package org.springframework.security.crypto.encrypt;
import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
import static org.springframework.security.crypto.util.EncodingUtils.subArray;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PKCS7Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryptor {
public BouncyCastleAesCbcBytesEncryptor(String password, CharSequence salt) {
super(password, salt);
}
public BouncyCastleAesCbcBytesEncryptor(String password, CharSequence salt,
BytesKeyGenerator ivGenerator) {
super(password, salt, ivGenerator);
}
@Override
public byte[] encrypt(byte[] bytes) {
byte[] iv = this.ivGenerator.generateKey();
@SuppressWarnings("deprecation")
PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
blockCipher.init(true, new ParametersWithIV(secretKey, iv));
byte[] encrypted = process(blockCipher, bytes);
return iv != null ? concatenate(iv, encrypted) : encrypted;
}
@Override
public byte[] decrypt(byte[] encryptedBytes) {
byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(),
encryptedBytes.length);
@SuppressWarnings("deprecation")
PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
blockCipher.init(false, new ParametersWithIV(secretKey, iv));
return process(blockCipher, encryptedBytes);
}
private byte[] process(BufferedBlockCipher blockCipher, byte[] in) {
byte[] buf = new byte[blockCipher.getOutputSize(in.length)];
int bytesWritten = blockCipher.processBytes(in, 0, in.length, buf, 0);
try {
bytesWritten += blockCipher.doFinal(buf, bytesWritten);
}
catch (InvalidCipherTextException e) {
throw new IllegalStateException("unable to encrypt/decrypt", e);
}
if (bytesWritten == buf.length) {
return buf;
}
byte[] out = new byte[bytesWritten];
System.arraycopy(buf, 0, out, 0, bytesWritten);
return out;
}
}