com.jsmartframework.web.manager.CsrfEncrypter.java Source code

Introduction

Here is the source code for com.jsmartframework.web.manager.CsrfEncrypter.java

Source

/*
 * JSmart Framework - Java Web Development Framework
 * Copyright (c) 2015, Jeferson Albino da Silva, All rights reserved.
 * 
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 3.0 of the License, or (at your option) any later version.
 * 
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/

package com.jsmartframework.web.manager;

import static com.jsmartframework.web.config.Constants.REQUEST_CSRF_ENCRYPT_CIPHER;
import static com.jsmartframework.web.config.Constants.REQUEST_CSRF_DECRYPT_CIPHER;

import org.apache.commons.codec.binary.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;

final class CsrfEncrypter {

    private static final Logger LOGGER = Logger.getLogger(CsrfEncrypter.class.getPackage().getName());

    static final int CYPHER_KEY_LENGTH = 16;

    private static Cipher getEncryptCipher(HttpServletRequest request, String key) throws Exception {
        Cipher encryptCipher = (Cipher) request.getAttribute(REQUEST_CSRF_ENCRYPT_CIPHER);
        if (encryptCipher == null) {
            encryptCipher = Cipher.getInstance("AES");
            SecretKey secretKey = new SecretKeySpec(key.getBytes("UTF8"), "AES");
            encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey);
            request.setAttribute(REQUEST_CSRF_ENCRYPT_CIPHER, encryptCipher);
        }
        return encryptCipher;
    }

    private static Cipher getDecryptCipher(HttpServletRequest request, String key) throws Exception {
        Cipher decryptCipher = (Cipher) request.getAttribute(REQUEST_CSRF_DECRYPT_CIPHER);
        if (decryptCipher == null) {
            decryptCipher = Cipher.getInstance("AES");
            SecretKey secretKey = new SecretKeySpec(key.getBytes("UTF8"), "AES");
            decryptCipher.init(Cipher.DECRYPT_MODE, secretKey);
            request.setAttribute(REQUEST_CSRF_DECRYPT_CIPHER, decryptCipher);
        }
        return decryptCipher;
    }

    static String encrypt(HttpServletRequest request, String key, Object value) {
        if (key != null && value != null) {
            try {
                byte[] encode = getEncryptCipher(request, key).doFinal(value.toString().getBytes("UTF8"));
                return new String(Base64.encodeBase64(encode, true, true)).trim();
            } catch (Exception ex) {
                LOGGER.log(Level.INFO, "Failed to encrypt value [" + value + "]: " + ex.getMessage());
            }
            return value.toString();
        }
        return null;
    }

    static String decrypt(HttpServletRequest request, String key, Object value) {
        if (key != null && value != null) {
            try {
                byte[] decoded = Base64.decodeBase64(value.toString());
                return new String(getDecryptCipher(request, key).doFinal(decoded), "UTF8");
            } catch (Exception ex) {
                LOGGER.log(Level.INFO, "Failed to decrypt value [" + value + "]: " + ex.getMessage());
            }
            return value.toString();
        }
        return null;
    }

}