SmartPot-API/src/main/java/smartpot/com/api/Security/Service/AESEncryptionService.java at d5f6c1052407e5c4e97d6e17e39905cd74d69da8 · SmartPotTech/SmartPot-API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package smartpot.com.api.Security.Service;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import smartpot.com.api.Exception.EncryptionException;

import javax.crypto.*;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;

@Service
public class AESEncryptionService implements EncryptionServiceI {

    SecureRandom random = new SecureRandom();
    @Value("${application.security.aes.key}")
    private String aesKey;

    public AESEncryptionService() {}

    private SecretKey getSecretKey() {
        byte[] decoded = Base64.getDecoder().decode(aesKey);
        if (decoded.length != 32) {
            throw new IllegalArgumentException("La clave debe tener 256 bits (32 bytes)");
        }
        return new SecretKeySpec(decoded, "AES");
    }

    @Override
    public String encrypt(String data) throws EncryptionException {
        try {
            // get salt
            byte[] salt = new byte[8];
            random.nextBytes(salt);
            String saltedData = Base64.getEncoder().encodeToString(salt) + ":" + data;

            byte[] iv = new byte[12];
            random.nextBytes(iv);
            SecretKey key = getSecretKey(); // get encryption key
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(Cipher.ENCRYPT_MODE, key, new GCMParameterSpec(128, iv));

            byte[] encrypted = cipher.doFinal(saltedData.getBytes());

            byte[] output = new byte[iv.length + encrypted.length];
            System.arraycopy(iv, 0, output, 0, iv.length);
            System.arraycopy(encrypted, 0, output, iv.length, encrypted.length);
            return Base64.getUrlEncoder().encodeToString(output);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | // if you need more specific errors, catch each one separately
                 InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
            throw new EncryptionException("Error while encrypting data");
        }

    }

    @Override
    public String decrypt(String encryptedData) throws EncryptionException {
        try {
            byte[] decoded = Base64.getUrlDecoder().decode(encryptedData);

            byte[] iv = new byte[12];
            byte[] cipherText = new byte[decoded.length - 12];
            System.arraycopy(decoded, 0, iv, 0, 12);
            System.arraycopy(decoded, 12, cipherText, 0, cipherText.length);

            SecretKey key = getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(128, iv));
            String result = new String(cipher.doFinal(cipherText));

            // remove salt
            return result.split(":", 2)[1];
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | // if you need more specific errors, catch each one separately
                 InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
            throw new EncryptionException("Error while decrypting data");
        }

    }
}