Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AesBytesEncryptor constructor that uses secret key 

Fixes: gh-8402
This commit is contained in:
Eleftheria Stein 2020-04-27 10:43:43 -04:00 committed by Eleftheria Stein-Kousathana
parent 8e8251ac5f
commit 4d63e2f332
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
View File

@ -36,7 +36,7 @@ import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
/**
* Encryptor that uses 256-bit AES encryption.
* Encryptor that uses AES encryption.
*
* @author Keith Donald
* @author Dave Syer
@ -99,9 +99,19 @@ public final class AesBytesEncryptor implements BytesEncryptor {
public AesBytesEncryptor(String password, CharSequence salt,
BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt),
1024, 256);
SecretKey secretKey = newSecretKey("PBKDF2WithHmacSHA1", keySpec);
this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt),
1024, 256)), ivGenerator, alg);
}
/**
* Constructs an encryptor that uses AES encryption.
*
* @param secretKey the secret (symmetric) key
* @param ivGenerator the generator used to generate the initialization vector. If null,
* then a default algorithm will be used based on the provided {@link CipherAlgorithm}
* @param alg the {@link CipherAlgorithm} to be used
*/
public AesBytesEncryptor(SecretKey secretKey, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
this.alg = alg;
this.encryptor = alg.createCipher();

22
crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
View File

@ -22,10 +22,15 @@ import org.junit.Test;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM;
import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1;
/**
* Tests for {@link AesBytesEncryptor}
@ -69,6 +74,23 @@ public class AesBytesEncryptorTests {
public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() {
CryptoAssumptions.assumeGCMJCE();
AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM);
byte[] encryption = encryptor.encrypt(this.secret.getBytes());
assertThat(new String(Hex.encode(encryption)))
.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");
byte[] decryption = encryptor.decrypt(encryption);
assertThat(new String(decryption)).isEqualTo(this.secret);
}
@Test
public void roundtripWhenUsingSecretKeyThenEncryptsAndDecrypts() {
CryptoAssumptions.assumeGCMJCE();
PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt),
1024, 256);
SecretKey secretKey = newSecretKey(PBKDF2WithHmacSHA1.name(), keySpec);
AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, GCM);
byte[] encryption = encryptor.encrypt(this.secret.getBytes());
assertThat(new String(Hex.encode(encryption)))
.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");