All Downloads are FREE. Search and download functionalities are using the official Maven repository.

net.e6tech.elements.security.vault.KeyProtected Maven / Gradle / Ivy

/*
Copyright 2015-2019 Futeh Kao

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package net.e6tech.elements.security.vault;

import net.e6tech.elements.common.util.SystemException;
import net.e6tech.elements.security.SymmetricCipher;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Properties;

import static net.e6tech.elements.security.vault.Constants.mapper;

/**
 * Created by futeh on 1/4/16.
 */
public class KeyProtected {

    public Secret seal(String alias, ClearText clear, ClearText key) throws GeneralSecurityException {
        clear.setProperty("alias", alias);
        clear.setProtectedProperty("alias", alias);

        // setup cipher
        SymmetricCipher encryption = SymmetricCipher.getInstance("AES");
        encryption.setBase64(false);
        String iv = encryption.generateIV();

        // encrypt clear's content
        String encrypted = encryption.encrypt(key.asSecretKey(), clear.getBytes(), iv);

        Secret secret = new Secret();
        secret.setProperties((Properties) clear.getProperties().clone());
        secret.setSecret(iv + "$" + encrypted + "$" + key.alias() + "$" + key.version());

        // encrypt properties
        if (clear.getProperties() != null) {
            try {
                String str = mapper.writeValueAsString(clear.getProtectedProperties());
                str = encryption.encrypt(key.asSecretKey(), str.getBytes(StandardCharsets.UTF_8), iv);
                secret.setProtectedProperties(iv + "$" + str  + "$" + key.alias() + "$" + key.version());
            } catch (Exception e) {
                throw new SystemException(e);
            }
        }
        return secret;
    }

    public ClearText unseal(Secret secret, ClearText key) throws GeneralSecurityException {
        try {
            SymmetricCipher encryption = SymmetricCipher.getInstance("AES");
            encryption.setBase64(false);
            if (secret == null)
                return null;
            String encrypted = secret.getSecret();
            String[] components = encrypted.split("\\$");
            if (components.length != 4) {
                throw new IllegalStateException("The stored secret should have been formatted as 'iv$encypted$alias$version'");
            }

            if (!components[2].equalsIgnoreCase(key.alias()))
                throw new GeneralSecurityException("Key alias mismatch");
            if (!components[3].equalsIgnoreCase(key.version()))
                throw new GeneralSecurityException("Key version mismatch");
            byte[] plain = encryption.decrypt(key.asSecretKey(), components[1], components[0]);

            ClearText ct = new ClearText();
            ct.setBytes(plain);
            ct.setProperties((Properties) secret.getProperties().clone());
            if (secret.getProtectedProperties() != null) {
                components = secret.getProtectedProperties().split("\\$");
                if (components.length != 4) {
                    throw new IllegalStateException("The protected properties should have been formatted as 'iv$encypted$alias$version");
                }

                if (!components[2].equalsIgnoreCase(key.alias()))
                    throw new GeneralSecurityException("Key alias mismatch");
                if (!components[3].equalsIgnoreCase(key.version()))
                    throw new GeneralSecurityException("Key version mismatch");

                byte[] props = encryption.decrypt(key.asSecretKey(), components[1], components[0]);

                Properties properties = mapper.readValue(new String(props, StandardCharsets.UTF_8), Properties.class);
                ct.setProtectedProperties(properties);
            }
            return ct;
        } catch (GeneralSecurityException ex) {
            throw ex;
        } catch (Exception ex) {
            throw new GeneralSecurityException(ex);
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy