1 package org.openecomp.sdc.securityutil;
3 import java.security.SecureRandom;
4 import org.slf4j.Logger;
5 import org.slf4j.LoggerFactory;
7 import javax.crypto.Cipher;
8 import javax.crypto.spec.IvParameterSpec;
9 import javax.crypto.spec.SecretKeySpec;
10 import org.apache.commons.codec.binary.Base64;
12 public class CipherUtil {
13 private static Logger log = LoggerFactory.getLogger( CipherUtil.class.getName());
14 private static final String ALGORITHM = "AES";
15 private static final String ALGORYTHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
16 private static final String CIPHER_PROVIDER = "SunJCE";
17 private static final int BLOCK_SIZE = 128;
18 private static final int BYTE_SIZE = 8;
19 private static final int IV_SIZE = BLOCK_SIZE / BYTE_SIZE;
20 private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
21 private static final String ALGORITHM_NAME = "SHA1PRNG";
24 * Encrypt the text using the secret key in key.properties file
26 * @param value string to encrypt
27 * @return The encrypted string
28 * @throws CipherUtilException
29 * In case of issue with the encryption
31 public static String encryptPKC(String value, String base64key) throws CipherUtilException {
33 byte[] iv = new byte[IV_SIZE];
36 cipher = Cipher.getInstance(ALGORYTHM_DETAILS, CIPHER_PROVIDER);
37 SecureRandom secureRandom = SecureRandom.getInstance(ALGORITHM_NAME);
38 secureRandom.nextBytes(iv);
39 IvParameterSpec ivspec = new IvParameterSpec(iv);
40 cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec(base64key), ivspec);
41 finalByte = cipher.doFinal(value.getBytes());
43 } catch (Exception ex) {
44 log.error("encrypt failed", ex);
45 throw new CipherUtilException(ex);
47 return Base64.encodeBase64String(addAll(iv, finalByte));
51 * Decrypts the text using the secret key in key.properties file.
54 * The encrypted string that must be decrypted using the ONAP Portal
56 * @return The String decrypted
57 * @throws CipherUtilException
58 * if any decryption step fails
61 public static String decryptPKC(String message, String base64key) throws CipherUtilException {
62 byte[] encryptedMessage = Base64.decodeBase64(message);
66 cipher = Cipher.getInstance(ALGORYTHM_DETAILS, CIPHER_PROVIDER);
67 IvParameterSpec ivspec = new IvParameterSpec(subarray(encryptedMessage, 0, IV_SIZE));
68 byte[] realData = subarray(encryptedMessage, IV_SIZE, encryptedMessage.length);
69 cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec(base64key), ivspec);
70 decrypted = cipher.doFinal(realData);
72 } catch (Exception ex) {
73 log.error("decrypt failed", ex);
74 throw new CipherUtilException(ex);
76 return new String(decrypted);
79 private static SecretKeySpec getSecretKeySpec(String keyString) {
80 byte[] key = Base64.decodeBase64(keyString);
81 return new SecretKeySpec(key, ALGORITHM);
84 private static byte[] clone(byte[] array) {
85 return array == null ? null : array.clone();
88 private static byte[] addAll(byte[] array1, byte[] array2) {
91 } else if (array2 == null) {
94 byte[] joinedArray = new byte[array1.length + array2.length];
95 System.arraycopy(array1, 0, joinedArray, 0, array1.length);
96 System.arraycopy(array2, 0, joinedArray, array1.length, array2.length);
101 private static byte[] subarray(byte[] array, int startIndexInclusive, int endIndexExclusive) {
105 if (startIndexInclusive < 0) {
106 startIndexInclusive = 0;
109 if (endIndexExclusive > array.length) {
110 endIndexExclusive = array.length;
113 int newSize = endIndexExclusive - startIndexInclusive;
115 return EMPTY_BYTE_ARRAY;
117 byte[] subarray = new byte[newSize];
118 System.arraycopy(array, startIndexInclusive, subarray, 0, newSize);