Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-05 10:12:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

AesBytesEncryptor constructor that uses secret key

Browse Source 
Fixes: gh-8402
This commit is contained in:
Eleftheria Stein 2020-04-27 10:43:43 -04:00 committed by Eleftheria Stein-Kousathana
parent 8e8251ac5f
commit 4d63e2f332
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/src/main/java/org/springframework/security/crypto/encrypt/AesBytesEncryptor.java
View File

@ -36,7 +36,7 @@ import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators; import org.springframework.security.crypto.keygen.KeyGenerators;
/** /**
* Encryptor that uses 256-bit AES encryption. * Encryptor that uses AES encryption.
* *
* @author Keith Donald * @author Keith Donald
* @author Dave Syer * @author Dave Syer
@ -99,9 +99,19 @@ public final class AesBytesEncryptor implements BytesEncryptor {
public AesBytesEncryptor(String password, CharSequence salt, public AesBytesEncryptor(String password, CharSequence salt,
BytesKeyGenerator ivGenerator, CipherAlgorithm alg) { BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt), this(newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(password.toCharArray(), Hex.decode(salt),
1024, 256); 1024, 256)), ivGenerator, alg);
SecretKey secretKey = newSecretKey("PBKDF2WithHmacSHA1", keySpec); }
/**
* Constructs an encryptor that uses AES encryption.
*
* @param secretKey the secret (symmetric) key
* @param ivGenerator the generator used to generate the initialization vector. If null,
* then a default algorithm will be used based on the provided {@link CipherAlgorithm}
* @param alg the {@link CipherAlgorithm} to be used
*/
public AesBytesEncryptor(SecretKey secretKey, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES"); this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
this.alg = alg; this.alg = alg;
this.encryptor = alg.createCipher(); this.encryptor = alg.createCipher();

22
crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java
View File

@ -22,10 +22,15 @@ import org.junit.Test;
import org.springframework.security.crypto.codec.Hex; import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.BytesKeyGenerator; import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM; import static org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm.GCM;
import static org.springframework.security.crypto.encrypt.CipherUtils.newSecretKey;
import static org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1;
/** /**
* Tests for {@link AesBytesEncryptor} * Tests for {@link AesBytesEncryptor}
@ -69,6 +74,23 @@ public class AesBytesEncryptorTests {
public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() { public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() {
CryptoAssumptions.assumeGCMJCE(); CryptoAssumptions.assumeGCMJCE();
AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM);
byte[] encryption = encryptor.encrypt(this.secret.getBytes());
assertThat(new String(Hex.encode(encryption)))
.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");
byte[] decryption = encryptor.decrypt(encryption);
assertThat(new String(decryption)).isEqualTo(this.secret);
}
@Test
public void roundtripWhenUsingSecretKeyThenEncryptsAndDecrypts() {
CryptoAssumptions.assumeGCMJCE();
PBEKeySpec keySpec = new PBEKeySpec(this.password.toCharArray(), Hex.decode(this.hexSalt),
1024, 256);
SecretKey secretKey = newSecretKey(PBKDF2WithHmacSHA1.name(), keySpec);
AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, GCM);
byte[] encryption = encryptor.encrypt(this.secret.getBytes()); byte[] encryption = encryptor.encrypt(this.secret.getBytes());
assertThat(new String(Hex.encode(encryption))) assertThat(new String(Hex.encode(encryption)))
.isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee");