Java tutorial
/* * Copyright 2012-2013 inBloom, Inc. and its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.slc.sli.dal.encrypt; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.binary.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import java.io.*; import java.security.GeneralSecurityException; /** * Encrypts/Decrypts data using AES * * @author Ryan Farris <rfarris@wgen.net> * */ public class AesCipher implements org.slc.sli.dal.encrypt.Cipher { private static final Logger LOG = LoggerFactory.getLogger(AesCipher.class); private ThreadLocal<Cipher> cachedEncryptCypher = new ThreadLocal<Cipher>(); private ThreadLocal<Cipher> cachedDecryptCypher = new ThreadLocal<Cipher>(); @Autowired CipherInitDataProvider initDataProvider; @Override public String encrypt(Object data) { if (data instanceof String) { return "ESTRING:" + encryptFromBytes(StringUtils.getBytesUtf8((String) data)); } else { ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(byteOutputStream); String type; try { if (data instanceof Boolean) { dos.writeBoolean((Boolean) data); type = "EBOOL:"; } else if (data instanceof Integer) { dos.writeInt((Integer) data); type = "EINT:"; } else if (data instanceof Long) { dos.writeLong((Long) data); type = "ELONG:"; } else if (data instanceof Double) { dos.writeDouble((Double) data); type = "EDOUBLE:"; } else { throw new RuntimeException("Unsupported type: " + data.getClass().getCanonicalName()); } dos.flush(); dos.close(); } catch (IOException e) { throw new RuntimeException(e); } byte[] bytes = byteOutputStream.toByteArray(); return type + encryptFromBytes(bytes); } } @Override public Object decrypt(String data) { String[] splitData = org.apache.commons.lang3.StringUtils.split(data, ':'); // String[] splitData = data.split(":"); if (splitData.length != 2) { return null; } else { if (splitData[0].equals("ESTRING")) { return StringUtils.newStringUtf8(decryptToBytes(splitData[1])); } else if (splitData[0].equals("EBOOL")) { return decryptBinary(splitData[1], Boolean.class); } else if (splitData[0].equals("EINT")) { return decryptBinary(splitData[1], Integer.class); } else if (splitData[0].equals("ELONG")) { return decryptBinary(splitData[1], Long.class); } else if (splitData[0].equals("EDOUBLE")) { return decryptBinary(splitData[1], Double.class); } else { return null; } } } private Object decryptBinary(String data, Class<?> expectedType) { byte[] decoded = decryptToBytes(data); DataInputStream dis = new DataInputStream(new ByteArrayInputStream(decoded)); try { if (Boolean.class.equals(expectedType)) { return dis.readBoolean(); } else if (Integer.class.equals(expectedType)) { return dis.readInt(); } else if (Long.class.equals(expectedType)) { return dis.readLong(); } else if (Double.class.equals(expectedType)) { return dis.readDouble(); } else { throw new RuntimeException("Unsupported type: " + expectedType.getCanonicalName()); } } catch (IOException e) { throw new RuntimeException(e); } finally { try { dis.close(); } catch (IOException e) { LOG.error("Unable to close DataInputStream!"); } } } private String encryptFromBytes(byte[] data) { try { byte[] encrypted = buildEncryptCipher().doFinal(data); String encodedData = Base64.encodeBase64String(encrypted); return encodedData; } catch (GeneralSecurityException e) { throw new RuntimeException(e); } } private byte[] decryptToBytes(String encodedData) { byte[] data = Base64.decodeBase64(encodedData); byte[] decrypted = null; try { decrypted = buildDecryptCipher().doFinal(data); return decrypted; } catch (GeneralSecurityException e) { LOG.error("encodedData: " + encodedData); LOG.error("data: " + data.toString()); throw new RuntimeException(e); } } private Cipher buildEncryptCipher() { Cipher encryptCypher = cachedEncryptCypher.get(); if (encryptCypher == null) { encryptCypher = buildCipher(Cipher.ENCRYPT_MODE); cachedEncryptCypher.set(encryptCypher); } return encryptCypher; } private Cipher buildDecryptCipher() { Cipher decryptCypher = cachedDecryptCypher.get(); if (decryptCypher == null) { decryptCypher = buildCipher(Cipher.DECRYPT_MODE); cachedDecryptCypher.set(decryptCypher); } return decryptCypher; } /** * Builds a new cipher that can be used independently of other threads. * * @param mode * @return */ protected Cipher buildCipher(int mode) { CipherInitData initData = initDataProvider.getInitData(); byte[] ivBytes; try { ivBytes = Hex.decodeHex(initData.getInitializationVector().toCharArray()); } catch (DecoderException e) { throw new RuntimeException(e); } IvParameterSpec ivspec = new IvParameterSpec(ivBytes); try { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(mode, initData.getSecretKey(), ivspec); return cipher; } catch (GeneralSecurityException e) { throw new RuntimeException(e); } } }