feat(jans-core): add AES utility class #3215

JanssenProject · Dec 7, 2022 · 1d71222 · 1d71222
1 parent 28fad9f
commit 1d71222
Show file tree

Hide file tree

Showing 3 changed files with 123 additions and 0 deletions.
diff --git a/jans-core/util/pom.xml b/jans-core/util/pom.xml
@@ -99,6 +99,12 @@
 			<groupId>jakarta.xml.bind</groupId>
 			<artifactId>jakarta.xml.bind-api</artifactId>
 		</dependency>
+
+        <dependency>
+            <groupId>org.testng</groupId>
+            <artifactId>testng</artifactId>
+        </dependency>
+
 	</dependencies>
 
 </project>
diff --git a/jans-core/util/src/main/java/io/jans/util/security/AESUtil.java b/jans-core/util/src/main/java/io/jans/util/security/AESUtil.java
@@ -0,0 +1,68 @@
+package io.jans.util.security;
+
+import javax.crypto.*;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.Base64;
+
+public class AESUtil {
+
+    public static final int IV_LENGTH = 16;
+    public static final int GCM_TAG_LENGTH = 16;
+
+    private AESUtil() {
+    }
+
+    public static SecretKey generateKey(int n) throws NoSuchAlgorithmException {
+        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+        keyGenerator.init(n);
+        return keyGenerator.generateKey();
+    }
+
+    public static SecretKey getKeyFromPassword(String password, String salt)
+            throws NoSuchAlgorithmException, InvalidKeySpecException {
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
+        KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 65536, 256);
+        return new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
+    }
+
+    public static IvParameterSpec generateIv() {
+        return generateIv(IV_LENGTH);
+    }
+
+    public static IvParameterSpec generateIv(int size) {
+        byte[] iv = new byte[size];
+        new SecureRandom().nextBytes(iv);
+        return new IvParameterSpec(iv);
+    }
+
+    public static GCMParameterSpec generateGcmSpec() {
+        return new GCMParameterSpec(GCM_TAG_LENGTH * 8, generateIv().getIV());
+    }
+
+    public static String encrypt(String algorithm, String input, SecretKey key, AlgorithmParameterSpec spec) throws NoSuchPaddingException, NoSuchAlgorithmException,
+            InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
+
+        Cipher cipher = Cipher.getInstance(algorithm);
+        cipher.init(Cipher.ENCRYPT_MODE, key, spec);
+        byte[] cipherText = cipher.doFinal(input.getBytes());
+        return Base64.getEncoder().encodeToString(cipherText);
+    }
+
+    public static String decrypt(String algorithm, String cipherText, SecretKey key, AlgorithmParameterSpec spec) throws NoSuchPaddingException, NoSuchAlgorithmException,
+            InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
+        Cipher cipher = Cipher.getInstance(algorithm);
+        cipher.init(Cipher.DECRYPT_MODE, key, spec);
+        byte[] plainText = cipher.doFinal(Base64.getDecoder().decode(cipherText));
+        return new String(plainText);
+    }
+}
diff --git a/jans-core/util/src/test/java/io/jans/util/security/AESUtilTest.java b/jans-core/util/src/test/java/io/jans/util/security/AESUtilTest.java
@@ -0,0 +1,49 @@
+package io.jans.util.security;
+
+import org.testng.annotations.Test;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import static io.jans.util.security.AESUtil.generateGcmSpec;
+import static org.testng.Assert.assertEquals;
+
+/**
+ * @author Yuriy Z
+ */
+public class AESUtilTest {
+
+    @Test
+    public void cbc_whenEncryptAndDecrypt_shouldProduceCorrectOutput() throws NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException {
+        String input = "textToEncrypt";
+        SecretKey key = AESUtil.generateKey(128);
+        IvParameterSpec ivParameterSpec = AESUtil.generateIv();
+
+        String algorithm = "AES/CBC/PKCS5Padding";
+        String cipherText = AESUtil.encrypt(algorithm, input, key, ivParameterSpec);
+        String plainText = AESUtil.decrypt(algorithm, cipherText, key, ivParameterSpec);
+
+        assertEquals(input, plainText);
+    }
+
+    @Test
+    public void gcm_whenEncryptAndDecrypt_shouldProduceCorrectOutput() throws NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException {
+        String input = "textToEncrypt";
+        SecretKey key = AESUtil.generateKey(128);
+
+        String algorithm = "AES/GCM/NoPadding";
+        final GCMParameterSpec gcmSpec = generateGcmSpec();
+
+        String cipherText = AESUtil.encrypt(algorithm, input, key, gcmSpec);
+        String plainText = AESUtil.decrypt(algorithm, cipherText, key, gcmSpec);
+
+        assertEquals(input, plainText);
+    }
+}