeBase64(encrypted);
         try
         {
             Cipher cipher = Cipher.getInstance(CIPHER_NAME);

             IvParameterSpec ivParameterSpec = new IvParameterSpec(encryptedBytes, 0, AES_INITIALIZATION_VECTOR_LENGTH);

             cipher.init(Cipher.DECRYPT_MODE, _secretKey, ivParameterSpec);

             return new String(EncryptionHelper.readFromCipherStream(encryptedBytes,
                                                    AES_INITIALIZATION_VECTOR_LENGTH,
                                                    encryptedBytes.length - AES_INITIALIZATION_VECTOR_LENGTH,
                                                    cipher), StandardCharsets.UTF_8);
         }
         catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e)
         {
             throw new IllegalArgumentException("Unable to decrypt secret", e);
         }
     }


 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.server.security.encryption;


	import java.io.IOException;
	import java.nio.charset.StandardCharsets;
	import java.security.InvalidAlgorithmParameterException;
	import java.security.InvalidKeyException;
	import java.security.NoSuchAlgorithmException;
	import java.security.SecureRandom;
	import java.util.Base64;

	import javax.crypto.Cipher;
	import javax.crypto.NoSuchPaddingException;
	import javax.crypto.SecretKey;
	import javax.crypto.spec.IvParameterSpec;

	import org.apache.qpid.server.util.Strings;

	class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
	{
	private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
	private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
	private static final String AES_ALGORITHM = "AES";
	private final SecretKey _secretKey;
	private final SecureRandom _random = new SecureRandom();

	AESKeyFileEncrypter(SecretKey secretKey)
	{
	if(secretKey == null)
	{
	throw new NullPointerException("A non null secret key must be supplied");
	}
	if(!AES_ALGORITHM.equals(secretKey.getAlgorithm()))
	{
	throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm()
	+ "when" + AES_ALGORITHM + "was needed.");
	}
	_secretKey = secretKey;
	}

	@Override
	public String encrypt(final String unencrypted)
	{
	byte[] unencryptedBytes = unencrypted.getBytes(StandardCharsets.UTF_8);
	try
	{
	byte[] ivbytes = new byte[AES_INITIALIZATION_VECTOR_LENGTH];
	_random.nextBytes(ivbytes);
	Cipher cipher = Cipher.getInstance(CIPHER_NAME);
	cipher.init(Cipher.ENCRYPT_MODE, _secretKey, new IvParameterSpec(ivbytes));
	byte[] encryptedBytes = EncryptionHelper.readFromCipherStream(unencryptedBytes, cipher);
	byte[] output = new byte[AES_INITIALIZATION_VECTOR_LENGTH + encryptedBytes.length];
	System.arraycopy(ivbytes, 0, output, 0, AES_INITIALIZATION_VECTOR_LENGTH);
	System.arraycopy(encryptedBytes, 0, output, AES_INITIALIZATION_VECTOR_LENGTH, encryptedBytes.length);
	return Base64.getEncoder().encodeToString(output);
	}
	catch (IOException \| InvalidAlgorithmParameterException \| InvalidKeyException \| NoSuchAlgorithmException \| NoSuchPaddingException e)
	{
	throw new IllegalArgumentException("Unable to encrypt secret", e);
	}
	}

	@Override
	public String decrypt(final String encrypted)
	{
	if(!EncryptionHelper.isValidBase64(encrypted))
	{
	throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
	}
	byte[] encryptedBytes = Strings.decodeBase64(encrypted);
	try
	{
	Cipher cipher = Cipher.getInstance(CIPHER_NAME);

	IvParameterSpec ivParameterSpec = new IvParameterSpec(encryptedBytes, 0, AES_INITIALIZATION_VECTOR_LENGTH);

	cipher.init(Cipher.DECRYPT_MODE, _secretKey, ivParameterSpec);

	return new String(EncryptionHelper.readFromCipherStream(encryptedBytes,
	AES_INITIALIZATION_VECTOR_LENGTH,
	encryptedBytes.length - AES_INITIALIZATION_VECTOR_LENGTH,
	cipher), StandardCharsets.UTF_8);
	}
	catch (IOException \| InvalidAlgorithmParameterException \| InvalidKeyException \| NoSuchAlgorithmException \| NoSuchPaddingException e)
	{
	throw new IllegalArgumentException("Unable to decrypt secret", e);
	}
	}


	}