You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@click.apache.org by "Andrey Rybin (JIRA)" <ji...@apache.org> on 2010/01/15 15:25:54 UTC

[jira] Created: (CLK-608) Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)

Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
---------------------------------------------------------------------------------------

                 Key: CLK-608
                 URL: https://issues.apache.org/jira/browse/CLK-608
             Project: Click
          Issue Type: Improvement
          Components: core
            Reporter: Andrey Rybin
            Priority: Minor


ClickUtils has handy methods encode(Object) and decode(String), but it is possible for client to corrupt our internal state in saved objects.

If you will add also encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16), which will encipher serialized, gzipped object before base64 encoding and decipher after base64 decoding, then objects will be safe and we can store all sensitive information on client side.

Encipher/decipher are easy in Java:
  private static final String DEFAULT_CRYPT_ALGORITHM = "AES";

  public static byte[] encrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws IllegalArgumentException {
    final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE

    try {
      final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
      cf.init(Cipher.ENCRYPT_MODE, sks);
      //byte[] out = cf.update(buf, 0, n);
      return cf.doFinal(src);

    } catch (Throwable e) {
      throw new IllegalArgumentException("encrypt failed for "+ toHexString(key16) +'='+ sks, e);
    }//t
  }//encrypt

  public static byte[] decrypt (@NotNull final byte[] src, @NotNull final byte[] key16) throws IllegalArgumentException {
    final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE

    try {
      final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
      cf.init(Cipher.DECRYPT_MODE, sks);
      //byte[] out = cf.update(buf, 0, n);
      return cf.doFinal(src);

    } catch (Throwable e) {
      throw new IllegalArgumentException("decrypt failed for "+ toHexString(key16) +'='+ sks, e);
    }//t
  }//decrypt



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.