VaultEncDecUtilities.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2025 Link.it srl (https://link.it).
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
package org.openspcoop2.pdd.config.vault.cli;

import java.io.File;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

import org.apache.commons.lang.StringUtils;
import org.openspcoop2.core.byok.BYOKWrappedValue;
import org.openspcoop2.core.commons.CoreException;
import org.openspcoop2.pdd.core.byok.DriverBYOK;
import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.certificate.byok.BYOKInstance;
import org.openspcoop2.utils.certificate.byok.BYOKManager;
import org.openspcoop2.utils.certificate.byok.BYOKRequestParams;
import org.openspcoop2.utils.resources.FileSystemUtilities;

/**
* VaultEncDecUtilities
*
* @author Poli Andrea (apoli@link.it)
* @author $Author$
* @version $Rev$, $Date$
*/
public class VaultEncDecUtilities {

    private VaultEncDecConfig encDecConfig = null;
    
    public VaultEncDecUtilities(VaultEncDecConfig c) {
        this.encDecConfig = c;
    }
    
    public void process() throws CoreException {

        try {
            
            byte[]input = null;
            VaultTools.logCoreDebug("Lettura input ...");
            if(this.encDecConfig.isInSystemMode()) {
                input = this.encDecConfig.getInText().getBytes();
            }
            else {
                input = FileSystemUtilities.readBytesFromFile(this.encDecConfig.getInFilePath());
            }
            VaultTools.logCoreDebug("Lettura input completata");
            
            byte [] output = null;
            
            if(this.encDecConfig.isSecurityMode()) {
                output = processBySecurity(input);
            }
            else {
                output = processByKms(input);
            }
            
            VaultTools.logCoreDebug("Serializzazione output ...");
            if(this.encDecConfig.isOutSystemMode()) {
                VaultTools.logOutput(new String(output));
            }
            else if(this.encDecConfig.isOutFileMode()) {
                File f = new File(this.encDecConfig.getOutFilePath());
                FileSystemUtilities.writeFile(f, output);
                String op = this.encDecConfig.isEncode() ? "Encrypted" : "Decrypted";
                VaultTools.logOutput(op+" content in '"+f.getAbsolutePath()+"'");
            }
            else {
                throw new CoreException("Unsupported mode");
            }
            VaultTools.logCoreDebug("Serializzazione output completata");
        }
        catch(Exception t) {
            VaultTools.logCoreError(t.getMessage(),t);
            throw new CoreException(t.getMessage(),t);
        }

    }
    public byte[] processBySecurity(byte[] input) throws UtilsException {
        String policy = this.encDecConfig.getId();
        if(policy==null || StringUtils.isEmpty(policy)) {
            policy = BYOKManager.getSecurityRemoteEngineGovWayPolicy();
        }
        if(policy==null || StringUtils.isEmpty(policy)) {
            policy = BYOKManager.getSecurityEngineGovWayPolicy();
        }
        
        VaultTools.logCoreDebug("Cifratura tramite security policy '"+policy+"' ...");
        
        DriverBYOK driver = new DriverBYOK(VaultTools.getLogCore(), policy, policy);
        
        byte [] output = null;
        if(this.encDecConfig.isEncode()) {
            BYOKWrappedValue v = driver.wrap(input);
            output = v.getWrappedValue().getBytes();
        }
        else {
            output = driver.unwrap(input);
        }
        
        if(Arrays.equals(input, output)) {
            throw new UtilsException("Unwrap failed");
        }
        
        VaultTools.logCoreDebug("Cifratura tramite security policy '"+policy+"' completata");
        
        return output;
    }
    public byte[] processByKms(byte[] input) throws UtilsException {
        String kmsId = this.encDecConfig.getId();
        VaultTools.logCoreDebug("Cifratura tramite kms '"+kmsId+"' ...");
        
        Map<String, Object> dynamicMap = DriverBYOK.buildDynamicMap(VaultTools.getLogCore());
        Map<String, String> inputMap = new HashMap<>();
        BYOKRequestParams requestParams = BYOKRequestParams.getBYOKRequestParamsByKmsId(kmsId, inputMap, dynamicMap);
        
        BYOKInstance instance = BYOKInstance.newInstance(VaultTools.getLogCore(), requestParams, input);
        
        byte[] output = DriverBYOK.processInstance(instance, true);
        
        VaultTools.logCoreDebug("Cifratura tramite kms '"+kmsId+"' completata");
        
        return output;
    }
}