KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > util > SimpleEncryption


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.geronimo.util;
18
19 import java.io.ByteArrayOutputStream JavaDoc;
20 import java.io.ObjectOutputStream JavaDoc;
21 import java.io.Serializable JavaDoc;
22 import java.io.ObjectInputStream JavaDoc;
23 import java.io.ByteArrayInputStream JavaDoc;
24 import javax.crypto.spec.SecretKeySpec;
25 import javax.crypto.Cipher;
26 import javax.crypto.SealedObject;
27 import org.apache.geronimo.util.encoders.Base64;
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30
31 /**
32  * This class protects some value BY ENCRYPTING WITH A KNOWN KEY. That is
33  * to say, it's only safe against anyone who can't read the source code.
34  * So the main idea is to protect against casual observers.
35  *
36  * If someone has a better idea for how to implement encryption with a
37  * non-obvious key that the user isn't likely to change during the normal
38  * course of working with the server, I'd be happy to hear it. (But I
39  * assume the SSL keystore is likely to be changed, which would result
40  * in losing all the "encrypted" data.
41  *
42  * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
43  */
44 public class SimpleEncryption {
45     private final static Log log = LogFactory.getLog(SimpleEncryption.class);
46     private final static SecretKeySpec SECRET_KEY = new SecretKeySpec(new byte[]{(byte)-45,(byte)-15,(byte)100,(byte)-34,(byte)70,(byte)83,(byte)75,(byte)-100,(byte)-75,(byte)61,(byte)26,(byte)114,(byte)-20,(byte)-58,(byte)114,(byte)77}, "AES");
47
48
49     /**
50      * Gets a String which contains the Base64-encoded form of the source,
51      * encrypted with the known key.
52      */
53     public static String JavaDoc encrypt(Serializable JavaDoc source) {
54         try {
55             Cipher c = Cipher.getInstance("AES");
56             c.init(Cipher.ENCRYPT_MODE, SECRET_KEY);
57             SealedObject so = new SealedObject(source, c);
58             ByteArrayOutputStream JavaDoc store = new ByteArrayOutputStream JavaDoc();
59             ObjectOutputStream JavaDoc out = new ObjectOutputStream JavaDoc(store);
60             out.writeObject(so);
61             out.close();
62             byte[] data = store.toByteArray();
63             byte[] textData = Base64.encode(data);
64             return new String JavaDoc(textData, "US-ASCII");
65         } catch (Exception JavaDoc e) {
66             log.error("Unable to encrypt", e);
67             return null;
68         }
69     }
70
71     /**
72      * Given a String which is the Base64-encoded encrypted data, retrieve
73      * the original Object.
74      */
75     public static Object JavaDoc decrypt(String JavaDoc source) {
76         try {
77             byte[] data = Base64.decode(source);
78             Cipher c = Cipher.getInstance("AES");
79             c.init(Cipher.DECRYPT_MODE, SECRET_KEY);
80             ObjectInputStream JavaDoc in = new ObjectInputStream JavaDoc(new ByteArrayInputStream JavaDoc(data));
81             SealedObject so = (SealedObject) in.readObject();
82             return so.getObject(c);
83         } catch (Exception JavaDoc e) {
84             log.error("Unable to decrypt", e);
85             return null;
86         }
87     }
88 }
89
Popular Tags