Componentize

Author: cstamas

src/main/java/org/codehaus/plexus/components/cipher/PlexusCipher.java

@@ -12,74 +12,76 @@
  */
 package org.codehaus.plexus.components.cipher;
 
+import java.util.Set;
+
 /**
  * @author Oleg Gusakov
  */
 public interface PlexusCipher {
+
+    /**
+     * Returns the available cipher algorithms, never {@code null}.
+     */
+    Set<String> availableCiphers();
+
     /**
-     * encrypt given string with the given passPhrase and encode it into base64
+     * Encrypt given string with the given alg and passPhrase and encode it into Base64 string.
      *
-     * @param str       string to encrypt
-     * @param passPhrase pass phrase
-     * @return encrypted str
+     * @param alg cipher alg to use, never {@code null}
+     * @param str string to encrypt, never {@code null}
+     * @param passPhrase pass phrase, never {@code null}
+     * @return encrypted str, never {@code null}
      * @throws PlexusCipherException if encryption fails
      */
-    String encrypt(String str, String passPhrase) throws PlexusCipherException;
+    String encrypt(String alg, String str, String passPhrase) throws PlexusCipherException;
 
     /**
-     * encrypt given string with the given passPhrase, encode it into base64 and return result, wrapped into { }
-     * decorations
+     * Encrypt given string with the given alg and passPhrase and encode it into Base64 decorated string.
      *
-     * @param str      string to encrypt
-     * @param passPhrase pass phrase
-     * @return encrypted and decorated str
+     * @param alg cipher alg to use, never {@code null}
+     * @param str string to encrypt, never {@code null}
+     * @param passPhrase pass phrase, never {@code null}
+     * @return encrypted and decorated str, never {@code null}
      * @throws PlexusCipherException if encryption fails
      */
-    String encryptAndDecorate(String str, String passPhrase) throws PlexusCipherException;
+    String encryptAndDecorate(String alg, String str, String passPhrase) throws PlexusCipherException;
 
     /**
-     * decrypt given base64 encrypted string
+     * Decrypt given Base64 encoded string with the given alg and passPhrase and return resulting string.
      *
-     * @param str       base64 encoded string
-     * @param passPhrase     pass phrase
-     * @return decrypted str
-     * @throws PlexusCipherException if decryption fails
+     * @param alg cipher alg to use, never {@code null}
+     * @param str string to encrypt, never {@code null}
+     * @param passPhrase pass phrase, never {@code null}
+     * @return encrypted and decorated str, never {@code null}
+     * @throws PlexusCipherException if encryption fails
      */
-    String decrypt(String str, String passPhrase) throws PlexusCipherException;
+    String decrypt(String alg, String str, String passPhrase) throws PlexusCipherException;
 
     /**
-     * decrypt given base64 encoded encrypted string. If string is decorated, decrypt base64 encoded string inside
-     * decorations
+     * Decrypt given decorated  Base64 encoded string with the given alg and passPhrase and return resulting string.
      *
-     * @param str    base64 encoded string
-     * @param passPhrase     pass phrase
-     * @return decrypted decorated str
-     * @throws PlexusCipherException if decryption fails
+     * @param alg cipher alg to use, never {@code null}
+     * @param str string to encrypt, never {@code null}
+     * @param passPhrase pass phrase, never {@code null}
+     * @return encrypted and decorated str, never {@code null}
+     * @throws PlexusCipherException if encryption fails
      */
-    String decryptDecorated(String str, String passPhrase) throws PlexusCipherException;
+    String decryptDecorated(String alg, String str, String passPhrase) throws PlexusCipherException;
 
     /**
-     * check if given string is decorated
-     *
-     * @param str string to check
-     * @return true if string is encrypted
+     * Check if given string is decorated.
      */
     boolean isEncryptedString(String str);
 
     /**
-     * return string inside decorations
+     * Remove decorations from string, if it was decorated.
      *
-     * @param str decorated string
-     * @return undecorated str
-     * @throws PlexusCipherException if decryption fails
+     * @throws PlexusCipherException is string is malformed
      */
     String unDecorate(String str) throws PlexusCipherException;
 
     /**
-     * decorated given string with { and }
-     *
-     * @param str string to decorate
-     * @return decorated str
+     * Decorates given string.
      */
     String decorate(String str);
 }

src/main/java/org/codehaus/plexus/components/cipher/internal/PBECipher.java src/main/java/org/codehaus/plexus/components/cipher/internal/AESCBCPKCS5Padding.java

@@ -25,8 +25,9 @@ Licensed to the Apache Software Foundation (ASF) under one
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
+import javax.inject.Named;
+import javax.inject.Singleton;
 
-import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -38,107 +39,74 @@ Licensed to the Apache Software Foundation (ASF) under one
 
 import org.codehaus.plexus.components.cipher.PlexusCipherException;
 
-/**
- * This class is thread-safe.
- *
- * @author Oleg Gusakov
- */
-public class PBECipher {
-    protected static final Charset STRING_ENCODING = StandardCharsets.UTF_8;
-    protected static final int SPICE_SIZE = 16;
-    protected static final int SALT_SIZE = 8;
-    protected static final int CHUNK_SIZE = 16;
-    protected static final String KEY_ALG = "AES";
-    protected static final String CIPHER_ALG = "AES/CBC/PKCS5Padding";
-    protected static final int PBE_ITERATIONS = 310000;
+@Singleton
+@Named(AESCBCPKCS5Padding.CIPHER_ALG)
+public class AESCBCPKCS5Padding implements org.codehaus.plexus.components.cipher.internal.Cipher {
+    public static final String CIPHER_ALG = "AES/CBC/PKCS5Padding";
+
+    private static final int SPICE_SIZE = 16;
+    private static final int SALT_SIZE = 8;
+    private static final int CHUNK_SIZE = 16;
+    private static final String KEY_ALG = "AES";
+    private static final int PBE_ITERATIONS = 310000;
     private static final SecureRandom _secureRandom = new SecureRandom();
 
-    // ---------------------------------------------------------------
-    private byte[] getSalt(final int sz) {
+    private byte[] getSalt(int sz) {
         byte[] res = new byte[sz];
-
         _secureRandom.nextBytes(res);
-
         return res;
     }
-    // -------------------------------------------------------------------------------
-    public String encrypt64(final String clearText, final String password) throws PlexusCipherException {
-        try {
-            byte[] clearBytes = clearText.getBytes(STRING_ENCODING);
 
+    @Override
+    public String encrypt(String clearText, String password) throws PlexusCipherException {
+        try {
+            byte[] clearBytes = clearText.getBytes(StandardCharsets.UTF_8);
             byte[] salt = getSalt(SALT_SIZE);
-
             Cipher cipher = createCipher(password.toCharArray(), salt, Cipher.ENCRYPT_MODE);
-
             byte[] encryptedBytes = cipher.doFinal(clearBytes);
-
             int len = encryptedBytes.length;
-
             byte padLen = (byte) (CHUNK_SIZE - (SALT_SIZE + len + 1) % CHUNK_SIZE);
-
             int totalLen = SALT_SIZE + len + padLen + 1;
-
             byte[] allEncryptedBytes = getSalt(totalLen);
-
             System.arraycopy(salt, 0, allEncryptedBytes, 0, SALT_SIZE);
-
             allEncryptedBytes[SALT_SIZE] = padLen;
-
             System.arraycopy(encryptedBytes, 0, allEncryptedBytes, SALT_SIZE + 1, len);
-
             return Base64.getEncoder().encodeToString(allEncryptedBytes);
         } catch (Exception e) {
             throw new PlexusCipherException(e.getMessage(), e);
         }
     }
 
-    // -------------------------------------------------------------------------------
-    public String decrypt64(final String encryptedText, final String password) throws PlexusCipherException {
+    @Override
+    public String decrypt(String encryptedText, String password) throws PlexusCipherException {
         try {
             byte[] allEncryptedBytes = Base64.getDecoder().decode(encryptedText.getBytes());
-
             int totalLen = allEncryptedBytes.length;
-
             byte[] salt = new byte[SALT_SIZE];
-
             System.arraycopy(allEncryptedBytes, 0, salt, 0, SALT_SIZE);
-
             byte padLen = allEncryptedBytes[SALT_SIZE];
-
             byte[] encryptedBytes = new byte[totalLen - SALT_SIZE - 1 - padLen];
-
             System.arraycopy(allEncryptedBytes, SALT_SIZE + 1, encryptedBytes, 0, encryptedBytes.length);
-
             Cipher cipher = createCipher(password.toCharArray(), salt, Cipher.DECRYPT_MODE);
-
             byte[] clearBytes = cipher.doFinal(encryptedBytes);
-
-            return new String(clearBytes, STRING_ENCODING);
+            return new String(clearBytes, StandardCharsets.UTF_8);
         } catch (Exception e) {
             throw new PlexusCipherException(e.getMessage(), e);
         }
     }
-    // -------------------------------------------------------------------------------
-    private Cipher createCipher(final char[] pwd, byte[] salt, final int mode)
+
+    private Cipher createCipher(char[] pwd, byte[] salt, int mode)
             throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
                     InvalidAlgorithmParameterException, InvalidKeySpecException {
-
         KeySpec spec = new PBEKeySpec(pwd, salt, PBE_ITERATIONS, SPICE_SIZE * 16);
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
         byte[] keyAndIv = factory.generateSecret(spec).getEncoded();
-
         byte[] key = new byte[SPICE_SIZE];
-
         byte[] iv = new byte[SPICE_SIZE];
-
         System.arraycopy(keyAndIv, 0, key, 0, key.length);
-
         System.arraycopy(keyAndIv, key.length, iv, 0, iv.length);
-
         Cipher cipher = Cipher.getInstance(CIPHER_ALG);
-
         cipher.init(mode, new SecretKeySpec(key, KEY_ALG), new IvParameterSpec(iv));
-
         return cipher;
     }
 }

src/main/java/org/codehaus/plexus/components/cipher/internal/AESGCMNoPadding.java

@@ -0,0 +1,113 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+ */
+
+package org.codehaus.plexus.components.cipher.internal;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.Base64;
+
+import org.codehaus.plexus.components.cipher.PlexusCipherException;
+
+@Singleton
+@Named(AESGCMNoPadding.CIPHER_ALG)
+public class AESGCMNoPadding implements org.codehaus.plexus.components.cipher.internal.Cipher {
+    public static final String CIPHER_ALG = "AES/GCM/NoPadding";
+
+    private static final int SPICE_SIZE = 16;
+    private static final int SALT_SIZE = 8;
+    private static final int CHUNK_SIZE = 16;
+    private static final String KEY_ALG = "AES";
+    private static final int PBE_ITERATIONS = 310000;
+    private static final SecureRandom _secureRandom = new SecureRandom();
+
+    private byte[] getSalt(int sz) {
+        byte[] res = new byte[sz];
+        _secureRandom.nextBytes(res);
+        return res;
+    }
+
+    @Override
+    public String encrypt(String clearText, String password) throws PlexusCipherException {
+        try {
+            byte[] clearBytes = clearText.getBytes(StandardCharsets.UTF_8);
+            byte[] salt = getSalt(SALT_SIZE);
+            Cipher cipher = createCipher(password.toCharArray(), salt, Cipher.ENCRYPT_MODE);
+            byte[] encryptedBytes = cipher.doFinal(clearBytes);
+            int len = encryptedBytes.length;
+            byte padLen = (byte) (CHUNK_SIZE - (SALT_SIZE + len + 1) % CHUNK_SIZE);
+            int totalLen = SALT_SIZE + len + padLen + 1;
+            byte[] allEncryptedBytes = getSalt(totalLen);
+            System.arraycopy(salt, 0, allEncryptedBytes, 0, SALT_SIZE);
+            allEncryptedBytes[SALT_SIZE] = padLen;
+            System.arraycopy(encryptedBytes, 0, allEncryptedBytes, SALT_SIZE + 1, len);
+            return Base64.getEncoder().encodeToString(allEncryptedBytes);
+        } catch (Exception e) {
+            throw new PlexusCipherException(e.getMessage(), e);
+        }
+    }
+
+    @Override
+    public String decrypt(String encryptedText, String password) throws PlexusCipherException {
+        try {
+            byte[] allEncryptedBytes = Base64.getDecoder().decode(encryptedText.getBytes());
+            int totalLen = allEncryptedBytes.length;
+            byte[] salt = new byte[SALT_SIZE];
+            System.arraycopy(allEncryptedBytes, 0, salt, 0, SALT_SIZE);
+            byte padLen = allEncryptedBytes[SALT_SIZE];
+            byte[] encryptedBytes = new byte[totalLen - SALT_SIZE - 1 - padLen];
+            System.arraycopy(allEncryptedBytes, SALT_SIZE + 1, encryptedBytes, 0, encryptedBytes.length);
+            Cipher cipher = createCipher(password.toCharArray(), salt, Cipher.DECRYPT_MODE);
+            byte[] clearBytes = cipher.doFinal(encryptedBytes);
+            return new String(clearBytes, StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            throw new PlexusCipherException(e.getMessage(), e);
+        }
+    }
+
+    private Cipher createCipher(char[] pwd, byte[] salt, int mode)
+            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+                    InvalidAlgorithmParameterException, InvalidKeySpecException {
+        KeySpec spec = new PBEKeySpec(pwd, salt, PBE_ITERATIONS, SPICE_SIZE * 16);
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
+        byte[] keyAndIv = factory.generateSecret(spec).getEncoded();
+        byte[] key = new byte[SPICE_SIZE];
+        byte[] iv = new byte[12];
+        _secureRandom.nextBytes(iv);
+        System.arraycopy(keyAndIv, 0, key, 0, key.length);
+        Cipher cipher = Cipher.getInstance(CIPHER_ALG);
+        GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv);
+        cipher.init(mode, new SecretKeySpec(key, KEY_ALG), gcmSpec);
+        return cipher;
+    }
+}