All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.vfdtech.implementations.EncryptDecryptUtil Maven / Gradle / Ivy

Go to download

A utilities service with generic tools implementation. Can be plugged into your java project. This is designed for Java 1.8

There is a newer version: 1.0.0
Show newest version
package org.vfdtech.implementations;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.xml.bind.DatatypeConverter;
import lombok.AllArgsConstructor;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.CompressionAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.vfdtech.interfaces.IEncryptDecryptUtil;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.Objects;

/**
 * @author Muhammed.Ibrahim
 */
@AllArgsConstructor
public class EncryptDecryptUtil implements IEncryptDecryptUtil {

    private static final Logger log = LoggerFactory.getLogger(EncryptDecryptUtil.class);
    private static int BUFFER_SIZE = 1 << 16;

    static {
        // Add Bouncy castle to JVM
        if (Objects.isNull(Security.getProvider(BouncyCastleProvider.PROVIDER_NAME))) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    ObjectMapper objectMapper;

    public EncryptDecryptUtil() {

    }

    public EncryptDecryptUtil(final int bufferSize) {
        BUFFER_SIZE = bufferSize;
    }

    public static String encryptAES2CBCNoPadding(final String strToEncrypt,
                                                  final String aesKey,
                                                  final String ivKey) {
        byte[] bytesIV = ivKey.getBytes();
        try {
            SecretKey secretKey = new SecretKeySpec(aesKey.getBytes(), "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bytesIV);
            Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);
            byte[] encryptedBytes = cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8));
            return DatatypeConverter.printBase64Binary(encryptedBytes);
        } catch (Exception ex) {
            log.error("Error while encrypting: ", ex);
        }
        return null;
    }

    public static String decryptyAES2CBCNoPadding(final String strToDecrypty,
                                                 final String aesKey,
                                                 final String ivKey) {

        return "";
    }

    /**
     * Encrypt plain String using PGP mode
     *
     * @param plainData  The data to be encrypted
     * @param pubicKeyIn The public key to be used to encrypt parsed data
     * @return Return PGP encrypted data as String
     * @throws PGPException for PGP related errors
     * @throws IOException  for IO related error
     */
    @Override
    public String pgpEncrypt(String plainData, InputStream pubicKeyIn) throws PGPException, IOException {
        byte[] plainDataByte = plainData.getBytes();
        ByteArrayInputStream inputStream = new ByteArrayInputStream(plainDataByte);
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        encryptData(outputStream, inputStream, plainDataByte.length, pubicKeyIn);
        return new String(outputStream.toByteArray());
    }

    @Override
    public String pgpEncrypt(String plainData, String publicKey) throws PGPException, IOException {
        return pgpEncrypt(plainData, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
    }

    @Override
    public String pgpEncrypt(Object plainData, String publicKey) throws PGPException, IOException {
        String plainDataString = objectMapper.writeValueAsString(plainData);
        return pgpEncrypt(plainDataString, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
    }

    @Override
    public String pgpDecrypt(String encryptedData, String privateKey, String keyPassCode) throws PGPException, IOException {
        byte[] encryptedBytes = encryptedData.getBytes();
        ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
        ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
        InputStream privateKeyIn = IOUtils.toInputStream(privateKey, Charset.defaultCharset());
        PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
                , new JcaKeyFingerprintCalculator());
        decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
        return new String(clearOut.toByteArray());
    }

    @Override
    public String pgpDecrypt(String encryptedData, InputStream privateKeyIn, String keyPassCode) throws PGPException, IOException {
        byte[] encryptedBytes = encryptedData.getBytes();
        ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
        ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
        PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
                , new JcaKeyFingerprintCalculator());
        decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
        return new String(clearOut.toByteArray());
    }

    @Override
    public  T pgpDecrypt(String encryptedData, String privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
        return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
    }

    @Override
    public  T pgpDecrypt(String encryptedData, InputStream privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
        return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
    }

    @Override
    public String aesEncrypt(String plain, String secretKey) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        final String secret = encodeKey(secretKey);
        final Key key = generateKey(secret);
        final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, key);
        final byte[] encVal = cipher.doFinal(plain.getBytes());
        return Base64.getEncoder().encodeToString(encVal);
    }

    @Override
    public String aesEncrypt(String plain, String secretKey, String iv) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        final String secret = encodeKey(secretKey);
        final Key key = generateKey(secret);
        final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv.getBytes()));
        final byte[] encVal = cipher.doFinal(plain.getBytes());
        return Base64.getEncoder().encodeToString(encVal);
    }

    @Override
    public String aesEncrypt(Object plain, String key) throws JsonProcessingException, NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        return aesEncrypt(objectMapper.writeValueAsString(plain), key);
    }

    @Override
    public String aesDecrypt(String encrypted, String secretKey) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        final String secret = encodeKey(secretKey);
        final Key key = generateKey(secret);
        final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, key);
        return new String(cipher.doFinal(Base64.getDecoder().decode(encrypted)));
    }

    @Override
    public  T aesDecrypt(String encrypted, String secreteKey, Class objectModel) throws NoSuchAlgorithmException, NoSuchPaddingException,
            InvalidKeyException, IllegalBlockSizeException, BadPaddingException, JsonProcessingException {
        return objectMapper.readValue(aesDecrypt(encrypted, secreteKey), objectModel);
    }

    private Key generateKey(final String secret) {
        final byte[] decoded = Base64.getDecoder().decode(secret.getBytes());
        return new SecretKeySpec(decoded, "AES");
    }

    private String encodeKey(final String str) {
        final byte[] encoded = Base64.getEncoder().encode(str.getBytes());
        return new String(encoded);
    }

    private void encryptData(OutputStream encryptOut, InputStream clearIn, long length, InputStream publicKeyIn)
            throws IOException, PGPException {
        PGPCompressedDataGenerator compressedDataGenerator =
                new PGPCompressedDataGenerator(CompressionAlgorithmTags.ZIP);
        PGPEncryptedDataGenerator pgpEncryptedDataGenerator = new PGPEncryptedDataGenerator(
                // This bit here configures the encrypted data generator
                new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_128)
                        .setWithIntegrityPacket(true)
                        .setSecureRandom(new SecureRandom())
                        .setProvider(BouncyCastleProvider.PROVIDER_NAME)
        );
        // Adding public key
        pgpEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(
                getPublicKey(publicKeyIn)));
        encryptOut = new ArmoredOutputStream(encryptOut);
        OutputStream cipherOutStream = pgpEncryptedDataGenerator.open(encryptOut, new byte[BUFFER_SIZE]);
        copyAsLiteralData(compressedDataGenerator.open(cipherOutStream), clearIn, length, BUFFER_SIZE);
        // Closing all output streams in sequence
        compressedDataGenerator.close();
        cipherOutStream.close();
        encryptOut.close();
    }

    /**
     * Gets the public key from the key input stream
     *
     * @param keyInputStream the key input stream
     * @return a PGPPublic key instance
     * @throws IOException  for IO related errors
     * @throws PGPException PGPException for PGP related errors
     */
    private PGPPublicKey getPublicKey(InputStream keyInputStream) throws IOException, PGPException {
        PGPPublicKeyRingCollection pgpPublicKeyRings = new PGPPublicKeyRingCollection(
                PGPUtil.getDecoderStream(keyInputStream), new JcaKeyFingerprintCalculator());
        Iterator keyRingIterator = pgpPublicKeyRings.getKeyRings();
        while (keyRingIterator.hasNext()) {
            PGPPublicKeyRing pgpPublicKeyRing = keyRingIterator.next();

            for (PGPPublicKey publicKey : pgpPublicKeyRing) {
                if (publicKey.isEncryptionKey()) {
                    return publicKey;
                }
            }
        }
        throw new PGPException("Invalid public key");
    }

    /**
     * Copies "length" amount of data from the input stream and writes it pgp literal data to the provided output stream
     *
     * @param outputStream the output stream to which data is to be written
     * @param in           the input stream from which data is to be read
     * @param length       the length of data to be read
     * @param bufferSize   the buffer size, as it uses buffer to speed up copying
     * @throws IOException for IO related errors
     */
    private void copyAsLiteralData(OutputStream outputStream, InputStream in, long length, int bufferSize) throws IOException {
        PGPLiteralDataGenerator literalData = new PGPLiteralDataGenerator();
        OutputStream pOut = literalData.open(outputStream, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE,
                Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), new byte[bufferSize]);
        byte[] buff = new byte[bufferSize];
        try {
            int len;
            long totalBytesWritten = 0L;
            while (totalBytesWritten <= length && (len = in.read(buff)) > 0) {
                pOut.write(buff, 0, len);
                totalBytesWritten += len;
            }
            pOut.close();
        } finally {
            // Clearing buffer
            Arrays.fill(buff, (byte) 0);
            // Closing inputstream
            in.close();
        }
    }

    /**
     * @param encryptedIn the encrypted data
     * @param plainData   the output stream to which data is to be written
     * @param keyPassCode
     * @throws PGPException for PGP related errors
     * @throws IOException  for IO related error
     */
    private void decryptData(InputStream encryptedIn, OutputStream plainData, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPassCode)
            throws PGPException, IOException {
        // Removing armour and returning the underlying binary encrypted stream
        encryptedIn = PGPUtil.getDecoderStream(encryptedIn);
        JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory(encryptedIn);

        Object obj = pgpObjectFactory.nextObject();
        //The first object might be a marker packet
        PGPEncryptedDataList pgpEncryptedDataList = (obj instanceof PGPEncryptedDataList)
                ? (PGPEncryptedDataList) obj : (PGPEncryptedDataList) pgpObjectFactory.nextObject();

        PGPPrivateKey pgpPrivateKey = null;
        PGPPublicKeyEncryptedData publicKeyEncryptedData = null;

        Iterator encryptedDataItr = pgpEncryptedDataList.getEncryptedDataObjects();
        while (pgpPrivateKey == null && encryptedDataItr.hasNext()) {
            publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataItr.next();
            pgpPrivateKey = findSecretKey(publicKeyEncryptedData.getKeyID(), pgpSecretKeyRingCollection, keyPassCode);
        }

        if (Objects.isNull(publicKeyEncryptedData)) {
            throw new PGPException("Could not generate PGPPublicKeyEncryptedData object");
        }

        if (pgpPrivateKey == null) {
            throw new PGPException("Could Not Extract private key");
        }
        decrypt(plainData, pgpPrivateKey, publicKeyEncryptedData);
    }

    private PGPPrivateKey findSecretKey(long keyID, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPass) throws PGPException, IOException {
        final char[] passCode = keyPass.toCharArray();
        PGPSecretKey pgpSecretKey = pgpSecretKeyRingCollection.getSecretKey(keyID);
        return pgpSecretKey == null ? null : pgpSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
                .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passCode));
    }

    /**
     * Decrypts the public Key encrypted data using the provided private key and writes it to the output stream
     *
     * @param plainData              the output stream to which data is to be written
     * @param pgpPrivateKey          the private key instance
     * @param publicKeyEncryptedData the public key encrypted data instance
     * @throws IOException  for IO related error
     * @throws PGPException for PGP related errors
     */
    private void decrypt(OutputStream plainData, PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedData publicKeyEncryptedData) throws IOException, PGPException {
        PublicKeyDataDecryptorFactory decryptorFactory = new JcePublicKeyDataDecryptorFactoryBuilder()
                .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(pgpPrivateKey);
        InputStream decryptedCompressedIn = publicKeyEncryptedData.getDataStream(decryptorFactory);

        JcaPGPObjectFactory decCompObjFac = new JcaPGPObjectFactory(decryptedCompressedIn);
        PGPCompressedData pgpCompressedData = (PGPCompressedData) decCompObjFac.nextObject();

        InputStream compressedDataStream = new BufferedInputStream(pgpCompressedData.getDataStream());
        JcaPGPObjectFactory pgpCompObjFac = new JcaPGPObjectFactory(compressedDataStream);

        Object message = pgpCompObjFac.nextObject();

        if (message instanceof PGPLiteralData) {
            PGPLiteralData pgpLiteralData = (PGPLiteralData) message;
            InputStream decDataStream = pgpLiteralData.getInputStream();
            IOUtils.copy(decDataStream, plainData);
            plainData.close();
        } else if (message instanceof PGPOnePassSignatureList) {
            throw new PGPException("Encrypted message contains a signed message not literal data");
        } else {
            throw new PGPException("Message is not a simple encrypted file - Type Unknown");
        }
        // Performing Integrity check
        if (publicKeyEncryptedData.isIntegrityProtected() && !publicKeyEncryptedData.verify()) {
            throw new PGPException("Message failed integrity check");
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy