diff options
Diffstat (limited to 'app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt')
-rw-r--r-- | app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt | 72 |
1 files changed, 44 insertions, 28 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt b/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt index f71a5d7..2cec35c 100644 --- a/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt +++ b/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt | |||
@@ -34,44 +34,60 @@ import java.io.Writer | |||
34 | * @author pacien | 34 | * @author pacien |
35 | */ | 35 | */ |
36 | object PemUtils { | 36 | object PemUtils { |
37 | private const val DEK_INFO_HEADER_KEY = "DEK-Info" | ||
38 | private const val ALGORITHM = "AES-256-CBC" | ||
37 | private val PROVIDER = org.bouncycastle.jce.provider.BouncyCastleProvider() | 39 | private val PROVIDER = org.bouncycastle.jce.provider.BouncyCastleProvider() |
38 | private val ENCRYPTED_PROC_TYPE_HEADER = PemHeader("Proc-Type", "4,ENCRYPTED") | 40 | private val ENCRYPTED_PROC_TYPE_HEADER = PemHeader("Proc-Type", "4,ENCRYPTED") |
39 | private val DEK_INFO_HEADER_KEY = "DEK-Info" | ||
40 | private val ALGO = "AES-256-CBC" | ||
41 | 41 | ||
42 | private class DekInfo(val algName: String, val iv: ByteArray) | 42 | private class DekInfo(val algName: String, val iv: ByteArray) |
43 | 43 | ||
44 | private fun dekInfoHeader(iv: ByteArray) = PemHeader(DEK_INFO_HEADER_KEY, "$ALGO,${Hex.toHexString(iv)}") | 44 | private fun dekInfoHeader(iv: ByteArray) = PemHeader(DEK_INFO_HEADER_KEY, "$ALGORITHM,${Hex.toHexString(iv)}") |
45 | private fun PemObject.getPemHeaders() = headers.map { it as PemHeader } | ||
46 | 45 | ||
47 | fun read(f: File): PemObject = PEMParser(FileReader(f)).readPemObject() | 46 | private fun PemObject.getPemHeaders() = headers.map { headerObj -> headerObj as PemHeader } |
48 | fun write(obj: PemObject, out: Writer) = JcaPEMWriter(out).apply { writeObject(obj) }.apply { close() } | 47 | |
49 | fun isEncrypted(obj: PemObject) = obj.headers.contains(ENCRYPTED_PROC_TYPE_HEADER) | 48 | private fun PemObject.dekInfo() = try { |
49 | getPemHeaders() | ||
50 | .find { header -> header.name == DEK_INFO_HEADER_KEY }!! | ||
51 | .value!! | ||
52 | .split(',') | ||
53 | .let { headerParts -> DekInfo(headerParts[0], Hex.decode(headerParts[1])) } | ||
54 | } catch (e: Exception) { | ||
55 | throw PEMException("Malformed DEK-Info header.", e) | ||
56 | } | ||
50 | 57 | ||
51 | fun encrypt(obj: PemObject, passPhrase: String) = | 58 | private fun encryptor(passPhrase: String) = |
52 | JcePEMEncryptorBuilder(ALGO) | 59 | JcePEMEncryptorBuilder(ALGORITHM) |
53 | .setProvider(PROVIDER) | 60 | .setProvider(PROVIDER) |
54 | .build(passPhrase.toCharArray()) | 61 | .build(passPhrase.toCharArray())!! |
55 | .let { PemObject(obj.type, listOf(ENCRYPTED_PROC_TYPE_HEADER, dekInfoHeader(it.iv)), it.encrypt(obj.content)) } | ||
56 | 62 | ||
57 | fun decrypt(obj: PemObject, passPhrase: String?) = | 63 | private fun decryptor(algName: String, passPhrase: String?) = |
58 | if (isEncrypted(obj)) { | 64 | JcePEMDecryptorProviderBuilder() |
59 | val dekInfo = try { | 65 | .setProvider(PROVIDER) |
60 | obj.getPemHeaders() | 66 | .build(passPhrase?.toCharArray()) |
61 | .find { it.name == DEK_INFO_HEADER_KEY }!! | 67 | .get(algName)!! |
62 | .value!! | 68 | |
63 | .split(',') | 69 | fun read(f: File) = PEMParser(FileReader(f)).readPemObject()!! |
64 | .let { DekInfo(it[0], Hex.decode(it[1])) } | ||
65 | } catch (e: Exception) { | ||
66 | throw PEMException("Malformed DEK-Info header.", e) | ||
67 | } | ||
68 | 70 | ||
69 | JcePEMDecryptorProviderBuilder() | 71 | fun write(obj: PemObject, out: Writer) = |
70 | .setProvider(PROVIDER) | 72 | JcaPEMWriter(out) |
71 | .build(passPhrase?.toCharArray()) | 73 | .apply { writeObject(obj) } |
72 | .get(dekInfo.algName) | 74 | .apply { close() } |
73 | .decrypt(obj.content, dekInfo.iv) | 75 | |
74 | .let { PemObject(obj.type, it) } | 76 | fun isEncrypted(obj: PemObject) = obj.headers.contains(ENCRYPTED_PROC_TYPE_HEADER) |
77 | |||
78 | fun encrypt(obj: PemObject, passPhrase: String): PemObject { | ||
79 | val encryptor = encryptor(passPhrase) | ||
80 | val headers = listOf(ENCRYPTED_PROC_TYPE_HEADER, dekInfoHeader(encryptor.iv)) | ||
81 | val body = encryptor.encrypt(obj.content) | ||
82 | return PemObject(obj.type, headers, body) | ||
83 | } | ||
84 | |||
85 | fun decrypt(obj: PemObject, passPhrase: String?): PemObject = | ||
86 | if (isEncrypted(obj)) { | ||
87 | val dekInfo = obj.dekInfo() | ||
88 | val decryptor = decryptor(dekInfo.algName, passPhrase) | ||
89 | val body = decryptor.decrypt(obj.content, dekInfo.iv) | ||
90 | PemObject(obj.type, body) | ||
75 | } else { | 91 | } else { |
76 | obj | 92 | obj |
77 | } | 93 | } |