/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.synapse.securevault;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.securevault.definition.CipherInformation;
import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation;
import org.apache.synapse.securevault.definition.KeyStoreInformation;
import org.apache.synapse.securevault.definition.TrustKeyStoreInformation;
import org.apache.synapse.securevault.keystore.IdentityKeyStoreWrapper;
import org.apache.synapse.securevault.keystore.KeyStoreWrapper;
import org.apache.synapse.securevault.keystore.TrustKeyStoreWrapper;
import org.apache.synapse.securevault.secret.SecretInformation;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
/**
* Wraps the cipher and expose abstraction need for synapse ciphering
*/
public abstract class BaseCipher implements EncryptionProvider, DecryptionProvider {
private CipherInformation cipherInformation;
private KeyStoreInformation keystoreInformation;
private static Log log = LogFactory.getLog(BaseCipher.class);
/* Underlying cipher instance*/
private Cipher cipher;
protected KeyStoreWrapper keyStoreWrapper;
private Key key;
protected BaseCipher(CipherInformation cipherInformation,
KeyStoreInformation keystoreInformation) {
this.cipherInformation = cipherInformation;
this.keystoreInformation = keystoreInformation;
if (keystoreInformation instanceof TrustKeyStoreInformation) {
keyStoreWrapper = new TrustKeyStoreWrapper();
((TrustKeyStoreWrapper) keyStoreWrapper).init(
(TrustKeyStoreInformation) keystoreInformation);
} else {
keyStoreWrapper = new IdentityKeyStoreWrapper();
IdentityKeyStoreInformation identityKeyStore =
(IdentityKeyStoreInformation) keystoreInformation;
SecretInformation secretInformation = identityKeyStore.getKeyPasswordProvider();
if (secretInformation != null) { //TODO validate
((IdentityKeyStoreWrapper) keyStoreWrapper).init(identityKeyStore,
secretInformation.getResolvedSecret());
}
}
init();
}
protected BaseCipher(CipherInformation cipherInformation,
KeyStoreWrapper keyStoreWrapper) {
this.keyStoreWrapper = keyStoreWrapper;
this.cipherInformation = cipherInformation;
init();
}
protected BaseCipher(CipherInformation cipherInformation, Key key) {
this.key = key;
this.cipherInformation = cipherInformation;
init();
}
private void init() {
String algorithm = cipherInformation.getAlgorithm();
CipherOperationMode opMode = cipherInformation.getCipherOperationMode();
if (key == null) {
key = getKey(opMode);
}
if (log.isDebugEnabled()) {
log.debug("Initializing cipher with algorithm " +
"'" + algorithm + "' in mode '" + opMode + "'");
}
try {
String provider = cipherInformation.getProvider();
if (provider != null && !"".equals(provider)) {
try {
cipher = Cipher.getInstance(algorithm, provider.trim());
} catch (NoSuchProviderException e) {
throw new SecureVaultException("Invalid Provider : " + provider, log);
}
} else {
cipher = Cipher.getInstance(algorithm);
}
if (opMode == CipherOperationMode.ENCRYPT) {
cipher.init(Cipher.ENCRYPT_MODE, key);
} else if (opMode == CipherOperationMode.DECRYPT) {
cipher.init(Cipher.DECRYPT_MODE, key);
} else {
throw new SecureVaultException("Invalid mode : " + opMode, log);
}
} catch (NoSuchAlgorithmException e) {
throw new SecureVaultException("There is no algorithm support for " +
"'" + algorithm + "' in the operation mode '" + opMode + "'" + e, log);
} catch (NoSuchPaddingException e) {
throw new SecureVaultException("There is no padding scheme for " +
"'" + algorithm + "' in the operation mode '" + opMode + "'" + e, log);
} catch (InvalidKeyException e) {
throw new SecureVaultException("Invalid key ", e, log);
}
}
public CipherInformation getCipherInformation() {
return cipherInformation;
}
public KeyStoreInformation getKeyStoreInformation() {
return keystoreInformation;
}
/**
* Returns the correct key for correct operation
*
* @param operationMode Ciper operation
* @return A key
*/
public abstract Key getKey(CipherOperationMode operationMode);
/**
* Do cryptographic operation
*
* @param inputStream Input Stream
* @return result
*/
private byte[] doCipherOperation(byte[] inputStream) {
InputStream sourceStream = new ByteArrayInputStream(inputStream);
if (cipherInformation.getInType() != null) {
try {
sourceStream = EncodingHelper.decode(
sourceStream, cipherInformation.getInType());
} catch (IOException e) {
throw new SecureVaultException("IOError when decoding the input " +
"stream for cipher ", e, log);
}
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
CipherOutputStream out = new CipherOutputStream(baos, cipher);
byte[] buffer = new byte[64];
int length;
try {
while ((length = sourceStream.read(buffer)) != -1) {
out.write(buffer, 0, length);
}
} catch (IOException e) {
throw new SecureVaultException("IOError when reading the input" +
" stream for cipher ", e, log);
} finally {
try {
sourceStream.close();
out.flush();
out.close();
} catch (IOException ignored) {
// ignore exception
}
}
if (cipherInformation.getOutType() != null) {
return EncodingHelper.encode(baos, cipherInformation.getOutType());
} else {
return baos.toByteArray();
}
}
public byte[] encrypt(byte[] plainText) {
return doCipherOperation(plainText);
}
public byte[] decrypt(byte[] cipherText) {
return doCipherOperation(cipherText);
}
}