io.odysz.common.AESHelper Maven / Gradle / Ivy
package io.odysz.common;
import static io.odysz.common.LangExt.eq;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.crypto.cipher.CryptoCipher;
import org.apache.commons.crypto.random.CryptoRandom;
import org.apache.commons.crypto.random.CryptoRandomFactory;
import org.apache.commons.crypto.utils.Utils;
/**Static helpers for encrypt/decipher string.
* @author ody
*/
public class AESHelper {
static Properties randomProperties = new Properties();
/**
* Deprecating static final String transform = "AES/CBC/PKCS5Padding";
* Apache Common Crypto only support PKCS#5 padding, but most js lib support PKCS#7 padding,
* This makes trouble when negotiation with those API.
* Solution: using no padding here, round the text to 16 or 32 ASCII bytes.
*/
static final String transform = "AES/CBC/NoPadding";
static CryptoCipher encipher;
static ReentrantLock lock;
static {
randomProperties.put(CryptoRandomFactory.CLASSES_KEY,
CryptoRandomFactory.RandomProvider.JAVA.getClassName());
Properties cipherProperties = new Properties();
// causing problem for different environment:
// cipherProperties.setProperty(CryptoCipherFactory.CLASSES_KEY, CipherProvider.JCE.getClassName());
try {
encipher = Utils.getCipherInstance(transform, cipherProperties);
} catch (IOException e) {
e.printStackTrace();
}
// experiment 10 Dec 2023
// solving crash happened outside the Java Virtual Machine in native code.
lock = new ReentrantLock();
}
/**TODO move to test
* @param args
*/
public static void main(String[] args) {
String s = "plain text 1";
byte[] iv = getRandom();
try {
System.out.println("iv:\t\t" + Base64.getEncoder().encodeToString(iv));
String cipher = encrypt(s, "infochange", iv);
System.out.println("cipher:\t\t" + cipher);
String plain = decrypt(cipher, "infochange", iv);
System.out.println("plain-text:\t" + plain);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* @return 16 random bytes
*/
public static byte[] getRandom() {
byte[] iv = new byte[16];
try (CryptoRandom random = CryptoRandomFactory.getCryptoRandom(randomProperties)) {
random.nextBytes(iv);
return iv;
}catch(IOException | GeneralSecurityException ex) {
ex.printStackTrace();
return null;
}
}
/**
* Decrypt then encrypt.
* @param cypher Base64
* @param decryptK plain key string
* @param decryptIv Base64
* @param encryptK plain key string
* @return [cipher-base64, new-iv-base64]
* @throws GeneralSecurityException
* @throws IOException
* @return string[b64(cipher), b64(iv)]
*/
public static String[] dencrypt(String cypher, String decryptK, String decryptIv,
String encryptK) throws GeneralSecurityException, IOException {
byte[] iv = AESHelper.decode64(decryptIv);
byte[] input = AESHelper.decode64(cypher);
byte[] dkb = getUTF8Bytes(pad16_32(decryptK)); // FIXME won't work for non ASCII
byte[] plain = decryptEx(input, dkb, iv);
byte[] eiv = getRandom();
byte[] ekb = getUTF8Bytes(pad16_32(encryptK)); // FIXME won't work for non ASCII
byte[] output = encryptEx(plain, ekb, eiv);
String b64 = Base64.getEncoder().encodeToString(output);
return new String[] {b64, AESHelper.encode64(eiv)};
}
/**
* Encrypt plain text to cipher of base 64.
*
* @param plain
* @param key
* @param iv
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
public static String encrypt(String plain, String key, byte[] iv)
throws GeneralSecurityException, IOException {
if (!plain.trim().equals(plain))
throw new GeneralSecurityException("Plain text to be encrypted can not begin or end with space.");
key = pad16_32(key);
plain = pad16_32(plain);
byte[] input = getUTF8Bytes(plain);
byte[] kb = getUTF8Bytes(key);
byte[] output = encryptEx(input, kb, iv);
String b64 = Base64.getEncoder().encodeToString(output);
return b64;
}
/**
* FIXME delete these comments by the future.
* 10 Dec 2024:
* This line causes trouble in JDK 15, Open JDK x64 - fixed by adding a lock.
*
* @param input
* @param key
* @param iv
* @return result bytes
* @throws GeneralSecurityException
* @throws IOException
*/
static byte[] encryptEx(byte[] input, byte[] key, byte[]iv) throws GeneralSecurityException, IOException {
final SecretKeySpec keyspec = new SecretKeySpec(key, "AES");
final IvParameterSpec ivspec = new IvParameterSpec(iv);
//Initializes the cipher with ENCRYPT_MODE, key and iv.
try {
lock.lock(); // can't concurrently work in Open JDK 15 for x64
encipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] output = new byte[((input.length)/16 + 2) * 16];
// int finalBytes = encipher.doFinal(input, 0, input.length, output, 0);
// above code is incorrect (not working with PKCS#7 padding),
// check Apache Common Crypto User Guide:
// https://commons.apache.org/proper/commons-crypto/userguide.html
// Usage of Byte Array Encryption/Decryption, CipherByteArrayExample.java
int updateBytes = encipher.update(input, 0, input.length, output, 0);
int finalBytes = encipher.doFinal(input, 0, 0, output, updateBytes);
output = Arrays.copyOf(output, updateBytes + finalBytes);
encipher.close();
return output;
} catch (GeneralSecurityException e) {
throw new GeneralSecurityException(e.getMessage());
}
finally {
lock.unlock();
}
}
public static String decrypt(String cypher, String key, byte[] iv)
throws GeneralSecurityException, IOException {
byte[] input = Base64.getDecoder().decode(cypher);
// FIXME should padding bytes, not string.
byte[] kb = getUTF8Bytes(pad16_32(key)); // FIXME won't work for non ASCII
byte[] output = decryptEx(input, kb, iv);
String p = setUTF8Bytes(output);
// return p.replace("-", "");
return depad16_32(p);
}
static byte[] decryptEx(byte[] input, byte[] key, byte[]iv)
throws GeneralSecurityException, IOException {
final SecretKeySpec keyspec = new SecretKeySpec(key, "AES");
final IvParameterSpec ivspec = new IvParameterSpec(iv);
try {
lock.lock(); // can't concurrently work in Open JDK 15 for x64
encipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] output = new byte[((input.length)/ 16 + 2) * 16];
int finalBytes = encipher.doFinal(input, 0, input.length, output, 0);
encipher.close();
return Arrays.copyOf(output, finalBytes);
} finally { lock.unlock(); }
}
/**
* @param s string of ASCII
* @return 16 / 32 byte string
* @throws GeneralSecurityException
*/
public static String pad16_32(String s) throws GeneralSecurityException {
int l = s.length();
if (l <= 16)
return String.format("%1$16s", s).replaceAll(" ", "-");
else if (l <= 32)
return String.format("%1$32s", s).replaceAll(" ", "-");
else
throw new GeneralSecurityException("Not supported block length(16B/32B): " + s);
}
private static String depad16_32(String s) throws GeneralSecurityException {
int l = s.length();
if (l <= 16)
return s.replaceAll("-", " ").trim();
else if (l <= 32)
return s.replaceAll("-", " ").trim();
else
throw new GeneralSecurityException("Not supported block length(16B/32B): " + s);
}
/**
* Converts String to UTF8 bytes
*
* @param input the input string
* @return UTF8 bytes
*/
private static byte[] getUTF8Bytes(String input) {
return input.getBytes(StandardCharsets.US_ASCII);
}
/**Converts UTF8 bytes to String
* @param input
* @return converted result
*/
private static String setUTF8Bytes(byte[] input) {
return new String(input, StandardCharsets.US_ASCII);
}
public static String encode64(final byte[] bytes) {
return Base64.getEncoder().encodeToString(bytes);
}
/**
* @param ifs
* @param blockSize default 3 * 1024 * 1024;
* @return
* @throws IOException
*/
public static String encode64(final InputStream ifs, int blockSize) throws IOException {
blockSize = blockSize > 0 ? blockSize : 3 * 1024 * 1024;
if ((blockSize % 12) != 0)
throw new IOException ("Block size must be multple of 12.");
byte[] chunk = new byte[blockSize];
return encode64(chunk, ifs, 0, blockSize);
}
/**
* Usage example:
* byte[] buf = new byte[n * 3];
* int index = 0;
* while (index < file_size) {
* int readlen = Math.min(buf.length, size - index);
* String str64 = encode64(buf, ifs, index, readlen);
* index += readlen;
* // consumption of str64
* ...
* }
*
* @param buf
* @param ifs file input stream
* @param start
* @param len
* @return encoded string, length 0 if read nothing.
* @throws IOException
* @throws TransException buffer length is not multiple of 3.
*/
public static String encode64(byte[] buf, final InputStream ifs, int start, int len) throws IOException {
BufferedInputStream in = new BufferedInputStream(ifs, buf.length);
Base64.Encoder encoder = Base64.getEncoder();
int readLen = in.read(buf);
if (readLen <= 0)
return null;
else if (readLen == buf.length)
return encoder.encodeToString(buf);
else // (readLen < buf.length)
return encoder.encodeToString(Arrays.copyOf(buf, readLen));
}
public static byte[] decode64(String str) {
return Base64.getDecoder().decode(str);
}
/**
* Is encrypt(plain, k, v) == cipher?
* i.e. encrypt(uid:random, k, iv) == token ? where uid:random = clientoken
*
* @return true: yes the same
* @throws Exception
*/
public static boolean verifyToken(String requestoken, String myKnowledge, String uid, String key)
throws Exception {
String[] sstoken = requestoken.split(":");
String enciphered = encrypt(pad16_32(uid + ":" + myKnowledge), key, decode64(sstoken[1]));
return eq(enciphered, sstoken[0]);
}
/**
*
* ssToken = cipher : iv, len(cipher) = 44
* plain = decrypt(cipher, key, iv)
* token = encrypt(pad(uid) : plain, key, iv2)
* return token : iv2, if cipher.length == 44, len(token : iv2) = 44 + 1 + 24 = 69
*
*
* @return token for managed session requests, token:iv2, len = 69 for ssToken.len = 69
* @throws GeneralSecurityException
* @throws IOException
*/
public static String repackSessionToken(String ssToken, String key, String uid)
throws GeneralSecurityException, IOException {
String[] ss = ssToken.split(":");
String plain = decrypt(ss[0], key, decode64(ss[1]));
byte[] iv = getRandom();
String cipher = encrypt(uid + ":" + plain, key, iv);
return cipher + ":" + encode64(iv);
}
/**
*
* iv = random(16)
* token = encrypt(random, key, iv), len(random) = 24
* return token : iv,
* where len(token) = [(24 + 15) / 16] * 16 * [4/3] = 32 * [4/3] = 44
*
*
* @param key
* @return 0: string(token : iv), 1: knowledge in base 64 (random token)
* @throws GeneralSecurityException
* @throws IOException
* @since 1.4.37
* @see AESHelperTest#testSessionToken()
*/
public static String[] packSessionKey(String key)
throws GeneralSecurityException, IOException {
byte[] iv = AESHelper.getRandom();
byte[] knows = AESHelper.getRandom();
String token = AESHelper.encode64(knows);
return new String[] {AESHelper.encrypt(token, key, iv) + ":" + AESHelper.encode64(iv), token};
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy