Rework data encryption for raw data

2024-11-21 23:20:23 +00:00 · 2024-08-13 17:04:08 +00:00 · 2024-08-13 17:04:08 +00:00 · 51121d2301
commit 51121d2301
parent da42eb578f
4 changed files with 36 additions and 7 deletions
--- a/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
@ -4,6 +4,12 @@ import lombok.EqualsAndHashCode;
 import lombok.SneakyThrows;
 import lombok.experimental.SuperBuilder;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.security.NoSuchAlgorithmException;
@ -11,12 +17,6 @@ import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 import java.util.Random;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
@SuperBuilder
@EqualsAndHashCode(callSuper = true)
@ -41,6 +41,10 @@ public abstract class AesSecretValue extends EncryptedSecretValue {
        super(secret);
    }
    public AesSecretValue(byte[] b) {
        super(b);
    }
    protected abstract int getIterationCount();
    protected byte[] getNonce(int numBytes) {
--- a/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
@ -15,6 +15,10 @@ public abstract class EncryptedSecretValue implements SecretValue {
    String encryptedValue;
    public EncryptedSecretValue(byte[] b) {
        encryptedValue = SecretValue.toBase64e(encrypt(b));
    }
    public EncryptedSecretValue(char[] c) {
        var utf8 = StandardCharsets.UTF_8.encode(CharBuffer.wrap(c));
        var bytes = new byte[utf8.limit()];
@ -27,6 +31,17 @@ public abstract class EncryptedSecretValue implements SecretValue {
        return "<encrypted secret>";
    }
    @Override
    public byte[] getSecretRaw() {
        try {
            var bytes = SecretValue.fromBase64e(getEncryptedValue());
            bytes = decrypt(bytes);
            return bytes;
        } catch (Exception ex) {
            return new byte[0];
        }
    }
    @Override
    public char[] getSecret() {
        try {
--- a/core/src/main/java/io/xpipe/core/util/InPlaceSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/InPlaceSecretValue.java
@ -5,9 +5,9 @@ import lombok.EqualsAndHashCode;
 import lombok.experimental.SuperBuilder;
 import lombok.extern.jackson.Jacksonized;
 import javax.crypto.SecretKey;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Random;
 import javax.crypto.SecretKey;
@JsonTypeName("default")
@SuperBuilder
@ -15,6 +15,10 @@ import javax.crypto.SecretKey;
@EqualsAndHashCode(callSuper = true)
 public class InPlaceSecretValue extends AesSecretValue {
    public InPlaceSecretValue(byte[] b) {
        super(b);
    }
    public InPlaceSecretValue(char[] secret) {
        super(secret);
    }
@ -27,6 +31,10 @@ public class InPlaceSecretValue extends AesSecretValue {
        return new InPlaceSecretValue(c);
    }
    public static InPlaceSecretValue of(byte[] b) {
        return new InPlaceSecretValue(b);
    }
    @Override
    protected int getIterationCount() {
        return 2048;
--- a/core/src/main/java/io/xpipe/core/util/SecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/SecretValue.java
@ -41,6 +41,8 @@ public interface SecretValue {
        return r;
    }
    byte[] getSecretRaw();
    char[] getSecret();
    default String getSecretValue() {