EncryptionHelper.java

package org.jfrog.bamboo.security;

import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

import javax.annotation.concurrent.ThreadSafe;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;

/**
 * Created by diman on 07/03/2017.
 */
@ThreadSafe
public class EncryptionHelper {

    private static final Logger log = Logger.getLogger(EncryptionHelper.class);

    private static String DESEDE_ENCRYPTION_SCHEME = "DESede";

    @NotNull
    public static String encrypt(@Nullable String stringToEncrypt) {
        if (StringUtils.isEmpty(stringToEncrypt)) {
            return StringUtils.EMPTY;
        }
        try {
            final byte[] encrypted = getEncrypter().doFinal(stringToEncrypt.getBytes(StandardCharsets.UTF_8));
            return Base64.getMimeEncoder().encodeToString(encrypted);
        } catch (Exception e) {
            throw new RuntimeException("Failed to encrypt.", e);
        }
    }

    @NotNull
    public static String decrypt(@Nullable String data) {
        if (StringUtils.isEmpty(data)) {
            return StringUtils.EMPTY;
        }
        try {
            final byte[] encrypted = Base64.getMimeDecoder().decode(data);
            return new String(getDecrypter().doFinal(encrypted), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new RuntimeException("Failed to decrypt.", e);
        }
    }

    private static SecretKey generateSecret()
            throws InvalidKeySpecException, InvalidKeyException, NoSuchAlgorithmException {
        DESedeKeySpec myKeySpec = new DESedeKeySpec("Beetlejuice version $version (c) Copyright 2003-2005 Pols Consulting Limited"
                .getBytes(StandardCharsets.UTF_8));
        SecretKeyFactory myKeyFactory = SecretKeyFactory.getInstance(DESEDE_ENCRYPTION_SCHEME);
        return myKeyFactory.generateSecret(myKeySpec);
    }

    private static Cipher getDecrypter() throws InvalidKeySpecException, InvalidKeyException, NoSuchAlgorithmException {
        SecretKey secretKey = generateSecret();
        final Cipher decrypter = threadLocalDecrypter.get();
        decrypter.init(Cipher.DECRYPT_MODE, secretKey);
        return decrypter;
    }

    private static Cipher getEncrypter() throws InvalidKeySpecException, InvalidKeyException, NoSuchAlgorithmException {
        SecretKey secretKey = generateSecret();
        final Cipher encrypter = threadLocalEncrypter.get();
        encrypter.init(Cipher.ENCRYPT_MODE, secretKey);
        return encrypter;
    }

    private static ThreadLocal<Cipher> threadLocalEncrypter = new ThreadLocal<Cipher>() {
        @Override
        protected Cipher initialValue() {
            try {
                return Cipher.getInstance(DESEDE_ENCRYPTION_SCHEME);
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                log.error("Cannot create encrypter", e);
            }
            return null;
        }
    };

    private static ThreadLocal<Cipher> threadLocalDecrypter = new ThreadLocal<Cipher>() {
        @Override
        protected Cipher initialValue() {
            try {
                return Cipher.getInstance(DESEDE_ENCRYPTION_SCHEME);
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                log.error("Cannot create decrypter", e);
            }
            return null;
        }
    };
}