package be.nikiroo.utils; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.IllegalBlockSizeException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.net.ssl.SSLException; import be.nikiroo.utils.streams.Base64InputStream; import be.nikiroo.utils.streams.Base64OutputStream; /** * Small utility class to do AES encryption/decryption. *
* It is multi-thread compatible, but beware: *
* Do not assume it is secure; it just here to offer a more-or-less protected * exchange of data because anonymous and self-signed certificates backed SSL is * against Google wishes, and I need Android support. * * @author niki */ public class CryptUtils { static private final String AES_NAME = "AES/CFB128/NoPadding"; private Cipher ecipher; private Cipher dcipher; private byte[] bytes32; /** * Small and lazy-easy way to initialize a 128 bits key with * {@link CryptUtils}. *
* Some part of the key will be used to generate a 128 bits key and * initialize the {@link CryptUtils}; even NULL will generate something. *
* This is most probably not secure. Do not use if you actually care * about security. * * @param key * the {@link String} to use as a base for the key, can be NULL */ public CryptUtils(String key) { try { init(key2key(key)); } catch (InvalidKeyException e) { // We made sure that the key is correct, so nothing here e.printStackTrace(); } } /** * Create a new instance of {@link CryptUtils} with the given 128 bits key. *
* The key must be exactly 128 bits long. * * @param bytes32 * the 128 bits (32 bytes) of the key * * @throws InvalidKeyException * if the key is not an array of 128 bits */ public CryptUtils(byte[] bytes32) throws InvalidKeyException { init(bytes32); } /** * Wrap the given {@link InputStream} so it is transparently encrypted by * the current {@link CryptUtils}. * * @param in * the {@link InputStream} to wrap * @return the auto-encode {@link InputStream} */ public InputStream encrypt(InputStream in) { Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); return new CipherInputStream(in, ecipher); } /** * Wrap the given {@link InputStream} so it is transparently encrypted by * the current {@link CryptUtils} and encoded in base64. * * @param in * the {@link InputStream} to wrap * * @return the auto-encode {@link InputStream} * * @throws IOException * in case of I/O error */ public InputStream encrypt64(InputStream in) throws IOException { return new Base64InputStream(encrypt(in), true); } /** * Wrap the given {@link OutputStream} so it is transparently encrypted by * the current {@link CryptUtils}. * * @param out * the {@link OutputStream} to wrap * * @return the auto-encode {@link OutputStream} */ public OutputStream encrypt(OutputStream out) { Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE); return new CipherOutputStream(out, ecipher); } /** * Wrap the given {@link OutputStream} so it is transparently encrypted by * the current {@link CryptUtils} and encoded in base64. * * @param out * the {@link OutputStream} to wrap * * @return the auto-encode {@link OutputStream} * * @throws IOException * in case of I/O error */ public OutputStream encrypt64(OutputStream out) throws IOException { return encrypt(new Base64OutputStream(out, true)); } /** * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils}. * * @param in * the {@link InputStream} to wrap * * @return the auto-decode {@link InputStream} */ public InputStream decrypt(InputStream in) { Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); return new CipherInputStream(in, dcipher); } /** * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils} and decoded from base64. * * @param in * the {@link InputStream} to wrap * * @return the auto-decode {@link InputStream} * * @throws IOException * in case of I/O error */ public InputStream decrypt64(InputStream in) throws IOException { return decrypt(new Base64InputStream(in, false)); } /** * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils}. * * @param out * the {@link OutputStream} to wrap * @return the auto-decode {@link OutputStream} */ public OutputStream decrypt(OutputStream out) { Cipher dcipher = newCipher(Cipher.DECRYPT_MODE); return new CipherOutputStream(out, dcipher); } /** * Wrap the given {@link OutputStream} so it is transparently decoded by the * current {@link CryptUtils} and decoded from base64. * * @param out * the {@link OutputStream} to wrap * * @return the auto-decode {@link OutputStream} * * @throws IOException * in case of I/O error */ public OutputStream decrypt64(OutputStream out) throws IOException { return new Base64OutputStream(decrypt(out), false); } /** * This method required an array of 128 bits. * * @param bytes32 * the array, which must be of 128 bits (32 bytes) * * @throws InvalidKeyException * if the key is not an array of 128 bits (32 bytes) */ private void init(byte[] bytes32) throws InvalidKeyException { if (bytes32 == null || bytes32.length != 32) { throw new InvalidKeyException( "The size of the key must be of 128 bits (32 bytes), it is: " + (bytes32 == null ? "null" : "" + bytes32.length) + " bytes"); } this.bytes32 = bytes32; this.ecipher = newCipher(Cipher.ENCRYPT_MODE); this.dcipher = newCipher(Cipher.DECRYPT_MODE); } /** * Create a new {@link Cipher}of the given mode (see * {@link Cipher#ENCRYPT_MODE} and {@link Cipher#ENCRYPT_MODE}). * * @param mode * the mode ({@link Cipher#ENCRYPT_MODE} or * {@link Cipher#ENCRYPT_MODE}) * * @return the new {@link Cipher} */ private Cipher newCipher(int mode) { try { // bytes32 = 32 bytes, 32 > 16 byte[] iv = new byte[16]; for (int i = 0; i < iv.length; i++) { iv[i] = bytes32[i]; } IvParameterSpec ivspec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance(AES_NAME); cipher.init(mode, new SecretKeySpec(bytes32, "AES"), ivspec); return cipher; } catch (Exception e) { e.printStackTrace(); throw new RuntimeException( "Cannot initialize encryption sub-system", e); } } /** * Encrypt the data. * * @param data * the data to encrypt * * @return the encrypted data * * @throws SSLException * in case of I/O error (i.e., the data is not what you assumed * it was) */ public byte[] encrypt(byte[] data) throws SSLException { synchronized (ecipher) { try { return ecipher.doFinal(data); } catch (IllegalBlockSizeException e) { throw new SSLException(e); } catch (BadPaddingException e) { throw new SSLException(e); } } } /** * Encrypt the data. * * @param data * the data to encrypt * * @return the encrypted data * * @throws SSLException * in case of I/O error (i.e., the data is not what you assumed * it was) */ public byte[] encrypt(String data) throws SSLException { return encrypt(StringUtils.getBytes(data)); } /** * Encrypt the data, then encode it into Base64. * * @param data * the data to encrypt * @param zip * TRUE to also compress the data in GZIP format; remember that * compressed and not-compressed content are different; you need * to know which is which when decoding * * @return the encrypted data, encoded in Base64 * * @throws SSLException * in case of I/O error (i.e., the data is not what you assumed * it was) */ public String encrypt64(String data) throws SSLException { return encrypt64(StringUtils.getBytes(data)); } /** * Encrypt the data, then encode it into Base64. * * @param data * the data to encrypt * * @return the encrypted data, encoded in Base64 * * @throws SSLException * in case of I/O error (i.e., the data is not what you assumed * it was) */ public String encrypt64(byte[] data) throws SSLException { try { return StringUtils.base64(encrypt(data)); } catch (IOException e) { // not exactly true, but we consider here that this error is a crypt // error, not a normal I/O error throw new SSLException(e); } } /** * Decode the data which is assumed to be encrypted with the same utilities. * * @param data * the encrypted data to decode * * @return the original, decoded data * * @throws SSLException * in case of I/O error */ public byte[] decrypt(byte[] data) throws SSLException { synchronized (dcipher) { try { return dcipher.doFinal(data); } catch (IllegalBlockSizeException e) { throw new SSLException(e); } catch (BadPaddingException e) { throw new SSLException(e); } } } /** * Decode the data which is assumed to be encrypted with the same utilities * and to be a {@link String}. * * @param data * the encrypted data to decode * * @return the original, decoded data,as a {@link String} * * @throws SSLException * in case of I/O error */ public String decrypts(byte[] data) throws SSLException { try { return new String(decrypt(data), "UTF-8"); } catch (UnsupportedEncodingException e) { // UTF-8 is required in all conform JVMs e.printStackTrace(); return null; } } /** * Decode the data which is assumed to be encrypted with the same utilities * and is a Base64 encoded value. * * @param data * the encrypted data to decode in Base64 format * @param zip * TRUE to also uncompress the data from a GZIP format * automatically; if set to FALSE, zipped data can be returned * * @return the original, decoded data * * @throws SSLException * in case of I/O error */ public byte[] decrypt64(String data) throws SSLException { try { return decrypt(StringUtils.unbase64(data)); } catch (IOException e) { // not exactly true, but we consider here that this error is a crypt // error, not a normal I/O error throw new SSLException(e); } } /** * Decode the data which is assumed to be encrypted with the same utilities * and is a Base64 encoded value, then convert it into a String (this method * assumes the data was indeed a UTF-8 encoded {@link String}). * * @param data * the encrypted data to decode in Base64 format * @param zip * TRUE to also uncompress the data from a GZIP format * automatically; if set to FALSE, zipped data can be returned * * @return the original, decoded data * * @throws SSLException * in case of I/O error */ public String decrypt64s(String data) throws SSLException { try { return new String(decrypt(StringUtils.unbase64(data)), "UTF-8"); } catch (UnsupportedEncodingException e) { // UTF-8 is required in all conform JVMs e.printStackTrace(); return null; } catch (IOException e) { // not exactly true, but we consider here that this error is a crypt // error, not a normal I/O error throw new SSLException(e); } } /** * This is probably NOT secure! * * @param input * some {@link String} input * * @return a 128 bits key computed from the given input */ static private byte[] key2key(String input) { return StringUtils.getMd5Hash("" + input).getBytes(); } }