DecryptOpenSSLPass.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.security;

  24. import java.util.Arrays;

  26. import javax.crypto.spec.SecretKeySpec;

  28. import org.openspcoop2.utils.UtilsException;
  29. import org.openspcoop2.utils.certificate.SymmetricKeyUtils;
  30. import org.openspcoop2.utils.io.Base64Utilities;
  31. import org.openspcoop2.utils.io.HexBinaryUtilities;

  33. /** 
  34.  * Encrypt
  35.  *
  36.  * @author Poli Andrea (apoli@link.it)
  37.  * @author $Author$
  38.  * @version $Rev$, $Date$
  39.  */
  40. public class DecryptOpenSSLPass extends AbstractCipher {

  42.     /**
  43.       * 
  44.       * Openssl encrypts data using the following steps:
  45.       * 1. bytes = cipherText
  46.       * 2. salt = bytes[8,16)
  47.       * 3. key = messageDigest("sha256", password+salt)
  48.       * 4. iv = messageDigest(key+password+salt)[0,16)
  49.       * 5. plainText = decrypt("aes256cbc", key, iv, bytes[16..end])
  50.     */

  52.     public static CipherInfo buildCipherInfo(byte[] cipherBytes, String password, String digestAlgoParam, OpenSSLEncryptionMode mode) throws UtilsException {
  53.         
  54.         CipherInfo cipherInfo = new CipherInfo();
  55.         
  56.         cipherInfo.setSalt(buildSalt(cipherBytes));
  57.         
  58.         cipherInfo.setEncodedKey(EncryptOpenSSLPass.buildSecretKey(password, cipherInfo.getSalt(), digestAlgoParam, mode));
  59.         cipherInfo.setKey(new SecretKeySpec(cipherInfo.getEncodedKey(), SymmetricKeyUtils.ALGO_AES));
  60.         
  61.         cipherInfo.setIv(EncryptOpenSSLPass.buildIV(password, cipherInfo.getSalt(), cipherInfo.getEncodedKey(), digestAlgoParam));
  62.         cipherInfo.setIvParameterSpec(EncryptOpenSSLPass.convertTo(cipherInfo.getIv()));
  63.         
  64.         return cipherInfo;
  65.     }
  66.     static byte[] buildSalt(byte[] cipherBytes) throws UtilsException {
  67.         try {                
  68.             return Arrays.copyOfRange(cipherBytes, 8, 16);
  69.         }catch(Exception e) {
  70.             throw new UtilsException(e.getMessage(),e);
  71.         }
  72.     }
  73.     
  74.     public static byte[] extractCipherBytes(byte[] data) {
  75.         return Arrays.copyOfRange(
  76.                 data, 16, data.length);
  77.     }
  78.     
  79.     
  80.     private OpenSSLEncryptionMode mode;
  81.     private String password;
  82.     
  83.     public DecryptOpenSSLPass(String password) {
  84.         this(password, null);
  85.     }
  86.     public DecryptOpenSSLPass(String password, OpenSSLEncryptionMode modeParam) {
  87.         super(javax.crypto.Cipher.DECRYPT_MODE);
  88.         this.mode = modeParam!=null ? modeParam : OpenSSLEncryptionMode.AES_256_CBC;
  89.         this.password = password;
  90.     }


  93.     public byte[] decrypt(byte[] data) throws UtilsException{
  94.         CipherInfo cipherInfo = buildCipherInfo(data, this.password, null, this.mode);
  95.         this.key = cipherInfo.getKey();
  96.         this.ivParameterSpec = cipherInfo.getIvParameterSpec();
  97.         byte[] cipherBytes = extractCipherBytes(data);
  98.         return super.process(cipherBytes, EncryptOpenSSLPass.getAlgorithm(this.mode));
  99.     }
  100.     
  101.     public byte[] decryptBase64(byte[] data) throws UtilsException{
  102.         return this.decrypt(Base64Utilities.decode(data));
  103.     }
  104.     
  105.     public byte[] decryptBase64(String data) throws UtilsException{
  106.         return this.decrypt(Base64Utilities.decode(data));
  107.     }
  108.     
  109.     public byte[] decryptHexBinary(char[] data) throws UtilsException{
  110.         return this.decrypt(HexBinaryUtilities.decode(data));
  111.     }
  112.     
  113.     public byte[] decryptHexBinary(String data) throws UtilsException{
  114.         return this.decrypt(HexBinaryUtilities.decode(data));
  115.     }
  116.     
  117.     
  118.     @Override
  119.     public void initIV(String algorithm) throws UtilsException{
  120.         // NOP
  121.         // Non deve fare nulla questa chiamata, viene gestita dalla funzione sopra l'IV
  122.     }
  123. }
Created with JaCoCo 0.8.8.202204050719