--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+import java.security.GeneralSecurityException;
+
+import javax.annotation.PostConstruct;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+
+/**
+ * CryptoUtils for encrypting/decrypting string based on a Key defined in
+ * application.properties (Spring config file).
+ *
+ */
+@Component("CryptoUtils")
+public final class CryptoUtils {
+ public static final String AES = "AES";
+ public static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key";
+ @Autowired
+ private Environment springEnv;
+ private SecretKeySpec secretKeySpec;
+
+ /**
+ * Initialize Method
+ *
+ */
+ @PostConstruct
+ public void init() {
+ secretKeySpec = getSecretKeySpec(springEnv.getProperty(KEY_PARAM));
+ }
+
+ /**
+ * Encrypt a value based on the Clamp Encryption Key.
+ *
+ * @param value
+ * @return The encrypted string
+ * @throws GeneralSecurityException
+ * In case of issue with the encryption
+ */
+ public String encrypt(String value) throws GeneralSecurityException {
+ Cipher cipher = Cipher.getInstance(CryptoUtils.AES);
+ cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, cipher.getParameters());
+ byte[] encrypted = cipher.doFinal(value.getBytes());
+ return byteArrayToHexString(encrypted);
+ }
+
+ /**
+ * Decrypt a value.
+ *
+ * @param message
+ * The encrypted string that must be decrypted using the Clamp
+ * Encryption Key
+ * @return The String decrypted
+ * @throws GeneralSecurityException
+ * In case of issue with the encryption
+ */
+ public String decrypt(String message) throws GeneralSecurityException {
+ Cipher cipher = Cipher.getInstance(CryptoUtils.AES);
+ cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
+ byte[] decrypted = cipher.doFinal(hexStringToByteArray(message));
+ return new String(decrypted);
+ }
+
+ private SecretKeySpec getSecretKeySpec(String keyString) {
+ byte[] key = hexStringToByteArray(keyString);
+ return new SecretKeySpec(key, CryptoUtils.AES);
+ }
+
+ private String byteArrayToHexString(byte[] b) {
+ StringBuilder sb = new StringBuilder(b.length * 2);
+ for (int i = 0; i < b.length; i++) {
+ int v = b[i] & 0xff;
+ if (v < 16) {
+ sb.append('0');
+ }
+ sb.append(Integer.toHexString(v));
+ }
+ return sb.toString().toUpperCase();
+ }
+
+ private byte[] hexStringToByteArray(String s) {
+ byte[] b = new byte[s.length() / 2];
+ for (int i = 0; i < b.length; i++) {
+ int index = i * 2;
+ int v = Integer.parseInt(s.substring(index, index + 2), 16);
+ b[i] = (byte) v;
+ }
+ return b;
+ }
+}