Generic versions of encryptData and decryptData

More generic versions of methods encryptData and decryptData, that allow the use of asymmetric keys and even key block in the future.
shubhamfpl · Apr 29, 2019 · 61580c5 · 61580c5
1 parent 74437d0
commit 61580c5
Show file tree

Hide file tree

Showing 2 changed files with 147 additions and 0 deletions.
diff --git a/jpos/src/main/java/org/jpos/security/BaseSMAdapter.java b/jpos/src/main/java/org/jpos/security/BaseSMAdapter.java
@@ -1252,6 +1252,69 @@ public byte[] calculateSignature(MessageDigest hash, SecurePrivateKey privateKey
         return result;
     }
 
+    @Override
+    public byte[] encryptData(SecureKey encKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv) throws SMException {
+        List<Loggeable> cmdParameters = new ArrayList<>();
+        cmdParameters.add(new SimpleMsg("parameter", "Encription Key", encKey));
+        cmdParameters.add(new SimpleMsg("parameter", "Data", ISOUtil.hexString(data)));
+        if (algspec != null)
+            cmdParameters.add(new SimpleMsg("parameter", "Algorithm Spec", algspec));
+        if (iv != null)
+            cmdParameters.add(new SimpleMsg("parameter", "Initialization Vector", ISOUtil.hexString(iv)));
+        LogEvent evt = new LogEvent(this, "s-m-operation");
+        evt.addMessage(new SimpleMsg("command", "Encrypt Data", cmdParameters));
+        byte[] result = null;
+        try {
+            result = encryptDataImpl(encKey, data, algspec, iv);
+            List<Loggeable> r = new ArrayList<>();
+            r.add(new SimpleMsg("result", "Encrypted Data", result));
+            if (iv != null)
+                r.add(new SimpleMsg("result", "Initialization Vector", iv));
+            evt.addMessage(new SimpleMsg("results", r));
+        } catch (SMException ex) {
+            evt.addMessage(ex);
+            throw ex;
+        } catch (RuntimeException ex) {
+            evt.addMessage(ex);
+            throw new SMException(ex);
+        } finally {
+            Logger.log(evt);
+        }
+        return result;
+    }
+
+    @Override
+    public byte[] decryptData(SecureKey privKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv) throws SMException {
+        List<Loggeable> cmdParameters = new ArrayList<>();
+        cmdParameters.add(new SimpleMsg("parameter", "Decription Key", privKey));
+        cmdParameters.add(new SimpleMsg("parameter", "Encrypted Data", ISOUtil.hexString(data)));
+        if (algspec != null)
+            cmdParameters.add(new SimpleMsg("parameter", "Algorithm Spec", algspec));
+        if (iv != null)
+            cmdParameters.add(new SimpleMsg("parameter", "Initialization Vector", ISOUtil.hexString(iv)));
+        LogEvent evt = new LogEvent(this, "s-m-operation");
+        evt.addMessage(new SimpleMsg("command", "Decrypt Data", cmdParameters));
+        byte[] result = null;
+        try {
+            result = decryptDataImpl(privKey, data, algspec, iv);
+            List<Loggeable> r = new ArrayList<>();
+            r.add(new SimpleMsg("result", "Decrypted Data", result));
+            if (iv != null)
+                r.add(new SimpleMsg("result", "Initialization Vector", iv));
+            evt.addMessage(new SimpleMsg("results", r));
+        } catch (SMException ex) {
+            evt.addMessage(ex);
+            throw ex;
+        } catch (RuntimeException ex) {
+            evt.addMessage(ex);
+            throw new SMException(ex);
+        } finally {
+            Logger.log(evt);
+        }
+        return result;
+    }
 
     @Override
     public void eraseOldLMK () throws SMException {
@@ -1929,6 +1992,38 @@ protected byte[] calculateSignatureImpl(MessageDigest hash, SecurePrivateKey pri
         throw  new SMException("Operation not supported in: " + this.getClass().getName());
     }
 
+    /**
+     * Encrypts clear Data Block with specified cipher.
+     *
+     * @param encKey the data encryption key
+     * @param data data block to encrypt
+     * @param algspec algorithm specification
+     * @param iv the inital vector
+     * @return encrypted data block
+     * @throws SMException
+     */
+    protected byte[] encryptDataImpl(SecureKey encKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv)
+            throws SMException {
+        throw new UnsupportedOperationException("Operation not supported in: " + this.getClass().getName());
+    }
+
+    /**
+     * Decrypts Data Block encrypted with assymetric cipher.
+     *
+     * @param decKey the data decryption key
+     * @param data data block to decrypt
+     * @param algspec algorithm specification
+     * @param iv the inital vector
+     * @return decrypted data block
+     * @throws SMException
+     */
+    protected byte[] decryptDataImpl(SecureKey decKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv)
+            throws SMException {
+        throw new UnsupportedOperationException("Operation not supported in: " + this.getClass().getName());
+    }
+
     /**
      * Erase the key change storage area of memory
      *

diff --git a/jpos/src/main/java/org/jpos/security/SMAdapter.java b/jpos/src/main/java/org/jpos/security/SMAdapter.java
@@ -1357,6 +1357,58 @@ byte[] calculateSignature(MessageDigest hash, SecurePrivateKey privateKey
             ,byte[] data) throws SMException;
 
 
+    /**
+     * Encrypts clear Data Block with specified cipher.
+     * <p>
+     * NOTE: This is a more general version of the
+     * {@link #encryptData(CipherMode, SecureDESKey, Object, byte[], byte[])}
+     *
+     * @param encKey the data encryption key e.g:
+     *        <ul>
+     *          <li>when RSA public key encapsulated in {@code SecurePrivateKey}
+     *          <li>when DES/TDES DEK {@code SecureDESKey}
+     *        </ul>
+     * @param data clear data block to encrypt
+     * @param algspec algorithm specification or {@code null} if not required.
+     *        Used to pass additional algorithm parameters e.g:
+     *        {@code OAEPParameterSpec} or custom extension of
+     *        {@code AlgorithmParameterSpec} to pass symetric cipher mode ECB, CBC
+     * @param iv the inital vector or {@code null} if not used <i>(e.g: RSA
+     *        cipher or ECB mode)</i>. If used, after operation will contain new
+     *        {@code iv} value.
+     * @return encrypted data block
+     * @throws SMException
+     */
+    byte[] encryptData(SecureKey encKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv) throws SMException;
+
+
+    /**
+     * Decrypts encrypted Data Block with specified cipher.
+     * <p>
+     * NOTE: This is a more general version of the
+     * {@link #decryptData(CipherMode, SecureDESKey, Object, byte[], byte[])}
+     *
+     * @param decKey the data decryption key e.g:
+     *        <ul>
+     *          <li>when RSA private key encapsulated in {@code SecurePrivateKey}
+     *          <li>when DES/TDES DEK {@code SecureDESKey}
+     *        </ul>
+     * @param data encrypted data block to decrypt
+     * @param algspec algorithm specification or {@code null} if not required.
+     *        Used to pass additional algorithm parameters e.g:
+     *        {@code OAEPParameterSpec} or custom extension of
+     *        {@code AlgorithmParameterSpec} to pass symetric cipher mode ECB, CBC
+     * @param iv the inital vector or {@code null} if not used <i>(e.g: RSA
+     *        cipher or ECB mode)</i>. If used, after operation will contain new
+     *        {@code iv} value.
+     * @return decrypted data block
+     * @throws SMException
+     */
+    byte[] decryptData(SecureKey decKey, byte[] data
+            , AlgorithmParameterSpec algspec, byte[] iv) throws SMException;
+
+
     /**
      * Erase the key change storage area of memory
      *