/**
*
* Copyright 2003-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.geronimo.util;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.io.ObjectInputStream;
import java.io.ByteArrayInputStream;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SealedObject;
import org.apache.geronimo.util.encoders.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* This class protects some value BY ENCRYPTING WITH A KNOWN KEY. That is
* to say, it's only safe against anyone who can't read the source code.
* So the main idea is to protect against casual observers.
*
* If someone has a better idea for how to implement encryption with a
* non-obvious key that the user isn't likely to change during the normal
* course of working with the server, I'd be happy to hear it. (But I
* assume the SSL keystore is likely to be changed, which would result
* in losing all the "encrypted" data.
*
* @version $Rev: 355877 $ $Date: 2005-12-11 03:48:27 +0100 (Sun, 11 Dec 2005) $
*/
public class SimpleEncryption {
private final static Log log = LogFactory.getLog(SimpleEncryption.class);
private final static SecretKeySpec SECRET_KEY = new SecretKeySpec(new byte[]{(byte)-45,(byte)-15,(byte)100,(byte)-34,(byte)70,(byte)83,(byte)75,(byte)-100,(byte)-75,(byte)61,(byte)26,(byte)114,(byte)-20,(byte)-58,(byte)114,(byte)77}, "AES");
/**
* Gets a String which contains the Base64-encoded form of the source,
* encrypted with the known key.
*/
public static String encrypt(Serializable source) {
try {
Cipher c = Cipher.getInstance("AES");
c.init(Cipher.ENCRYPT_MODE, SECRET_KEY);
SealedObject so = new SealedObject(source, c);
ByteArrayOutputStream store = new ByteArrayOutputStream();
ObjectOutputStream out = new ObjectOutputStream(store);
out.writeObject(so);
out.close();
byte[] data = store.toByteArray();
byte[] textData = Base64.encode(data);
return new String(textData, "US-ASCII");
} catch (Exception e) {
log.error("Unable to encrypt", e);
return null;
}
}
/**
* Given a String which is the Base64-encoded encrypted data, retrieve
* the original Object.
*/
public static Object decrypt(String source) {
try {
byte[] data = Base64.decode(source);
Cipher c = Cipher.getInstance("AES");
c.init(Cipher.DECRYPT_MODE, SECRET_KEY);
ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(data));
SealedObject so = (SealedObject) in.readObject();
return so.getObject(c);
} catch (Exception e) {
log.error("Unable to decrypt", e);
return null;
}
}
}