X-Git-Url: http://git.nikiroo.be/?a=blobdiff_plain;f=src%2Fbe%2Fnikiroo%2Futils%2FCryptUtils.java;h=72c9c44b449a5e0ef782cb560dfe044c0c6e8840;hb=a6a73de36765b85947ac885529da82d3e7189269;hp=fdf05565b508c48f2c8d0722d2ce1b6a5a6cf38e;hpb=ed3aa598b54187e347b384fceea901cc143f20f5;p=nikiroo-utils.git diff --git a/src/be/nikiroo/utils/CryptUtils.java b/src/be/nikiroo/utils/CryptUtils.java index fdf0556..72c9c44 100644 --- a/src/be/nikiroo/utils/CryptUtils.java +++ b/src/be/nikiroo/utils/CryptUtils.java @@ -4,6 +4,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.UnsupportedEncodingException; +import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -14,22 +15,36 @@ import javax.crypto.CipherOutputStream; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.net.ssl.SSLException; +import be.nikiroo.utils.streams.Base64InputStream; +import be.nikiroo.utils.streams.Base64OutputStream; + /** * Small utility class to do AES encryption/decryption. *

+ * For the moment, it is multi-thread compatible, but beware: + *

+ *

* Do not assume it is actually secure until you checked the code... * * @author niki */ public class CryptUtils { + static private final String AES_NAME = "AES/CFB8/NoPadding"; + private Cipher ecipher; private Cipher dcipher; + private SecretKey key; /** - * Small and leazy way to initialize a 128 bits key with {@link CryptUtils}. + * Small and lazy-easy way to initialize a 128 bits key with + * {@link CryptUtils}. *

* Some part of the key will be used to generate a 128 bits key and * initialize the {@link CryptUtils}; even NULL will generate something. @@ -72,46 +87,116 @@ public class CryptUtils { * the {@link InputStream} to wrap * @return the auto-encode {@link InputStream} */ - public InputStream encryptInputStream(InputStream in) { + public InputStream encrypt(InputStream in) { + Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); return new CipherInputStream(in, ecipher); } + /** + * Wrap the given {@link InputStream} so it is transparently encrypted by + * the current {@link CryptUtils} and encoded in base64. + * + * @param in + * the {@link InputStream} to wrap + * + * @return the auto-encode {@link InputStream} + * + * @throws IOException + * in case of I/O error + */ + public InputStream encrypt64(InputStream in) throws IOException { + return new Base64InputStream(encrypt(in), true); + } + /** * Wrap the given {@link OutputStream} so it is transparently encrypted by * the current {@link CryptUtils}. * - * @param in + * @param out * the {@link OutputStream} to wrap + * * @return the auto-encode {@link OutputStream} */ - public OutputStream encryptOutpuStream(OutputStream out) { + public OutputStream encrypt(OutputStream out) { + Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); return new CipherOutputStream(out, ecipher); } /** - * Wrap the given {@link OutStream} so it is transparently decoded by the + * Wrap the given {@link OutputStream} so it is transparently encrypted by + * the current {@link CryptUtils} and encoded in base64. + * + * @param out + * the {@link OutputStream} to wrap + * + * @return the auto-encode {@link OutputStream} + * + * @throws IOException + * in case of I/O error + */ + public OutputStream encrypt64(OutputStream out) throws IOException { + return encrypt(new Base64OutputStream(out, true)); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils}. * * @param in * the {@link InputStream} to wrap + * * @return the auto-decode {@link InputStream} */ - public InputStream decryptInputStream(InputStream in) { + public InputStream decrypt(InputStream in) { + Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); return new CipherInputStream(in, dcipher); } /** - * Wrap the given {@link OutStream} so it is transparently decoded by the + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils} and decoded from base64. + * + * @param in + * the {@link InputStream} to wrap + * + * @return the auto-decode {@link InputStream} + * + * @throws IOException + * in case of I/O error + */ + public InputStream decrypt64(InputStream in) throws IOException { + return decrypt(new Base64InputStream(in, false)); + } + + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils}. * * @param out * the {@link OutputStream} to wrap * @return the auto-decode {@link OutputStream} */ - public OutputStream decryptOutputStream(OutputStream out) { + public OutputStream decrypt(OutputStream out) { + Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); return new CipherOutputStream(out, dcipher); } + /** + * Wrap the given {@link OutputStream} so it is transparently decoded by the + * current {@link CryptUtils} and decoded from base64. + * + * @param out + * the {@link OutputStream} to wrap + * + * @return the auto-decode {@link OutputStream} + * + * @throws IOException + * in case of I/O error + */ + public OutputStream decrypt64(OutputStream out) throws IOException { + return new Base64OutputStream(decrypt(out), false); + } + /** * This method required an array of 128 bytes. * @@ -129,12 +214,28 @@ public class CryptUtils { + " bytes"); } - SecretKey key = new SecretKeySpec(bytes32, "AES"); + key = new SecretKeySpec(bytes32, "AES"); + ecipher = newCipher(Cipher.ENCRYPT_MODE); + dcipher = newCipher(Cipher.DECRYPT_MODE); + } + + /** + * Create a new {@link Cipher}of the given mode (see + * {@link Cipher#ENCRYPT_MODE} and {@link Cipher#ENCRYPT_MODE}). + * + * @param mode + * the mode ({@link Cipher#ENCRYPT_MODE} or + * {@link Cipher#ENCRYPT_MODE}) + * + * @return the new {@link Cipher} + */ + private Cipher newCipher(int mode) { try { - ecipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); - dcipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); - ecipher.init(Cipher.ENCRYPT_MODE, key); - dcipher.init(Cipher.DECRYPT_MODE, key); + byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + IvParameterSpec ivspec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance(AES_NAME); + cipher.init(mode, key, ivspec); + return cipher; } catch (NoSuchAlgorithmException e) { // Every implementation of the Java platform is required to support // this standard Cipher transformation with 128 bits keys @@ -147,7 +248,12 @@ public class CryptUtils { // Every implementation of the Java platform is required to support // this standard Cipher transformation with 128 bits keys e.printStackTrace(); + } catch (InvalidAlgorithmParameterException e) { + // Woops? + e.printStackTrace(); } + + return null; } /** @@ -163,12 +269,14 @@ public class CryptUtils { * it was) */ public byte[] encrypt(byte[] data) throws SSLException { - try { - return ecipher.doFinal(data); - } catch (IllegalBlockSizeException e) { - throw new SSLException(e); - } catch (BadPaddingException e) { - throw new SSLException(e); + synchronized (ecipher) { + try { + return ecipher.doFinal(data); + } catch (IllegalBlockSizeException e) { + throw new SSLException(e); + } catch (BadPaddingException e) { + throw new SSLException(e); + } } } @@ -210,9 +318,9 @@ public class CryptUtils { * in case of I/O error (i.e., the data is not what you assumed * it was) */ - public String encrypt64(String data, boolean zip) throws SSLException { + public String encrypt64(String data) throws SSLException { try { - return encrypt64(data.getBytes("UTF8"), zip); + return encrypt64(data.getBytes("UTF8")); } catch (UnsupportedEncodingException e) { // UTF-8 is required in all confirm JVMs e.printStackTrace(); @@ -225,10 +333,6 @@ public class CryptUtils { * * @param data * the data to encrypt - * @param zip - * TRUE to also compress the data in GZIP format; remember that - * compressed and not-compressed content are different; you need - * to know which is which when decoding * * @return the encrypted data, encoded in Base64 * @@ -236,9 +340,9 @@ public class CryptUtils { * in case of I/O error (i.e., the data is not what you assumed * it was) */ - public String encrypt64(byte[] data, boolean zip) throws SSLException { + public String encrypt64(byte[] data) throws SSLException { try { - return StringUtils.base64(encrypt(data), zip); + return StringUtils.base64(encrypt(data)); } catch (IOException e) { // not exactly true, but we consider here that this error is a crypt // error, not a normal I/O error @@ -258,12 +362,14 @@ public class CryptUtils { * in case of I/O error */ public byte[] decrypt(byte[] data) throws SSLException { - try { - return dcipher.doFinal(data); - } catch (IllegalBlockSizeException e) { - throw new SSLException(e); - } catch (BadPaddingException e) { - throw new SSLException(e); + synchronized (dcipher) { + try { + return dcipher.doFinal(data); + } catch (IllegalBlockSizeException e) { + throw new SSLException(e); + } catch (BadPaddingException e) { + throw new SSLException(e); + } } } @@ -304,9 +410,9 @@ public class CryptUtils { * @throws SSLException * in case of I/O error */ - public byte[] decrypt64(String data, boolean zip) throws SSLException { + public byte[] decrypt64(String data) throws SSLException { try { - return decrypt(StringUtils.unbase64(data, zip)); + return decrypt(StringUtils.unbase64(data)); } catch (IOException e) { // not exactly true, but we consider here that this error is a crypt // error, not a normal I/O error @@ -330,9 +436,9 @@ public class CryptUtils { * @throws SSLException * in case of I/O error */ - public String decrypt64s(String data, boolean zip) throws SSLException { + public String decrypt64s(String data) throws SSLException { try { - return new String(decrypt(StringUtils.unbase64(data, zip)), "UTF-8"); + return new String(decrypt(StringUtils.unbase64(data)), "UTF-8"); } catch (UnsupportedEncodingException e) { // UTF-8 is required in all confirm JVMs e.printStackTrace();