X-Git-Url: http://git.nikiroo.be/?a=blobdiff_plain;f=src%2Fbe%2Fnikiroo%2Futils%2FCryptUtils.java;h=638f82f298a27b6d87db29ae5324f904ccff08eb;hb=8c227da67c11370980154c61861bcfb9c73881c5;hp=d5413d7c392f6856405b3b25e0fcab989ff4de68;hpb=9fb03c36d7d48a3009e3a83b6cd14fe2a8eea1ad;p=fanfix.git

diff --git a/src/be/nikiroo/utils/CryptUtils.java b/src/be/nikiroo/utils/CryptUtils.java
index d5413d7..638f82f 100644
--- a/src/be/nikiroo/utils/CryptUtils.java
+++ b/src/be/nikiroo/utils/CryptUtils.java
@@ -1,31 +1,48 @@
 package be.nikiroo.utils;
 
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import javax.net.ssl.SSLException;
 
+import be.nikiroo.utils.streams.Base64InputStream;
+import be.nikiroo.utils.streams.Base64OutputStream;
+
 /**
  * Small utility class to do AES encryption/decryption.
  * <p>
- * Do not assume it is actually secure until you checked the code...
+ * It is multi-thread compatible, but beware:
+ * <ul>
+ * <li>The encrypt/decrypt calls are serialized</li>
+ * <li>The streams are independent (and thus parallel)</li>
+ * </ul>
+ * <p>
+ * Do not assume it is secure; it just here to offer a more-or-less protected
+ * exchange of data because anonymous and self-signed certificates backed SSL is
+ * against Google wishes, and I need Android support.
  * 
  * @author niki
  */
 public class CryptUtils {
+	static private final String AES_NAME = "AES/CFB128/NoPadding";
+
 	private Cipher ecipher;
 	private Cipher dcipher;
+	private byte[] bytes32;
 
 	/**
-	 * Small and leazy way to initialize a 128 bits key with {@link CryptUtils}.
+	 * Small and lazy-easy way to initialize a 128 bits key with
+	 * {@link CryptUtils}.
 	 * <p>
 	 * <b>Some</b> part of the key will be used to generate a 128 bits key and
 	 * initialize the {@link CryptUtils}; even NULL will generate something.
@@ -46,22 +63,140 @@ public class CryptUtils {
 	}
 
 	/**
-	 * Create a new instance of {@link CryptUtils} with the given 128 bytes key.
+	 * Create a new instance of {@link CryptUtils} with the given 128 bits key.
 	 * <p>
-	 * The key <b>must</b> be exactly 128 bytes long.
+	 * The key <b>must</b> be exactly 128 bits long.
 	 * 
 	 * @param bytes32
 	 *            the 128 bits (32 bytes) of the key
 	 * 
 	 * @throws InvalidKeyException
-	 *             if the key is not an array of 128 bytes
+	 *             if the key is not an array of 128 bits
 	 */
 	public CryptUtils(byte[] bytes32) throws InvalidKeyException {
 		init(bytes32);
 	}
 
 	/**
-	 * This method required an array of 128 bytes.
+	 * Wrap the given {@link InputStream} so it is transparently encrypted by
+	 * the current {@link CryptUtils}.
+	 * 
+	 * @param in
+	 *            the {@link InputStream} to wrap
+	 * @return the auto-encode {@link InputStream}
+	 */
+	public InputStream encrypt(InputStream in) {
+		Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE);
+		return new CipherInputStream(in, ecipher);
+	}
+
+	/**
+	 * Wrap the given {@link InputStream} so it is transparently encrypted by
+	 * the current {@link CryptUtils} and encoded in base64.
+	 * 
+	 * @param in
+	 *            the {@link InputStream} to wrap
+	 * 
+	 * @return the auto-encode {@link InputStream}
+	 * 
+	 * @throws IOException
+	 *             in case of I/O error
+	 */
+	public InputStream encrypt64(InputStream in) throws IOException {
+		return new Base64InputStream(encrypt(in), true);
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently encrypted by
+	 * the current {@link CryptUtils}.
+	 * 
+	 * @param out
+	 *            the {@link OutputStream} to wrap
+	 * 
+	 * @return the auto-encode {@link OutputStream}
+	 */
+	public OutputStream encrypt(OutputStream out) {
+		Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE);
+		return new CipherOutputStream(out, ecipher);
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently encrypted by
+	 * the current {@link CryptUtils} and encoded in base64.
+	 * 
+	 * @param out
+	 *            the {@link OutputStream} to wrap
+	 * 
+	 * @return the auto-encode {@link OutputStream}
+	 * 
+	 * @throws IOException
+	 *             in case of I/O error
+	 */
+	public OutputStream encrypt64(OutputStream out) throws IOException {
+		return encrypt(new Base64OutputStream(out, true));
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently decoded by the
+	 * current {@link CryptUtils}.
+	 * 
+	 * @param in
+	 *            the {@link InputStream} to wrap
+	 * 
+	 * @return the auto-decode {@link InputStream}
+	 */
+	public InputStream decrypt(InputStream in) {
+		Cipher dcipher = newCipher(Cipher.DECRYPT_MODE);
+		return new CipherInputStream(in, dcipher);
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently decoded by the
+	 * current {@link CryptUtils} and decoded from base64.
+	 * 
+	 * @param in
+	 *            the {@link InputStream} to wrap
+	 * 
+	 * @return the auto-decode {@link InputStream}
+	 * 
+	 * @throws IOException
+	 *             in case of I/O error
+	 */
+	public InputStream decrypt64(InputStream in) throws IOException {
+		return decrypt(new Base64InputStream(in, false));
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently decoded by the
+	 * current {@link CryptUtils}.
+	 * 
+	 * @param out
+	 *            the {@link OutputStream} to wrap
+	 * @return the auto-decode {@link OutputStream}
+	 */
+	public OutputStream decrypt(OutputStream out) {
+		Cipher dcipher = newCipher(Cipher.DECRYPT_MODE);
+		return new CipherOutputStream(out, dcipher);
+	}
+
+	/**
+	 * Wrap the given {@link OutputStream} so it is transparently decoded by the
+	 * current {@link CryptUtils} and decoded from base64.
+	 * 
+	 * @param out
+	 *            the {@link OutputStream} to wrap
+	 * 
+	 * @return the auto-decode {@link OutputStream}
+	 * 
+	 * @throws IOException
+	 *             in case of I/O error
+	 */
+	public OutputStream decrypt64(OutputStream out) throws IOException {
+		return new Base64OutputStream(decrypt(out), false);
+	}
+
+	/**
+	 * This method required an array of 128 bits.
 	 * 
 	 * @param bytes32
 	 *            the array, which <b>must</b> be of 128 bits (32 bytes)
@@ -77,24 +212,36 @@ public class CryptUtils {
 							+ " bytes");
 		}
 
-		SecretKey key = new SecretKeySpec(bytes32, "AES");
+		this.bytes32 = bytes32;
+		this.ecipher = newCipher(Cipher.ENCRYPT_MODE);
+		this.dcipher = newCipher(Cipher.DECRYPT_MODE);
+	}
+
+	/**
+	 * Create a new {@link Cipher}of the given mode (see
+	 * {@link Cipher#ENCRYPT_MODE} and {@link Cipher#ENCRYPT_MODE}).
+	 * 
+	 * @param mode
+	 *            the mode ({@link Cipher#ENCRYPT_MODE} or
+	 *            {@link Cipher#ENCRYPT_MODE})
+	 * 
+	 * @return the new {@link Cipher}
+	 */
+	private Cipher newCipher(int mode) {
 		try {
-			ecipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
-			dcipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
-			ecipher.init(Cipher.ENCRYPT_MODE, key);
-			dcipher.init(Cipher.DECRYPT_MODE, key);
-		} catch (NoSuchAlgorithmException e) {
-			// Every implementation of the Java platform is required to support
-			// this standard Cipher transformation with 128 bits keys
-			e.printStackTrace();
-		} catch (NoSuchPaddingException e) {
-			// Every implementation of the Java platform is required to support
-			// this standard Cipher transformation with 128 bits keys
-			e.printStackTrace();
-		} catch (InvalidKeyException e) {
-			// Every implementation of the Java platform is required to support
-			// this standard Cipher transformation with 128 bits keys
+			// bytes32 = 32 bytes, 32 > 16
+			byte[] iv = new byte[16];
+			for (int i = 0; i < iv.length; i++) {
+				iv[i] = bytes32[i];
+			}
+			IvParameterSpec ivspec = new IvParameterSpec(iv);
+			Cipher cipher = Cipher.getInstance(AES_NAME);
+			cipher.init(mode, new SecretKeySpec(bytes32, "AES"), ivspec);
+			return cipher;
+		} catch (Exception e) {
 			e.printStackTrace();
+			throw new RuntimeException(
+					"Cannot initialize encryption sub-system", e);
 		}
 	}
 
@@ -111,12 +258,14 @@ public class CryptUtils {
 	 *             it was)
 	 */
 	public byte[] encrypt(byte[] data) throws SSLException {
-		try {
-			return ecipher.doFinal(data);
-		} catch (IllegalBlockSizeException e) {
-			throw new SSLException(e);
-		} catch (BadPaddingException e) {
-			throw new SSLException(e);
+		synchronized (ecipher) {
+			try {
+				return ecipher.doFinal(data);
+			} catch (IllegalBlockSizeException e) {
+				throw new SSLException(e);
+			} catch (BadPaddingException e) {
+				throw new SSLException(e);
+			}
 		}
 	}
 
@@ -133,13 +282,7 @@ public class CryptUtils {
 	 *             it was)
 	 */
 	public byte[] encrypt(String data) throws SSLException {
-		try {
-			return encrypt(data.getBytes("UTF8"));
-		} catch (UnsupportedEncodingException e) {
-			// UTF-8 is required in all confirm JVMs
-			e.printStackTrace();
-			return null;
-		}
+		return encrypt(StringUtils.getBytes(data));
 	}
 
 	/**
@@ -158,14 +301,8 @@ public class CryptUtils {
 	 *             in case of I/O error (i.e., the data is not what you assumed
 	 *             it was)
 	 */
-	public String encrypt64(String data, boolean zip) throws SSLException {
-		try {
-			return encrypt64(data.getBytes("UTF8"), zip);
-		} catch (UnsupportedEncodingException e) {
-			// UTF-8 is required in all confirm JVMs
-			e.printStackTrace();
-			return null;
-		}
+	public String encrypt64(String data) throws SSLException {
+		return encrypt64(StringUtils.getBytes(data));
 	}
 
 	/**
@@ -173,10 +310,6 @@ public class CryptUtils {
 	 * 
 	 * @param data
 	 *            the data to encrypt
-	 * @param zip
-	 *            TRUE to also compress the data in GZIP format; remember that
-	 *            compressed and not-compressed content are different; you need
-	 *            to know which is which when decoding
 	 * 
 	 * @return the encrypted data, encoded in Base64
 	 * 
@@ -184,9 +317,9 @@ public class CryptUtils {
 	 *             in case of I/O error (i.e., the data is not what you assumed
 	 *             it was)
 	 */
-	public String encrypt64(byte[] data, boolean zip) throws SSLException {
+	public String encrypt64(byte[] data) throws SSLException {
 		try {
-			return StringUtils.base64(encrypt(data), zip);
+			return StringUtils.base64(encrypt(data));
 		} catch (IOException e) {
 			// not exactly true, but we consider here that this error is a crypt
 			// error, not a normal I/O error
@@ -206,12 +339,36 @@ public class CryptUtils {
 	 *             in case of I/O error
 	 */
 	public byte[] decrypt(byte[] data) throws SSLException {
+		synchronized (dcipher) {
+			try {
+				return dcipher.doFinal(data);
+			} catch (IllegalBlockSizeException e) {
+				throw new SSLException(e);
+			} catch (BadPaddingException e) {
+				throw new SSLException(e);
+			}
+		}
+	}
+
+	/**
+	 * Decode the data which is assumed to be encrypted with the same utilities
+	 * and to be a {@link String}.
+	 * 
+	 * @param data
+	 *            the encrypted data to decode
+	 * 
+	 * @return the original, decoded data,as a {@link String}
+	 * 
+	 * @throws SSLException
+	 *             in case of I/O error
+	 */
+	public String decrypts(byte[] data) throws SSLException {
 		try {
-			return dcipher.doFinal(data);
-		} catch (IllegalBlockSizeException e) {
-			throw new SSLException(e);
-		} catch (BadPaddingException e) {
-			throw new SSLException(e);
+			return new String(decrypt(data), "UTF-8");
+		} catch (UnsupportedEncodingException e) {
+			// UTF-8 is required in all conform JVMs
+			e.printStackTrace();
+			return null;
 		}
 	}
 
@@ -230,9 +387,9 @@ public class CryptUtils {
 	 * @throws SSLException
 	 *             in case of I/O error
 	 */
-	public byte[] decrypt64(String data, boolean zip) throws SSLException {
+	public byte[] decrypt64(String data) throws SSLException {
 		try {
-			return decrypt(StringUtils.unbase64(data, zip));
+			return decrypt(StringUtils.unbase64(data));
 		} catch (IOException e) {
 			// not exactly true, but we consider here that this error is a crypt
 			// error, not a normal I/O error
@@ -256,11 +413,11 @@ public class CryptUtils {
 	 * @throws SSLException
 	 *             in case of I/O error
 	 */
-	public String decrypt64s(String data, boolean zip) throws SSLException {
+	public String decrypt64s(String data) throws SSLException {
 		try {
-			return new String(decrypt(StringUtils.unbase64(data, zip)), "UTF-8");
+			return new String(decrypt(StringUtils.unbase64(data)), "UTF-8");
 		} catch (UnsupportedEncodingException e) {
-			// UTF-8 is required in all confirm JVMs
+			// UTF-8 is required in all conform JVMs
 			e.printStackTrace();
 			return null;
 		} catch (IOException e) {
@@ -279,6 +436,6 @@ public class CryptUtils {
 	 * @return a 128 bits key computed from the given input
 	 */
 	static private byte[] key2key(String input) {
-		return StringUtils.getMd5Hash(input).getBytes();
+		return StringUtils.getMd5Hash("" + input).getBytes();
 	}
 }