click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrey Rybin (JIRA)" <j...@apache.org>
Subject [jira] Created: (CLK-608) Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
Date Fri, 15 Jan 2010 14:25:54 GMT
Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
---------------------------------------------------------------------------------------

                 Key: CLK-608
                 URL: https://issues.apache.org/jira/browse/CLK-608
             Project: Click
          Issue Type: Improvement
          Components: core
            Reporter: Andrey Rybin
            Priority: Minor


ClickUtils has handy methods encode(Object) and decode(String), but it is possible for client
to corrupt our internal state in saved objects.

If you will add also encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16),
which will encipher serialized, gzipped object before base64 encoding and decipher after base64
decoding, then objects will be safe and we can store all sensitive information on client side.

Encipher/decipher are easy in Java:
  private static final String DEFAULT_CRYPT_ALGORITHM = "AES";

  public static byte[] encrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws
IllegalArgumentException {
    final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE

    try {
      final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
      cf.init(Cipher.ENCRYPT_MODE, sks);
      //byte[] out = cf.update(buf, 0, n);
      return cf.doFinal(src);

    } catch (Throwable e) {
      throw new IllegalArgumentException("encrypt failed for "+ toHexString(key16) +'='+ sks,
e);
    }//t
  }//encrypt

  public static byte[] decrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws
IllegalArgumentException {
    final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE

    try {
      final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
      cf.init(Cipher.DECRYPT_MODE, sks);
      //byte[] out = cf.update(buf, 0, n);
      return cf.doFinal(src);

    } catch (Throwable e) {
      throw new IllegalArgumentException("decrypt failed for "+ toHexString(key16) +'='+ sks,
e);
    }//t
  }//decrypt



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message