org.vfdtech.implementations.EncryptDecryptUtil Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of utilities-and-generic-tools Show documentation
Show all versions of utilities-and-generic-tools Show documentation
A utilities service with generic tools implementation. Can be
plugged into your java project. This is designed for Java 1.8
package org.vfdtech.implementations;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.xml.bind.DatatypeConverter;
import lombok.AllArgsConstructor;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.CompressionAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.vfdtech.interfaces.IEncryptDecryptUtil;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.Objects;
/**
* @author Muhammed.Ibrahim
*/
@AllArgsConstructor
public class EncryptDecryptUtil implements IEncryptDecryptUtil {
private static final Logger log = LoggerFactory.getLogger(EncryptDecryptUtil.class);
private static int BUFFER_SIZE = 1 << 16;
static {
// Add Bouncy castle to JVM
if (Objects.isNull(Security.getProvider(BouncyCastleProvider.PROVIDER_NAME))) {
Security.addProvider(new BouncyCastleProvider());
}
}
ObjectMapper objectMapper;
public EncryptDecryptUtil() {
}
public EncryptDecryptUtil(final int bufferSize) {
BUFFER_SIZE = bufferSize;
}
public static String encryptAES2CBCNoPadding(final String strToEncrypt,
final String aesKey,
final String ivKey) {
byte[] bytesIV = ivKey.getBytes();
try {
SecretKey secretKey = new SecretKeySpec(aesKey.getBytes(), "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(bytesIV);
Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);
byte[] encryptedBytes = cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8));
return DatatypeConverter.printBase64Binary(encryptedBytes);
} catch (Exception ex) {
log.error("Error while encrypting: ", ex);
}
return null;
}
public static String decryptyAES2CBCNoPadding(final String strToDecrypty,
final String aesKey,
final String ivKey) {
return "";
}
/**
* Encrypt plain String using PGP mode
*
* @param plainData The data to be encrypted
* @param pubicKeyIn The public key to be used to encrypt parsed data
* @return Return PGP encrypted data as String
* @throws PGPException for PGP related errors
* @throws IOException for IO related error
*/
@Override
public String pgpEncrypt(String plainData, InputStream pubicKeyIn) throws PGPException, IOException {
byte[] plainDataByte = plainData.getBytes();
ByteArrayInputStream inputStream = new ByteArrayInputStream(plainDataByte);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
encryptData(outputStream, inputStream, plainDataByte.length, pubicKeyIn);
return new String(outputStream.toByteArray());
}
@Override
public String pgpEncrypt(String plainData, String publicKey) throws PGPException, IOException {
return pgpEncrypt(plainData, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
}
@Override
public String pgpEncrypt(Object plainData, String publicKey) throws PGPException, IOException {
String plainDataString = objectMapper.writeValueAsString(plainData);
return pgpEncrypt(plainDataString, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
}
@Override
public String pgpDecrypt(String encryptedData, String privateKey, String keyPassCode) throws PGPException, IOException {
byte[] encryptedBytes = encryptedData.getBytes();
ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
InputStream privateKeyIn = IOUtils.toInputStream(privateKey, Charset.defaultCharset());
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
, new JcaKeyFingerprintCalculator());
decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
return new String(clearOut.toByteArray());
}
@Override
public String pgpDecrypt(String encryptedData, InputStream privateKeyIn, String keyPassCode) throws PGPException, IOException {
byte[] encryptedBytes = encryptedData.getBytes();
ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
, new JcaKeyFingerprintCalculator());
decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
return new String(clearOut.toByteArray());
}
@Override
public T pgpDecrypt(String encryptedData, String privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
}
@Override
public T pgpDecrypt(String encryptedData, InputStream privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
}
@Override
public String aesEncrypt(String plain, String secretKey) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
final byte[] encVal = cipher.doFinal(plain.getBytes());
return Base64.getEncoder().encodeToString(encVal);
}
@Override
public String aesEncrypt(String plain, String secretKey, String iv) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv.getBytes()));
final byte[] encVal = cipher.doFinal(plain.getBytes());
return Base64.getEncoder().encodeToString(encVal);
}
@Override
public String aesEncrypt(Object plain, String key) throws JsonProcessingException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
return aesEncrypt(objectMapper.writeValueAsString(plain), key);
}
@Override
public String aesDecrypt(String encrypted, String secretKey) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, key);
return new String(cipher.doFinal(Base64.getDecoder().decode(encrypted)));
}
@Override
public T aesDecrypt(String encrypted, String secreteKey, Class objectModel) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException, JsonProcessingException {
return objectMapper.readValue(aesDecrypt(encrypted, secreteKey), objectModel);
}
private Key generateKey(final String secret) {
final byte[] decoded = Base64.getDecoder().decode(secret.getBytes());
return new SecretKeySpec(decoded, "AES");
}
private String encodeKey(final String str) {
final byte[] encoded = Base64.getEncoder().encode(str.getBytes());
return new String(encoded);
}
private void encryptData(OutputStream encryptOut, InputStream clearIn, long length, InputStream publicKeyIn)
throws IOException, PGPException {
PGPCompressedDataGenerator compressedDataGenerator =
new PGPCompressedDataGenerator(CompressionAlgorithmTags.ZIP);
PGPEncryptedDataGenerator pgpEncryptedDataGenerator = new PGPEncryptedDataGenerator(
// This bit here configures the encrypted data generator
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_128)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom())
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
);
// Adding public key
pgpEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(
getPublicKey(publicKeyIn)));
encryptOut = new ArmoredOutputStream(encryptOut);
OutputStream cipherOutStream = pgpEncryptedDataGenerator.open(encryptOut, new byte[BUFFER_SIZE]);
copyAsLiteralData(compressedDataGenerator.open(cipherOutStream), clearIn, length, BUFFER_SIZE);
// Closing all output streams in sequence
compressedDataGenerator.close();
cipherOutStream.close();
encryptOut.close();
}
/**
* Gets the public key from the key input stream
*
* @param keyInputStream the key input stream
* @return a PGPPublic key instance
* @throws IOException for IO related errors
* @throws PGPException PGPException for PGP related errors
*/
private PGPPublicKey getPublicKey(InputStream keyInputStream) throws IOException, PGPException {
PGPPublicKeyRingCollection pgpPublicKeyRings = new PGPPublicKeyRingCollection(
PGPUtil.getDecoderStream(keyInputStream), new JcaKeyFingerprintCalculator());
Iterator keyRingIterator = pgpPublicKeyRings.getKeyRings();
while (keyRingIterator.hasNext()) {
PGPPublicKeyRing pgpPublicKeyRing = keyRingIterator.next();
for (PGPPublicKey publicKey : pgpPublicKeyRing) {
if (publicKey.isEncryptionKey()) {
return publicKey;
}
}
}
throw new PGPException("Invalid public key");
}
/**
* Copies "length" amount of data from the input stream and writes it pgp literal data to the provided output stream
*
* @param outputStream the output stream to which data is to be written
* @param in the input stream from which data is to be read
* @param length the length of data to be read
* @param bufferSize the buffer size, as it uses buffer to speed up copying
* @throws IOException for IO related errors
*/
private void copyAsLiteralData(OutputStream outputStream, InputStream in, long length, int bufferSize) throws IOException {
PGPLiteralDataGenerator literalData = new PGPLiteralDataGenerator();
OutputStream pOut = literalData.open(outputStream, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE,
Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), new byte[bufferSize]);
byte[] buff = new byte[bufferSize];
try {
int len;
long totalBytesWritten = 0L;
while (totalBytesWritten <= length && (len = in.read(buff)) > 0) {
pOut.write(buff, 0, len);
totalBytesWritten += len;
}
pOut.close();
} finally {
// Clearing buffer
Arrays.fill(buff, (byte) 0);
// Closing inputstream
in.close();
}
}
/**
* @param encryptedIn the encrypted data
* @param plainData the output stream to which data is to be written
* @param keyPassCode
* @throws PGPException for PGP related errors
* @throws IOException for IO related error
*/
private void decryptData(InputStream encryptedIn, OutputStream plainData, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPassCode)
throws PGPException, IOException {
// Removing armour and returning the underlying binary encrypted stream
encryptedIn = PGPUtil.getDecoderStream(encryptedIn);
JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory(encryptedIn);
Object obj = pgpObjectFactory.nextObject();
//The first object might be a marker packet
PGPEncryptedDataList pgpEncryptedDataList = (obj instanceof PGPEncryptedDataList)
? (PGPEncryptedDataList) obj : (PGPEncryptedDataList) pgpObjectFactory.nextObject();
PGPPrivateKey pgpPrivateKey = null;
PGPPublicKeyEncryptedData publicKeyEncryptedData = null;
Iterator encryptedDataItr = pgpEncryptedDataList.getEncryptedDataObjects();
while (pgpPrivateKey == null && encryptedDataItr.hasNext()) {
publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataItr.next();
pgpPrivateKey = findSecretKey(publicKeyEncryptedData.getKeyID(), pgpSecretKeyRingCollection, keyPassCode);
}
if (Objects.isNull(publicKeyEncryptedData)) {
throw new PGPException("Could not generate PGPPublicKeyEncryptedData object");
}
if (pgpPrivateKey == null) {
throw new PGPException("Could Not Extract private key");
}
decrypt(plainData, pgpPrivateKey, publicKeyEncryptedData);
}
private PGPPrivateKey findSecretKey(long keyID, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPass) throws PGPException, IOException {
final char[] passCode = keyPass.toCharArray();
PGPSecretKey pgpSecretKey = pgpSecretKeyRingCollection.getSecretKey(keyID);
return pgpSecretKey == null ? null : pgpSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passCode));
}
/**
* Decrypts the public Key encrypted data using the provided private key and writes it to the output stream
*
* @param plainData the output stream to which data is to be written
* @param pgpPrivateKey the private key instance
* @param publicKeyEncryptedData the public key encrypted data instance
* @throws IOException for IO related error
* @throws PGPException for PGP related errors
*/
private void decrypt(OutputStream plainData, PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedData publicKeyEncryptedData) throws IOException, PGPException {
PublicKeyDataDecryptorFactory decryptorFactory = new JcePublicKeyDataDecryptorFactoryBuilder()
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(pgpPrivateKey);
InputStream decryptedCompressedIn = publicKeyEncryptedData.getDataStream(decryptorFactory);
JcaPGPObjectFactory decCompObjFac = new JcaPGPObjectFactory(decryptedCompressedIn);
PGPCompressedData pgpCompressedData = (PGPCompressedData) decCompObjFac.nextObject();
InputStream compressedDataStream = new BufferedInputStream(pgpCompressedData.getDataStream());
JcaPGPObjectFactory pgpCompObjFac = new JcaPGPObjectFactory(compressedDataStream);
Object message = pgpCompObjFac.nextObject();
if (message instanceof PGPLiteralData) {
PGPLiteralData pgpLiteralData = (PGPLiteralData) message;
InputStream decDataStream = pgpLiteralData.getInputStream();
IOUtils.copy(decDataStream, plainData);
plainData.close();
} else if (message instanceof PGPOnePassSignatureList) {
throw new PGPException("Encrypted message contains a signed message not literal data");
} else {
throw new PGPException("Message is not a simple encrypted file - Type Unknown");
}
// Performing Integrity check
if (publicKeyEncryptedData.isIntegrityProtected() && !publicKeyEncryptedData.verify()) {
throw new PGPException("Message failed integrity check");
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy