GeoWaveEncryption.java

/**
 * 
 */
package mil.nga.giat.geowave.core.cli.operations.config.security.crypto;

import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PKCS7Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Encryption/Decryption implementation based of symmetric cryptography
 *
 */
public class GeoWaveEncryption extends
		BaseEncryption
{
	private final static Logger LOGGER = LoggerFactory.getLogger(GeoWaveEncryption.class);

	/**
	 * Base constructor for encryption, allowing a resource location for the
	 * cryptography token key to be specified, rather than using the
	 * default-generated path
	 * 
	 * @param resourceLocation
	 *            Path to cryptography token key file
	 */
	public GeoWaveEncryption(
			final String resourceLocation ) {
		super(
				resourceLocation);
	}

	/**
	 * Base constructor for encryption
	 */
	public GeoWaveEncryption() {
		super();
	}

	@Override
	public byte[] encryptBytes(
			byte[] valueToEncrypt )
			throws Exception {
		return Base64.encodeBase64(encryptValue(valueToEncrypt));
	}

	@Override
	public byte[] decryptBytes(
			byte[] valueToDecrypt )
			throws Exception {
		return decryptValue(Base64.decodeBase64(valueToDecrypt));
	}

	private PaddedBufferedBlockCipher getCipher(
			boolean encrypt ) {
		PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(
				new CBCBlockCipher(
						new AESEngine()),
				new PKCS7Padding());
		CipherParameters ivAndKey = new ParametersWithIV(
				new KeyParameter(
						getKey().getEncoded()),
				salt);
		cipher.init(
				encrypt,
				ivAndKey);
		return cipher;
	}

	/**
	 * Encrypts a binary value using the given key and returns a base 64 encoded
	 * encrypted string.
	 * 
	 * @param valueToEncrypt
	 *            Binary value to encrypt
	 * @return Encrypted binary
	 * @throws Exception
	 */
	private byte[] encryptValue(
			byte[] encodedValue )
			throws Exception {
		LOGGER.trace("ENTER :: encyrpt");

		PaddedBufferedBlockCipher cipher = getCipher(true);
		byte output[] = new byte[cipher.getOutputSize(encodedValue.length)];
		int length = cipher.processBytes(
				encodedValue,
				0,
				encodedValue.length,
				output,
				0);
		try {
			cipher.doFinal(
					output,
					length);
		}
		catch (CryptoException e) {
			LOGGER.error(
					"An error occurred performing encryption: " + e.getLocalizedMessage(),
					e);
		}
		return output;
	}

	/**
	 * Decrypts the base64-decoded value
	 * 
	 * @param decodedValue
	 *            value to decrypt
	 * @return
	 * @throws Exception
	 */
	private byte[] decryptValue(
			byte[] decodedValue )
			throws Exception {

		StringBuffer result = new StringBuffer();

		PaddedBufferedBlockCipher cipher = getCipher(false);
		byte output[] = new byte[cipher.getOutputSize(decodedValue.length)];
		int length = cipher.processBytes(
				decodedValue,
				0,
				decodedValue.length,
				output,
				0);
		cipher.doFinal(
				output,
				length);
		if (output != null && output.length != 0) {
			String retval = new String(
					output,
					"UTF-8");
			for (int i = 0; i < retval.length(); i++) {
				char c = retval.charAt(i);
				if (c != 0) {
					result.append(c);
				}
			}
		}
		return result.toString().getBytes(
				"UTF-8");
	}
}