X-Git-Url: http://git.nikiroo.be/?a=blobdiff_plain;ds=sidebyside;f=src%2Fbe%2Fnikiroo%2Futils%2FCryptUtils.java;fp=src%2Fbe%2Fnikiroo%2Futils%2FCryptUtils.java;h=638f82f298a27b6d87db29ae5324f904ccff08eb;hb=d46b7b96f94e88a776bcd2dfd756549ffb300cc9;hp=0000000000000000000000000000000000000000;hpb=c9994f27667bc421bcd448d39e55774fddf5c431;p=fanfix.git diff --git a/src/be/nikiroo/utils/CryptUtils.java b/src/be/nikiroo/utils/CryptUtils.java new file mode 100644 index 0000000..638f82f --- /dev/null +++ b/src/be/nikiroo/utils/CryptUtils.java @@ -0,0 +1,441 @@ +package be.nikiroo.utils; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.UnsupportedEncodingException; +import java.security.InvalidKeyException; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import javax.net.ssl.SSLException; + +import be.nikiroo.utils.streams.Base64InputStream; +import be.nikiroo.utils.streams.Base64OutputStream; + +/** + * Small utility class to do AES encryption/decryption. + *

+ * It is multi-thread compatible, but beware: + *

+ *

+ * Do not assume it is secure; it just here to offer a more-or-less protected + * exchange of data because anonymous and self-signed certificates backed SSL is + * against Google wishes, and I need Android support. + * + * @author niki + */ +public class CryptUtils { + static private final String AES_NAME = "AES/CFB128/NoPadding"; + + private Cipher ecipher; + private Cipher dcipher; + private byte[] bytes32; + + /** + * Small and lazy-easy way to initialize a 128 bits key with + * {@link CryptUtils}. + *

+ * Some part of the key will be used to generate a 128 bits key and + * initialize the {@link CryptUtils}; even NULL will generate something. + *

+ * This is most probably not secure. Do not use if you actually care + * about security. + * + * @param key + * the {@link String} to use as a base for the key, can be NULL + */ + public CryptUtils(String key) { + try { + init(key2key(key)); + } catch (InvalidKeyException e) { + // We made sure that the key is correct, so nothing here + e.printStackTrace(); + } + } + + /** + * Create a new instance of {@link CryptUtils} with the given 128 bits key. + *

+ * The key must be exactly 128 bits long. + * + * @param bytes32 + * the 128 bits (32 bytes) of the key + * + * @throws InvalidKeyException + * if the key is not an array of 128 bits + */ + public CryptUtils(byte[] bytes32) throws InvalidKeyException { + init(bytes32); + } + + /** + * Wrap the given {@link InputStream} so it is transparently encrypted by + * the current {@link CryptUtils}. + * + * @param in + * the {@link InputStream} to wrap + * @return the auto-encode {@link InputStream} + */ + public InputStream encrypt(InputStream in) { + Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); + return new CipherInputStream(in, ecipher); + } + + /** + * Wrap the given {@link InputStream} so it is transparently encrypted by + * the current {@link CryptUtils} and encoded in base64. + * + * @param in + * the {@link InputStream} to wrap + * + * @return the auto-encode {@link InputStream} + * + * @throws IOException + * in case of I/O error + */ + public InputStream encrypt64(InputStream in) throws IOException { + return new Base64InputStream(encrypt(in), true); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently encrypted by + * the current {@link CryptUtils}. + * + * @param out + * the {@link OutputStream} to wrap + * + * @return the auto-encode {@link OutputStream} + */ + public OutputStream encrypt(OutputStream out) { + Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); + return new CipherOutputStream(out, ecipher); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently encrypted by + * the current {@link CryptUtils} and encoded in base64. + * + * @param out + * the {@link OutputStream} to wrap + * + * @return the auto-encode {@link OutputStream} + * + * @throws IOException + * in case of I/O error + */ + public OutputStream encrypt64(OutputStream out) throws IOException { + return encrypt(new Base64OutputStream(out, true)); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils}. + * + * @param in + * the {@link InputStream} to wrap + * + * @return the auto-decode {@link InputStream} + */ + public InputStream decrypt(InputStream in) { + Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); + return new CipherInputStream(in, dcipher); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils} and decoded from base64. + * + * @param in + * the {@link InputStream} to wrap + * + * @return the auto-decode {@link InputStream} + * + * @throws IOException + * in case of I/O error + */ + public InputStream decrypt64(InputStream in) throws IOException { + return decrypt(new Base64InputStream(in, false)); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils}. + * + * @param out + * the {@link OutputStream} to wrap + * @return the auto-decode {@link OutputStream} + */ + public OutputStream decrypt(OutputStream out) { + Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); + return new CipherOutputStream(out, dcipher); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils} and decoded from base64. + * + * @param out + * the {@link OutputStream} to wrap + * + * @return the auto-decode {@link OutputStream} + * + * @throws IOException + * in case of I/O error + */ + public OutputStream decrypt64(OutputStream out) throws IOException { + return new Base64OutputStream(decrypt(out), false); + } + + /** + * This method required an array of 128 bits. + * + * @param bytes32 + * the array, which must be of 128 bits (32 bytes) + * + * @throws InvalidKeyException + * if the key is not an array of 128 bits (32 bytes) + */ + private void init(byte[] bytes32) throws InvalidKeyException { + if (bytes32 == null || bytes32.length != 32) { + throw new InvalidKeyException( + "The size of the key must be of 128 bits (32 bytes), it is: " + + (bytes32 == null ? "null" : "" + bytes32.length) + + " bytes"); + } + + this.bytes32 = bytes32; + this.ecipher = newCipher(Cipher.ENCRYPT_MODE); + this.dcipher = newCipher(Cipher.DECRYPT_MODE); + } + + /** + * Create a new {@link Cipher}of the given mode (see + * {@link Cipher#ENCRYPT_MODE} and {@link Cipher#ENCRYPT_MODE}). + * + * @param mode + * the mode ({@link Cipher#ENCRYPT_MODE} or + * {@link Cipher#ENCRYPT_MODE}) + * + * @return the new {@link Cipher} + */ + private Cipher newCipher(int mode) { + try { + // bytes32 = 32 bytes, 32 > 16 + byte[] iv = new byte[16]; + for (int i = 0; i < iv.length; i++) { + iv[i] = bytes32[i]; + } + IvParameterSpec ivspec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance(AES_NAME); + cipher.init(mode, new SecretKeySpec(bytes32, "AES"), ivspec); + return cipher; + } catch (Exception e) { + e.printStackTrace(); + throw new RuntimeException( + "Cannot initialize encryption sub-system", e); + } + } + + /** + * Encrypt the data. + * + * @param data + * the data to encrypt + * + * @return the encrypted data + * + * @throws SSLException + * in case of I/O error (i.e., the data is not what you assumed + * it was) + */ + public byte[] encrypt(byte[] data) throws SSLException { + synchronized (ecipher) { + try { + return ecipher.doFinal(data); + } catch (IllegalBlockSizeException e) { + throw new SSLException(e); + } catch (BadPaddingException e) { + throw new SSLException(e); + } + } + } + + /** + * Encrypt the data. + * + * @param data + * the data to encrypt + * + * @return the encrypted data + * + * @throws SSLException + * in case of I/O error (i.e., the data is not what you assumed + * it was) + */ + public byte[] encrypt(String data) throws SSLException { + return encrypt(StringUtils.getBytes(data)); + } + + /** + * Encrypt the data, then encode it into Base64. + * + * @param data + * the data to encrypt + * @param zip + * TRUE to also compress the data in GZIP format; remember that + * compressed and not-compressed content are different; you need + * to know which is which when decoding + * + * @return the encrypted data, encoded in Base64 + * + * @throws SSLException + * in case of I/O error (i.e., the data is not what you assumed + * it was) + */ + public String encrypt64(String data) throws SSLException { + return encrypt64(StringUtils.getBytes(data)); + } + + /** + * Encrypt the data, then encode it into Base64. + * + * @param data + * the data to encrypt + * + * @return the encrypted data, encoded in Base64 + * + * @throws SSLException + * in case of I/O error (i.e., the data is not what you assumed + * it was) + */ + public String encrypt64(byte[] data) throws SSLException { + try { + return StringUtils.base64(encrypt(data)); + } catch (IOException e) { + // not exactly true, but we consider here that this error is a crypt + // error, not a normal I/O error + throw new SSLException(e); + } + } + + /** + * Decode the data which is assumed to be encrypted with the same utilities. + * + * @param data + * the encrypted data to decode + * + * @return the original, decoded data + * + * @throws SSLException + * in case of I/O error + */ + public byte[] decrypt(byte[] data) throws SSLException { + synchronized (dcipher) { + try { + return dcipher.doFinal(data); + } catch (IllegalBlockSizeException e) { + throw new SSLException(e); + } catch (BadPaddingException e) { + throw new SSLException(e); + } + } + } + + /** + * Decode the data which is assumed to be encrypted with the same utilities + * and to be a {@link String}. + * + * @param data + * the encrypted data to decode + * + * @return the original, decoded data,as a {@link String} + * + * @throws SSLException + * in case of I/O error + */ + public String decrypts(byte[] data) throws SSLException { + try { + return new String(decrypt(data), "UTF-8"); + } catch (UnsupportedEncodingException e) { + // UTF-8 is required in all conform JVMs + e.printStackTrace(); + return null; + } + } + + /** + * Decode the data which is assumed to be encrypted with the same utilities + * and is a Base64 encoded value. + * + * @param data + * the encrypted data to decode in Base64 format + * @param zip + * TRUE to also uncompress the data from a GZIP format + * automatically; if set to FALSE, zipped data can be returned + * + * @return the original, decoded data + * + * @throws SSLException + * in case of I/O error + */ + public byte[] decrypt64(String data) throws SSLException { + try { + return decrypt(StringUtils.unbase64(data)); + } catch (IOException e) { + // not exactly true, but we consider here that this error is a crypt + // error, not a normal I/O error + throw new SSLException(e); + } + } + + /** + * Decode the data which is assumed to be encrypted with the same utilities + * and is a Base64 encoded value, then convert it into a String (this method + * assumes the data was indeed a UTF-8 encoded {@link String}). + * + * @param data + * the encrypted data to decode in Base64 format + * @param zip + * TRUE to also uncompress the data from a GZIP format + * automatically; if set to FALSE, zipped data can be returned + * + * @return the original, decoded data + * + * @throws SSLException + * in case of I/O error + */ + public String decrypt64s(String data) throws SSLException { + try { + return new String(decrypt(StringUtils.unbase64(data)), "UTF-8"); + } catch (UnsupportedEncodingException e) { + // UTF-8 is required in all conform JVMs + e.printStackTrace(); + return null; + } catch (IOException e) { + // not exactly true, but we consider here that this error is a crypt + // error, not a normal I/O error + throw new SSLException(e); + } + } + + /** + * This is probably NOT secure! + * + * @param input + * some {@link String} input + * + * @return a 128 bits key computed from the given input + */ + static private byte[] key2key(String input) { + return StringUtils.getMd5Hash("" + input).getBytes(); + } +}