import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLException;
+import be.nikiroo.utils.streams.Base64InputStream;
+import be.nikiroo.utils.streams.Base64OutputStream;
+
/**
* Small utility class to do AES encryption/decryption.
* <p>
+ * For the moment, it is multi-thread compatible, but beware:
+ * <ul>
+ * <li>The encrypt/decrypt calls are serialized</li>
+ * <li>The streams are independent and thus parallel</li>
+ * </ul>
+ * <p>
* Do not assume it is actually secure until you checked the code...
*
* @author niki
*/
public class CryptUtils {
+ static private final String AES_NAME = "AES/CFB8/NoPadding";
+
private Cipher ecipher;
private Cipher dcipher;
+ private SecretKey key;
/**
- * Small and leazy way to initialize a 128 bits key with {@link CryptUtils}.
+ * Small and lazy-easy way to initialize a 128 bits key with
+ * {@link CryptUtils}.
* <p>
* <b>Some</b> part of the key will be used to generate a 128 bits key and
* initialize the {@link CryptUtils}; even NULL will generate something.
* the {@link InputStream} to wrap
* @return the auto-encode {@link InputStream}
*/
- public InputStream encryptInputStream(InputStream in) {
+ public InputStream encrypt(InputStream in) {
+ Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE);
return new CipherInputStream(in, ecipher);
}
+ /**
+ * Wrap the given {@link InputStream} so it is transparently encrypted by
+ * the current {@link CryptUtils} and encoded in base64.
+ *
+ * @param in
+ * the {@link InputStream} to wrap
+ *
+ * @return the auto-encode {@link InputStream}
+ *
+ * @throws IOException
+ * in case of I/O error
+ */
+ public InputStream encrypt64(InputStream in) throws IOException {
+ return new Base64InputStream(encrypt(in), true);
+ }
+
/**
* Wrap the given {@link OutputStream} so it is transparently encrypted by
* the current {@link CryptUtils}.
*
- * @param in
+ * @param out
* the {@link OutputStream} to wrap
+ *
* @return the auto-encode {@link OutputStream}
*/
- public OutputStream encryptOutpuStream(OutputStream out) {
+ public OutputStream encrypt(OutputStream out) {
+ Cipher ecipher = newCipher(Cipher.ENCRYPT_MODE);
return new CipherOutputStream(out, ecipher);
}
/**
- * Wrap the given {@link OutStream} so it is transparently decoded by the
+ * Wrap the given {@link OutputStream} so it is transparently encrypted by
+ * the current {@link CryptUtils} and encoded in base64.
+ *
+ * @param out
+ * the {@link OutputStream} to wrap
+ *
+ * @return the auto-encode {@link OutputStream}
+ *
+ * @throws IOException
+ * in case of I/O error
+ */
+ public OutputStream encrypt64(OutputStream out) throws IOException {
+ return encrypt(new Base64OutputStream(out, true));
+ }
+
+ /**
+ * Wrap the given {@link OutputStream} so it is transparently decoded by the
* current {@link CryptUtils}.
*
* @param in
* the {@link InputStream} to wrap
+ *
* @return the auto-decode {@link InputStream}
*/
- public InputStream decryptInputStream(InputStream in) {
+ public InputStream decrypt(InputStream in) {
+ Cipher dcipher = newCipher(Cipher.DECRYPT_MODE);
return new CipherInputStream(in, dcipher);
}
/**
- * Wrap the given {@link OutStream} so it is transparently decoded by the
+ * Wrap the given {@link OutputStream} so it is transparently decoded by the
+ * current {@link CryptUtils} and decoded from base64.
+ *
+ * @param in
+ * the {@link InputStream} to wrap
+ *
+ * @return the auto-decode {@link InputStream}
+ *
+ * @throws IOException
+ * in case of I/O error
+ */
+ public InputStream decrypt64(InputStream in) throws IOException {
+ return decrypt(new Base64InputStream(in, false));
+ }
+
+ /**
+ * Wrap the given {@link OutputStream} so it is transparently decoded by the
* current {@link CryptUtils}.
*
* @param out
* the {@link OutputStream} to wrap
* @return the auto-decode {@link OutputStream}
*/
- public OutputStream decryptOutputStream(OutputStream out) {
+ public OutputStream decrypt(OutputStream out) {
+ Cipher dcipher = newCipher(Cipher.DECRYPT_MODE);
return new CipherOutputStream(out, dcipher);
}
+ /**
+ * Wrap the given {@link OutputStream} so it is transparently decoded by the
+ * current {@link CryptUtils} and decoded from base64.
+ *
+ * @param out
+ * the {@link OutputStream} to wrap
+ *
+ * @return the auto-decode {@link OutputStream}
+ *
+ * @throws IOException
+ * in case of I/O error
+ */
+ public OutputStream decrypt64(OutputStream out) throws IOException {
+ return new Base64OutputStream(decrypt(out), false);
+ }
+
/**
* This method required an array of 128 bytes.
*
+ " bytes");
}
- SecretKey key = new SecretKeySpec(bytes32, "AES");
+ key = new SecretKeySpec(bytes32, "AES");
+ ecipher = newCipher(Cipher.ENCRYPT_MODE);
+ dcipher = newCipher(Cipher.DECRYPT_MODE);
+ }
+
+ /**
+ * Create a new {@link Cipher}of the given mode (see
+ * {@link Cipher#ENCRYPT_MODE} and {@link Cipher#ENCRYPT_MODE}).
+ *
+ * @param mode
+ * the mode ({@link Cipher#ENCRYPT_MODE} or
+ * {@link Cipher#ENCRYPT_MODE})
+ *
+ * @return the new {@link Cipher}
+ */
+ private Cipher newCipher(int mode) {
try {
- ecipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- dcipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- ecipher.init(Cipher.ENCRYPT_MODE, key);
- dcipher.init(Cipher.DECRYPT_MODE, key);
+ byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+ IvParameterSpec ivspec = new IvParameterSpec(iv);
+ Cipher cipher = Cipher.getInstance(AES_NAME);
+ cipher.init(mode, key, ivspec);
+ return cipher;
} catch (NoSuchAlgorithmException e) {
// Every implementation of the Java platform is required to support
// this standard Cipher transformation with 128 bits keys
// Every implementation of the Java platform is required to support
// this standard Cipher transformation with 128 bits keys
e.printStackTrace();
+ } catch (InvalidAlgorithmParameterException e) {
+ // Woops?
+ e.printStackTrace();
}
+
+ return null;
}
/**
* it was)
*/
public byte[] encrypt(byte[] data) throws SSLException {
- try {
- return ecipher.doFinal(data);
- } catch (IllegalBlockSizeException e) {
- throw new SSLException(e);
- } catch (BadPaddingException e) {
- throw new SSLException(e);
+ synchronized (ecipher) {
+ try {
+ return ecipher.doFinal(data);
+ } catch (IllegalBlockSizeException e) {
+ throw new SSLException(e);
+ } catch (BadPaddingException e) {
+ throw new SSLException(e);
+ }
}
}
* in case of I/O error (i.e., the data is not what you assumed
* it was)
*/
- public String encrypt64(String data, boolean zip) throws SSLException {
+ public String encrypt64(String data) throws SSLException {
try {
- return encrypt64(data.getBytes("UTF8"), zip);
+ return encrypt64(data.getBytes("UTF8"));
} catch (UnsupportedEncodingException e) {
// UTF-8 is required in all confirm JVMs
e.printStackTrace();
*
* @param data
* the data to encrypt
- * @param zip
- * TRUE to also compress the data in GZIP format; remember that
- * compressed and not-compressed content are different; you need
- * to know which is which when decoding
*
* @return the encrypted data, encoded in Base64
*
* in case of I/O error (i.e., the data is not what you assumed
* it was)
*/
- public String encrypt64(byte[] data, boolean zip) throws SSLException {
+ public String encrypt64(byte[] data) throws SSLException {
try {
- return StringUtils.base64(encrypt(data), zip);
+ return StringUtils.base64(encrypt(data));
} catch (IOException e) {
// not exactly true, but we consider here that this error is a crypt
// error, not a normal I/O error
* in case of I/O error
*/
public byte[] decrypt(byte[] data) throws SSLException {
+ synchronized (dcipher) {
+ try {
+ return dcipher.doFinal(data);
+ } catch (IllegalBlockSizeException e) {
+ throw new SSLException(e);
+ } catch (BadPaddingException e) {
+ throw new SSLException(e);
+ }
+ }
+ }
+
+ /**
+ * Decode the data which is assumed to be encrypted with the same utilities
+ * and to be a {@link String}.
+ *
+ * @param data
+ * the encrypted data to decode
+ *
+ * @return the original, decoded data,as a {@link String}
+ *
+ * @throws SSLException
+ * in case of I/O error
+ */
+ public String decrypts(byte[] data) throws SSLException {
try {
- return dcipher.doFinal(data);
- } catch (IllegalBlockSizeException e) {
- throw new SSLException(e);
- } catch (BadPaddingException e) {
- throw new SSLException(e);
+ return new String(decrypt(data), "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ // UTF-8 is required in all confirm JVMs
+ e.printStackTrace();
+ return null;
}
}
* @throws SSLException
* in case of I/O error
*/
- public byte[] decrypt64(String data, boolean zip) throws SSLException {
+ public byte[] decrypt64(String data) throws SSLException {
try {
- return decrypt(StringUtils.unbase64(data, zip));
+ return decrypt(StringUtils.unbase64(data));
} catch (IOException e) {
// not exactly true, but we consider here that this error is a crypt
// error, not a normal I/O error
* @throws SSLException
* in case of I/O error
*/
- public String decrypt64s(String data, boolean zip) throws SSLException {
+ public String decrypt64s(String data) throws SSLException {
try {
- return new String(decrypt(StringUtils.unbase64(data, zip)), "UTF-8");
+ return new String(decrypt(StringUtils.unbase64(data)), "UTF-8");
} catch (UnsupportedEncodingException e) {
// UTF-8 is required in all confirm JVMs
e.printStackTrace();
git://git.nikiroo.be / nikiroo-utils.git / blobdiff