diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java index 2d0008e0a1..95c7b4067f 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java +++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java @@ -36,7 +36,7 @@ import org.springframework.security.crypto.keygen.BytesKeyGenerator; import org.springframework.security.crypto.keygen.KeyGenerators; /** - * Encryptor that uses 256-bit AES encryption. + * Encryptor that uses AES encryption. * * @author Keith Donald * @author Dave Syer @@ -99,9 +99,19 @@ public final class AesBytesEncryptor implements BytesEncryptor { public AesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) { - PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt), - 1024, 256); - SecretKey secretKey = newSecretKey("PBKDF2WithHmacSHA1", keySpec); + this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt), + 1024, 256)), ivGenerator, alg); + } + + /** + * Constructs an encryptor that uses AES encryption. + * + * @param secretKey the secret (symmetric) key + * @param ivGenerator the generator used to generate the initialization vector. If null, + * then a default algorithm will be used based on the provided {@link CipherAlgorithm} + * @param alg the {@link CipherAlgorithm} to be used + */ + public AesBytesEncryptor(SecretKey secretKey, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) { this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES"); this.alg = alg; this.encryptor = alg.createCipher(); diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java index f16928eb47..ce95884e9d 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java @@ -22,10 +22,15 @@ import org.junit.Test; import org.springframework.security.crypto.codec.Hex; import org.springframework.security.crypto.keygen.BytesKeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.PBEKeySpec; + import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM; +import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey; +import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1; /** * Tests for {@link AesBytesEncryptor} @@ -69,6 +74,23 @@ public class AesBytesEncryptorTests { public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() { CryptoAssumptions.assumeGCMJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM); + + byte[] encryption = encryptor.encrypt(this.secret.getBytes()); + assertThat(new String(Hex.encode(encryption))) + .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); + + byte[] decryption = encryptor.decrypt(encryption); + assertThat(new String(decryption)).isEqualTo(this.secret); + } + + @Test + public void roundtripWhenUsingSecretKeyThenEncryptsAndDecrypts() { + CryptoAssumptions.assumeGCMJCE(); + PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt), + 1024, 256); + SecretKey secretKey = newSecretKey(PBKDF2WithHmacSHA1.name(), keySpec); + AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, GCM); + byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");