org.springframework.security.crypto.encrypt.AesBytesEncryptorCustom Maven / Gradle / Ivy
The newest version!
package org.springframework.security.crypto.encrypt;
import static org.springframework.security.crypto.encrypt.CipherUtils.doFinal;
import static org.springframework.security.crypto.encrypt.CipherUtils.initCipher;
import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
import static org.springframework.security.crypto.util.EncodingUtils.subArray;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
/**
* @see org.springframework.security.crypto.encrypt.AesBytesEncryptor
* @see javax.crypto.SecretKeyFactory#getInstance(String)
*/
public class AesBytesEncryptorCustom implements BytesEncryptor {
private final SecretKey secretKey;
private final Cipher encryptor;
private final Cipher decryptor;
private final BytesKeyGenerator ivGenerator;
private CipherAlgorithm alg;
public AesBytesEncryptorCustom(String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg, int iterationCount, int keyLength, String algorithm) {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt), iterationCount, keyLength);
SecretKey secretKey = newSecretKey(algorithm, keySpec);
this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
this.alg = alg;
this.encryptor = alg.createCipher();
this.decryptor = alg.createCipher();
this.ivGenerator = ivGenerator != null ? ivGenerator : alg.defaultIvGenerator();
}
@Override
public byte[] encrypt(byte[] bytes) {
synchronized (this.encryptor) {
byte[] iv = this.ivGenerator.generateKey();
initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
byte[] encrypted = doFinal(this.encryptor, bytes);
return this.ivGenerator != NULL_IV_GENERATOR ? concatenate(iv, encrypted) : encrypted;
}
}
@Override
public byte[] decrypt(byte[] encryptedBytes) {
synchronized (this.decryptor) {
byte[] iv = iv(encryptedBytes);
initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv));
return doFinal(this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes);
}
}
// internal helpers
private byte[] iv(byte[] encrypted) {
return this.ivGenerator != NULL_IV_GENERATOR ? subArray(encrypted, 0, this.ivGenerator.getKeyLength()) : NULL_IV_GENERATOR.generateKey();
}
private byte[] encrypted(byte[] encryptedBytes, int ivLength) {
return subArray(encryptedBytes, ivLength, encryptedBytes.length);
}
private static final BytesKeyGenerator NULL_IV_GENERATOR = new BytesKeyGenerator() {
private final byte[] VALUE = new byte[16];
@Override
public int getKeyLength() {
return this.VALUE.length;
}
@Override
public byte[] generateKey() {
return this.VALUE;
}
};
}