org.vfdtech.implementations.EncryptDecryptUtil Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of utilities-and-generic-tools Show documentation
Show all versions of utilities-and-generic-tools Show documentation
A utilities service with generic tools implementation. Can be
plugged into your java project
package org.vfdtech.implementations;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.xml.bind.DatatypeConverter;
import nfp.ssm.core.SSMLib;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.CompressionAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.jcajce.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.vfdtech.interfaces.IEncryptDecryptUtil;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.*;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.*;
/**
* @author Muhammed.Ibrahim
*/
//@AllArgsConstructor
public class EncryptDecryptUtil implements IEncryptDecryptUtil {
private static final Logger log = LoggerFactory.getLogger(EncryptDecryptUtil.class);
private static int BUFFER_SIZE = 1 << 16;
static {
// Add Bouncy castle to JVM
if (Objects.isNull(Security.getProvider(BouncyCastleProvider.PROVIDER_NAME))) {
Security.addProvider(new BouncyCastleProvider());
}
}
ObjectMapper objectMapper;
private final String nipEncryptedPassword;
private final SSMLib ssmLib;
public EncryptDecryptUtil() {
this.nipEncryptedPassword = "";
this.ssmLib = null;
}
public EncryptDecryptUtil(String nipEncryptedPassword, String nipPublicKeyPath, String nipPrivateKeyPath) {
this.nipEncryptedPassword = nipEncryptedPassword;
this.ssmLib = new SSMLib(nipPublicKeyPath, nipPrivateKeyPath);
}
public EncryptDecryptUtil(final int bufferSize) {
BUFFER_SIZE = bufferSize;
this.nipEncryptedPassword = "";
this.ssmLib = null;
}
public static String encryptAES2CBCNoPadding(final String strToEncrypt,
final String aesKey,
final String ivKey) {
byte[] bytesIV = ivKey.getBytes();
try {
SecretKey secretKey = new SecretKeySpec(aesKey.getBytes(), "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(bytesIV);
Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);
byte[] encryptedBytes = cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8));
return DatatypeConverter.printBase64Binary(encryptedBytes);
} catch (Exception ex) {
log.error("Error while encrypting: ", ex);
}
return null;
}
public static String decryptyAES2CBCNoPadding(final String strToDecrypty,
final String aesKey,
final String ivKey) {
return "";
}
/**
* Encrypt plain String using PGP mode
*
* @param plainData The data to be encrypted
* @param pubicKeyIn The public key to be used to encrypt parsed data
* @return Return PGP encrypted data as String
* @throws PGPException for PGP related errors
* @throws IOException for IO related error
*/
@Override
public String pgpEncrypt(String plainData, InputStream pubicKeyIn) throws PGPException, IOException {
byte[] plainDataByte = plainData.getBytes();
ByteArrayInputStream inputStream = new ByteArrayInputStream(plainDataByte);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
encryptData(outputStream, inputStream, plainDataByte.length, pubicKeyIn);
return new String(outputStream.toByteArray());
}
@Override
public String pgpEncrypt(String plainData, String publicKey) throws PGPException, IOException {
return pgpEncrypt(plainData, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
}
@Override
public String pgpEncrypt(Object plainData, String publicKey) throws PGPException, IOException {
String plainDataString = objectMapper.writeValueAsString(plainData);
return pgpEncrypt(plainDataString, IOUtils.toInputStream(publicKey, Charset.defaultCharset()));
}
@Override
public String pgpDecrypt(String encryptedData, String privateKey, String keyPassCode) throws PGPException, IOException {
byte[] encryptedBytes = encryptedData.getBytes();
ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
InputStream privateKeyIn = IOUtils.toInputStream(privateKey, Charset.defaultCharset());
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
, new JcaKeyFingerprintCalculator());
decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
return new String(clearOut.toByteArray());
}
@Override
public String pgpDecrypt(String encryptedData, InputStream privateKeyIn, String keyPassCode) throws PGPException, IOException {
byte[] encryptedBytes = encryptedData.getBytes();
ByteArrayInputStream encryptedIn = new ByteArrayInputStream(encryptedBytes);
ByteArrayOutputStream clearOut = new ByteArrayOutputStream();
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateKeyIn)
, new JcaKeyFingerprintCalculator());
decryptData(encryptedIn, clearOut, pgpSecretKeyRingCollection, keyPassCode);
return new String(clearOut.toByteArray());
}
@Override
public T pgpDecrypt(String encryptedData, String privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
}
@Override
public T pgpDecrypt(String encryptedData, InputStream privateKey, String keyPassCode, Class objectModel) throws PGPException, IOException {
return objectMapper.readValue(pgpDecrypt(encryptedData, privateKey, keyPassCode), objectModel);
}
@Override
public String aesEncrypt(String plain, String secretKey) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
final byte[] encVal = cipher.doFinal(plain.getBytes());
return Base64.getEncoder().encodeToString(encVal);
}
@Override
public String aesEncrypt(String plain, String secretKey, String iv) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv.getBytes()));
final byte[] encVal = cipher.doFinal(plain.getBytes());
return Base64.getEncoder().encodeToString(encVal);
}
@Override
public String aesEncrypt(Object plain, String key) throws JsonProcessingException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
return aesEncrypt(objectMapper.writeValueAsString(plain), key);
}
@Override
public String aesDecrypt(String encrypted, String secretKey) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
final String secret = encodeKey(secretKey);
final Key key = generateKey(secret);
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, key);
return new String(cipher.doFinal(Base64.getDecoder().decode(encrypted)));
}
@Override
public T aesDecrypt(String encrypted, String secreteKey, Class objectModel) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException, JsonProcessingException {
return objectMapper.readValue(aesDecrypt(encrypted, secreteKey), objectModel);
}
private Key generateKey(final String secret) {
final byte[] decoded = Base64.getDecoder().decode(secret.getBytes());
return new SecretKeySpec(decoded, "AES");
}
private String encodeKey(final String str) {
final byte[] encoded = Base64.getEncoder().encode(str.getBytes());
return new String(encoded);
}
private void encryptData(OutputStream encryptOut, InputStream clearIn, long length, InputStream publicKeyIn)
throws IOException, PGPException {
PGPCompressedDataGenerator compressedDataGenerator =
new PGPCompressedDataGenerator(CompressionAlgorithmTags.ZIP);
PGPEncryptedDataGenerator pgpEncryptedDataGenerator = new PGPEncryptedDataGenerator(
// This bit here configures the encrypted data generator
new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_128)
.setWithIntegrityPacket(true)
.setSecureRandom(new SecureRandom())
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
);
// Adding public key
pgpEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(
getPublicKey(publicKeyIn)));
encryptOut = new ArmoredOutputStream(encryptOut);
OutputStream cipherOutStream = pgpEncryptedDataGenerator.open(encryptOut, new byte[BUFFER_SIZE]);
copyAsLiteralData(compressedDataGenerator.open(cipherOutStream), clearIn, length, BUFFER_SIZE);
// Closing all output streams in sequence
compressedDataGenerator.close();
cipherOutStream.close();
encryptOut.close();
}
/**
* Gets the public key from the key input stream
*
* @param keyInputStream the key input stream
* @return a PGPPublic key instance
* @throws IOException for IO related errors
* @throws PGPException PGPException for PGP related errors
*/
private PGPPublicKey getPublicKey(InputStream keyInputStream) throws IOException, PGPException {
PGPPublicKeyRingCollection pgpPublicKeyRings = new PGPPublicKeyRingCollection(
PGPUtil.getDecoderStream(keyInputStream), new JcaKeyFingerprintCalculator());
Iterator keyRingIterator = pgpPublicKeyRings.getKeyRings();
while (keyRingIterator.hasNext()) {
PGPPublicKeyRing pgpPublicKeyRing = keyRingIterator.next();
for (PGPPublicKey publicKey : pgpPublicKeyRing) {
if (publicKey.isEncryptionKey()) {
return publicKey;
}
}
}
throw new PGPException("Invalid public key");
}
/**
* Copies "length" amount of data from the input stream and writes it pgp literal data to the provided output stream
*
* @param outputStream the output stream to which data is to be written
* @param in the input stream from which data is to be read
* @param length the length of data to be read
* @param bufferSize the buffer size, as it uses buffer to speed up copying
* @throws IOException for IO related errors
*/
private void copyAsLiteralData(OutputStream outputStream, InputStream in, long length, int bufferSize) throws IOException {
PGPLiteralDataGenerator literalData = new PGPLiteralDataGenerator();
OutputStream pOut = literalData.open(outputStream, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE,
Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), new byte[bufferSize]);
byte[] buff = new byte[bufferSize];
try {
int len;
long totalBytesWritten = 0L;
while (totalBytesWritten <= length && (len = in.read(buff)) > 0) {
pOut.write(buff, 0, len);
totalBytesWritten += len;
}
pOut.close();
} finally {
// Clearing buffer
Arrays.fill(buff, (byte) 0);
// Closing inputstream
in.close();
}
}
/**
* @param encryptedIn the encrypted data
* @param plainData the output stream to which data is to be written
* @param keyPassCode
* @throws PGPException for PGP related errors
* @throws IOException for IO related error
*/
private void decryptData(InputStream encryptedIn, OutputStream plainData, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPassCode)
throws PGPException, IOException {
// Removing armour and returning the underlying binary encrypted stream
encryptedIn = PGPUtil.getDecoderStream(encryptedIn);
JcaPGPObjectFactory pgpObjectFactory = new JcaPGPObjectFactory(encryptedIn);
Object obj = pgpObjectFactory.nextObject();
//The first object might be a marker packet
PGPEncryptedDataList pgpEncryptedDataList = (obj instanceof PGPEncryptedDataList)
? (PGPEncryptedDataList) obj : (PGPEncryptedDataList) pgpObjectFactory.nextObject();
PGPPrivateKey pgpPrivateKey = null;
PGPPublicKeyEncryptedData publicKeyEncryptedData = null;
Iterator encryptedDataItr = pgpEncryptedDataList.getEncryptedDataObjects();
while (pgpPrivateKey == null && encryptedDataItr.hasNext()) {
publicKeyEncryptedData = (PGPPublicKeyEncryptedData) encryptedDataItr.next();
pgpPrivateKey = findSecretKey(publicKeyEncryptedData.getKeyID(), pgpSecretKeyRingCollection, keyPassCode);
}
if (Objects.isNull(publicKeyEncryptedData)) {
throw new PGPException("Could not generate PGPPublicKeyEncryptedData object");
}
if (pgpPrivateKey == null) {
throw new PGPException("Could Not Extract private key");
}
decrypt(plainData, pgpPrivateKey, publicKeyEncryptedData);
}
private PGPPrivateKey findSecretKey(long keyID, PGPSecretKeyRingCollection pgpSecretKeyRingCollection, String keyPass) throws PGPException, IOException {
final char[] passCode = keyPass.toCharArray();
PGPSecretKey pgpSecretKey = pgpSecretKeyRingCollection.getSecretKey(keyID);
return pgpSecretKey == null ? null : pgpSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passCode));
}
/**
* Decrypts the public Key encrypted data using the provided private key and writes it to the output stream
*
* @param plainData the output stream to which data is to be written
* @param pgpPrivateKey the private key instance
* @param publicKeyEncryptedData the public key encrypted data instance
* @throws IOException for IO related error
* @throws PGPException for PGP related errors
*/
private void decrypt(OutputStream plainData, PGPPrivateKey pgpPrivateKey, PGPPublicKeyEncryptedData publicKeyEncryptedData) throws IOException, PGPException {
PublicKeyDataDecryptorFactory decryptorFactory = new JcePublicKeyDataDecryptorFactoryBuilder()
.setProvider(BouncyCastleProvider.PROVIDER_NAME).build(pgpPrivateKey);
InputStream decryptedCompressedIn = publicKeyEncryptedData.getDataStream(decryptorFactory);
JcaPGPObjectFactory decCompObjFac = new JcaPGPObjectFactory(decryptedCompressedIn);
PGPCompressedData pgpCompressedData = (PGPCompressedData) decCompObjFac.nextObject();
InputStream compressedDataStream = new BufferedInputStream(pgpCompressedData.getDataStream());
JcaPGPObjectFactory pgpCompObjFac = new JcaPGPObjectFactory(compressedDataStream);
Object message = pgpCompObjFac.nextObject();
if (message instanceof PGPLiteralData) {
PGPLiteralData pgpLiteralData = (PGPLiteralData) message;
InputStream decDataStream = pgpLiteralData.getInputStream();
IOUtils.copy(decDataStream, plainData);
plainData.close();
} else if (message instanceof PGPOnePassSignatureList) {
throw new PGPException("Encrypted message contains a signed message not literal data");
} else {
throw new PGPException("Message is not a simple encrypted file - Type Unknown");
}
// Performing Integrity check
if (publicKeyEncryptedData.isIntegrityProtected() && !publicKeyEncryptedData.verify()) {
throw new PGPException("Message failed integrity check");
}
}
@Override
public String nipDecrypt(String encryptedData) {
String decryptedPassword = cipherDecrypt(this.nipEncryptedPassword);
return this.ssmLib.decryptFile(encryptedData,decryptedPassword);
}
@Override
public String nipEncrypt(String plainData) {
return this.ssmLib.encryptMessage(plainData);
}
static final char[] chars = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'p', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', '#', '$', '%', '^', '&', '(', ')', '+', '-', '*', '/', '[', ']', '{', '}', '=', '<', '>', '?', '_', '"', '.', ',', ' '};
public static String cipherEncrypt(String plainString) {
char[] plain = plainString.toCharArray();
int offset = 5;
for(int i = 0; i < plain.length; ++i) {
for(int j = 0; j < chars.length; ++j) {
if (j <= chars.length - offset) {
if (plain[i] == chars[j]) {
plain[i] = chars[j + offset];
break;
}
} else if (plain[i] == chars[j]) {
plain[i] = chars[j - (chars.length - offset + 1)];
}
}
}
return String.valueOf(plain);
}
public static String cipherDecrypt(String cipherText) {
int offset = 5;
char[] cipher = cipherText.toCharArray();
for(int i = 0; i < cipher.length; ++i) {
for(int j = 0; j < chars.length; ++j) {
if (j >= offset && cipher[i] == chars[j]) {
cipher[i] = chars[j - offset];
break;
}
if (cipher[i] == chars[j] && j < offset) {
cipher[i] = chars[chars.length - offset + 1 + j];
break;
}
}
}
return String.valueOf(cipher);
}
}