All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.synapse.securevault.BaseCipher Maven / Gradle / Ivy

There is a newer version: 3.0.2
Show newest version
/*
*  Licensed to the Apache Software Foundation (ASF) under one
*  or more contributor license agreements.  See the NOTICE file
*  distributed with this work for additional information
*  regarding copyright ownership.  The ASF licenses this file
*  to you under the Apache License, Version 2.0 (the
*  "License"); you may not use this file except in compliance
*  with the License.  You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
*  Unless required by applicable law or agreed to in writing,
*  software distributed under the License is distributed on an
*   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
*  KIND, either express or implied.  See the License for the
*  specific language governing permissions and limitations
*  under the License.
*/
package org.apache.synapse.securevault;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.securevault.definition.CipherInformation;
import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation;
import org.apache.synapse.securevault.definition.KeyStoreInformation;
import org.apache.synapse.securevault.definition.TrustKeyStoreInformation;
import org.apache.synapse.securevault.keystore.IdentityKeyStoreWrapper;
import org.apache.synapse.securevault.keystore.KeyStoreWrapper;
import org.apache.synapse.securevault.keystore.TrustKeyStoreWrapper;
import org.apache.synapse.securevault.secret.SecretInformation;

import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

/**
 * Wraps the cipher and expose abstraction need for synapse ciphering
 */
public abstract class BaseCipher implements EncryptionProvider, DecryptionProvider {

    private CipherInformation cipherInformation;
    private KeyStoreInformation keystoreInformation;
    private static Log log = LogFactory.getLog(BaseCipher.class);
    /* Underlying cipher instance*/
    private Cipher cipher;
    protected KeyStoreWrapper keyStoreWrapper;
    private Key key;

    protected BaseCipher(CipherInformation cipherInformation,
                         KeyStoreInformation keystoreInformation) {
        this.cipherInformation = cipherInformation;
        this.keystoreInformation = keystoreInformation;
        if (keystoreInformation instanceof TrustKeyStoreInformation) {
            keyStoreWrapper = new TrustKeyStoreWrapper();
            ((TrustKeyStoreWrapper) keyStoreWrapper).init(
                    (TrustKeyStoreInformation) keystoreInformation);
        } else {
            keyStoreWrapper = new IdentityKeyStoreWrapper();
            IdentityKeyStoreInformation identityKeyStore =
                    (IdentityKeyStoreInformation) keystoreInformation;

            SecretInformation secretInformation = identityKeyStore.getKeyPasswordProvider();
            if (secretInformation != null) { //TODO validate
                ((IdentityKeyStoreWrapper) keyStoreWrapper).init(identityKeyStore,
                        secretInformation.getResolvedSecret());
            }
        }
        init();
    }

    protected BaseCipher(CipherInformation cipherInformation,
                         KeyStoreWrapper keyStoreWrapper) {
        this.keyStoreWrapper = keyStoreWrapper;
        this.cipherInformation = cipherInformation;
        init();
    }

    protected BaseCipher(CipherInformation cipherInformation, Key key) {
        this.key = key;
        this.cipherInformation = cipherInformation;
        init();
    }

    private void init() {

        String algorithm = cipherInformation.getAlgorithm();
        CipherOperationMode opMode = cipherInformation.getCipherOperationMode();
        if (key == null) {
            key = getKey(opMode);
        }
        if (log.isDebugEnabled()) {
            log.debug("Initializing cipher with algorithm " +
                    "'" + algorithm + "' in mode '" + opMode + "'");
        }
        try {
            String provider = cipherInformation.getProvider();
            if (provider != null && !"".equals(provider)) {
                try {
                    cipher = Cipher.getInstance(algorithm, provider.trim());
                } catch (NoSuchProviderException e) {
                    throw new SecureVaultException("Invalid Provider : " + provider, log);
                }
            } else {
                cipher = Cipher.getInstance(algorithm);
            }
            if (opMode == CipherOperationMode.ENCRYPT) {
                cipher.init(Cipher.ENCRYPT_MODE, key);
            } else if (opMode == CipherOperationMode.DECRYPT) {
                cipher.init(Cipher.DECRYPT_MODE, key);
            } else {
                throw new SecureVaultException("Invalid mode : " + opMode, log);
            }

        } catch (NoSuchAlgorithmException e) {
            throw new SecureVaultException("There is no algorithm support for " +
                    "'" + algorithm + "' in the operation mode '" + opMode + "'" + e, log);
        } catch (NoSuchPaddingException e) {
            throw new SecureVaultException("There is no padding scheme  for " +
                    "'" + algorithm + "' in the operation mode '" + opMode + "'" + e, log);
        } catch (InvalidKeyException e) {
            throw new SecureVaultException("Invalid key ", e, log);
        }
    }

    public CipherInformation getCipherInformation() {
        return cipherInformation;
    }

    public KeyStoreInformation getKeyStoreInformation() {
        return keystoreInformation;
    }

    /**
     * Returns the correct key for correct operation
     *
     * @param operationMode Ciper operation
     * @return A key
     */
    public abstract Key getKey(CipherOperationMode operationMode);

    /**
     * Do cryptographic operation
     *
     * @param inputStream Input Stream
     * @return result
     */
    private byte[] doCipherOperation(byte[] inputStream) {

        InputStream sourceStream = new ByteArrayInputStream(inputStream);
        if (cipherInformation.getInType() != null) {
            try {
                sourceStream = EncodingHelper.decode(
                        sourceStream, cipherInformation.getInType());
            } catch (IOException e) {
                throw new SecureVaultException("IOError when decoding the input " +
                        "stream for cipher ", e, log);
            }
        }

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        CipherOutputStream out = new CipherOutputStream(baos, cipher);

        byte[] buffer = new byte[64];
        int length;
        try {
            while ((length = sourceStream.read(buffer)) != -1) {
                out.write(buffer, 0, length);
            }
        } catch (IOException e) {
            throw new SecureVaultException("IOError when reading the input" +
                    " stream for cipher ", e, log);
        } finally {
            try {
                sourceStream.close();
                out.flush();
                out.close();
            } catch (IOException ignored) {
                // ignore exception
            }
        }

        if (cipherInformation.getOutType() != null) {
            return EncodingHelper.encode(baos, cipherInformation.getOutType());
        } else {
            return baos.toByteArray();
        }
    }

    public byte[] encrypt(byte[] plainText) {
        return doCipherOperation(plainText);
    }

    public byte[] decrypt(byte[] cipherText) {
        return doCipherOperation(cipherText);
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy