SecureSecret.java

/*
 * Copyright 2016 The Simple File Server Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.sfs.encryption;

import com.google.common.primitives.Longs;

import java.lang.management.ManagementFactory;

public final class SecureSecret {

    private byte[] salt;
    private byte[] encrypted;
    private final AlgorithmDef algorithmDef;

    public SecureSecret() {
        this.algorithmDef = AlgorithmDef.getPreferred();
        this.salt = algorithmDef.generateSaltBlocking();
    }

    public byte[] getClearBytes() {
        if (encrypted == null) {
            throw new IllegalStateException("encrypted cannot be null");
        }
        if (salt == null) {
            throw new IllegalStateException("salt cannot be null");
        }
        Algorithm algorithm = algorithmDef.create(getSecret(), salt);
        return algorithm.decrypt(encrypted);
    }

    public SecureSecret setClearBytes(byte[] clear) {
        encrypted = encrypt(clear);
        return this;
    }

    protected byte[] encrypt(byte[] clear) {
        if (clear == null) {
            return null;
        }
        Algorithm algorithm = algorithmDef.create(getSecret(), salt);
        return algorithm.encrypt(clear);
    }

    protected byte[] toBytes(long v) {
        return Longs.toByteArray(v);
    }

    protected byte[] getSecret() {
        byte[] secret = toBytes(ManagementFactory.getRuntimeMXBean().getStartTime());
        return secret;
    }
}