Package com.eurodyn.qlack.fuse.crypto.service

Class CryptoAsymmetricService

java.lang.Object

com.eurodyn.qlack.fuse.crypto.service.CryptoAsymmetricService

@Service
@Validated
public class CryptoAsymmetricService
extends Object

Constructor Summary

Constructors

Constructor	Description
CryptoAsymmetricService()

Method Summary

Modifier and Type	Method	Description
protected String	convertKeyToPEM(KeyPair keyPair, String keyType)
KeyPair	createKeyPair(CreateKeyPairDTO createKeyPairRequest)	Generates a new keypair consisting of a public key and a private key.
byte[]	decrypt(String privateKeyPEM, byte[] payload, String cipherFactory, String keyAlgorithm)	Decrypts a payload encrypted with a public key using the private key.
byte[]	encrypt(String publicKeyPEM, byte[] payload, String cipherFactory, String keyAlgorithm)	Encrypts a payload.
String	getSecureRandomAlgorithm(String secureRandomAlgorithm)	Finds the requested secure random algorithm or returns the default one.
byte[]	keyToByteArray(@NotNull Key key)
PrivateKey	pemToPrivateKey(String privateKey, String algorithm)	Converts a text-based private key (in PEM format) to PrivateKey.
PublicKey	pemToPublicKey(String publicKey, String algorithm)	Converts a text-based public key (in PEM format) to PublicKey.
PrivateKey	privateKeyFromByteArray(@jakarta.validation.constraints.NotNull byte[] key, @NotNull String keyAlgorithm, String keyProvider)	Converts a byte array holding a private key in DER format to a private key.
String	privateKeyToPEM(KeyPair keyPair)	Converts a private key to string in PEM format.
PublicKey	publicKeyFromByteArray(@jakarta.validation.constraints.NotNull byte[] key, @NotNull String keyAlgorithm, String keyProvider)
String	publicKeyToPEM(KeyPair keyPair)	Converts a public key to PEM format.
byte[]	sign(String privateKeyPEM, byte[] payload, String signatureAlgorithm, String keyAlgorithm)	Signs a message with a private key.
byte[]	sign(String privateKeyPEM, InputStream payload, String signatureAlgorithm, String keyAlgorithm)	Signs a message using an InputStream.
boolean	verifySignature(String publicKeyPEM, byte[] payload, String signature, String signatureAlgorithm, String keyAlgorithm)	Verifies a signature.
boolean	verifySignature(String publicKeyPEM, InputStream payload, String signature, String signatureAlgorithm, String keyAlgorithm)	Verifies a signature using an InputStream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CryptoAsymmetricService

public CryptoAsymmetricService()

Method Details

convertKeyToPEM

protected String convertKeyToPEM(KeyPair keyPair,
 String keyType)
                          throws IOException

Throws:

IOException

createKeyPair

public KeyPair createKeyPair(CreateKeyPairDTO createKeyPairRequest)
                      throws NoSuchAlgorithmException,
NoSuchProviderException

Generates a new keypair consisting of a public key and a private key.

Parameters:

createKeyPairRequest - The details of the keypair to create

Returns:

the generated keypair

Throws:

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

NoSuchProviderException

keyToByteArray

public byte[] keyToByteArray(@NotNull
 @NotNull Key key)

privateKeyFromByteArray

public PrivateKey privateKeyFromByteArray(@NotNull
 @jakarta.validation.constraints.NotNull byte[] key,
 @NotNull
 @NotNull String keyAlgorithm,
 String keyProvider)
                                   throws NoSuchProviderException,
NoSuchAlgorithmException,
InvalidKeySpecException

Converts a byte array holding a private key in DER format to a private key.

Throws:

NoSuchProviderException

NoSuchAlgorithmException

InvalidKeySpecException

publicKeyFromByteArray

public PublicKey publicKeyFromByteArray(@NotNull
 @jakarta.validation.constraints.NotNull byte[] key,
 @NotNull
 @NotNull String keyAlgorithm,
 String keyProvider)
                                 throws NoSuchProviderException,
NoSuchAlgorithmException,
InvalidKeySpecException

Throws:

NoSuchProviderException

NoSuchAlgorithmException

InvalidKeySpecException

publicKeyToPEM

public String publicKeyToPEM(KeyPair keyPair)
                      throws IOException

Converts a public key to PEM format.

Parameters:

keyPair - The keypair containing the public key

Returns:

the generated PEM format

Throws:

IOException - thrown when something unexpected happens

privateKeyToPEM

public String privateKeyToPEM(KeyPair keyPair)
                       throws IOException

Converts a private key to string in PEM format.

Parameters:

keyPair - the keypair containing the private key to convert

Returns:

the generated PEM format

Throws:

IOException - thrown when generating PEM

pemToPublicKey

public PublicKey pemToPublicKey(String publicKey,
 String algorithm)
                         throws NoSuchAlgorithmException,
InvalidKeySpecException

Converts a text-based public key (in PEM format) to PublicKey.

Parameters:

publicKey - the public key in PEM format to convert

algorithm - the security algorithm with which this key was generated

Returns:

the generated PEM format

Throws:

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

pemToPrivateKey

public PrivateKey pemToPrivateKey(String privateKey,
 String algorithm)
                           throws NoSuchAlgorithmException,
InvalidKeySpecException

Converts a text-based private key (in PEM format) to PrivateKey.

Parameters:

privateKey - the private key in PEM format to convert

algorithm - the security algorithm with which this key was generated

Returns:

the generated PEM format

Throws:

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

sign

public byte[] sign(String privateKeyPEM,
 byte[] payload,
 String signatureAlgorithm,
 String keyAlgorithm)
            throws NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidKeyException,
SignatureException

Signs a message with a private key.

Parameters:

privateKeyPEM - the private key to sign with in PEM format

payload - the payload to sign

signatureAlgorithm - the signature algorithm to use, e.g. SHA256withRSA

keyAlgorithm - the algorithm with which the private key was generated, e.g. RSA

Returns:

the signature in bytes

Throws:

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

SignatureException - thrown when something unexpected occurs during signing

sign

public byte[] sign(String privateKeyPEM,
 InputStream payload,
 String signatureAlgorithm,
 String keyAlgorithm)
            throws IOException,
NoSuchAlgorithmException,
SignatureException,
InvalidKeySpecException,
InvalidKeyException

Signs a message using an InputStream.

Parameters:

privateKeyPEM - the private key to sign with in PEM format

payload - the data to sign

signatureAlgorithm - the signature algorithm to use, e.g. SHA256withRSA

keyAlgorithm - the algorithm with which the private key was generated, e.g. RSA

Returns:

the signature in bytes

Throws:

IOException - thrown when something unexpected happens

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

SignatureException - thrown when something unexpected occurs during signing

verifySignature

public boolean verifySignature(String publicKeyPEM,
 byte[] payload,
 String signature,
 String signatureAlgorithm,
 String keyAlgorithm)
                        throws NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidKeyException,
SignatureException

Verifies a signature.

Parameters:

publicKeyPEM - the public key to verify the signature with

payload - the signed content

signature - the signature to verify in Base64 format

signatureAlgorithm - the algorithm with which the signature was created, e.g. SHA256withRSA

keyAlgorithm - the algorithm with which the key was generated, e.g. RSA

Returns:

true if the signature is verified, false if it is not

Throws:

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

SignatureException - thrown when something unexpected occurs during signing

verifySignature

public boolean verifySignature(String publicKeyPEM,
 InputStream payload,
 String signature,
 String signatureAlgorithm,
 String keyAlgorithm)
                        throws NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidKeyException,
SignatureException,
IOException

Verifies a signature using an InputStream.

Parameters:

publicKeyPEM - the public key to verify the signature with

payload - the signed content

signature - the signature to verify in Base64 format

signatureAlgorithm - the algorithm with which the signature was created, e.g. SHA256withRSA

keyAlgorithm - the algorithm with which the key was generated, e.g. RSA

Returns:

true if the signature is verified, false if it is not

Throws:

IOException - thrown when something unexpected happens

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

SignatureException - thrown when something unexpected occurs during signing

encrypt

public byte[] encrypt(String publicKeyPEM,
 byte[] payload,
 String cipherFactory,
 String keyAlgorithm)
               throws NoSuchPaddingException,
NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidKeyException,
BadPaddingException,
IllegalBlockSizeException

Encrypts a payload.

Parameters:

publicKeyPEM - the public key to encrypt with

payload - the payload to encrypt

cipherFactory - the factory for the encryption cipher to use, e.g. RSA/ECB/PKCS1Padding

keyAlgorithm - the algorithm with which the public key was created, e.g. RSA

Returns:

the encrypted key in bytes

Throws:

NoSuchPaddingException - thrown when the provided cipherFactory is not valid

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

BadPaddingException - thrown when the provided cipherFactory is not valid

IllegalBlockSizeException - thrown when the provided cipherFactory is not valid

decrypt

public byte[] decrypt(String privateKeyPEM,
 byte[] payload,
 String cipherFactory,
 String keyAlgorithm)
               throws NoSuchPaddingException,
NoSuchAlgorithmException,
InvalidKeySpecException,
InvalidKeyException,
BadPaddingException,
IllegalBlockSizeException

Decrypts a payload encrypted with a public key using the private key.

Parameters:

privateKeyPEM - the private key to decrypt with

payload - the payload to decrypt

cipherFactory - the factory for the decryption cipher to use, e.g. RSA/ECB/PKCS1Padding

keyAlgorithm - the algorithm with which the private key was created, e.g. RSA

Returns:

the decrypted key in bytes

Throws:

NoSuchPaddingException - thrown when the provided cipherFactory is not valid

NoSuchAlgorithmException - thrown when no algorithm is found for encryption

InvalidKeySpecException - thrown when the provided key is invalid

InvalidKeyException - thrown when the provided key is invalid

BadPaddingException - thrown when the provided cipherFactory is not valid

IllegalBlockSizeException - thrown when the provided cipherFactory is not valid

getSecureRandomAlgorithm

public String getSecureRandomAlgorithm(String secureRandomAlgorithm)

Finds the requested secure random algorithm or returns the default one.

Parameters:

secureRandomAlgorithm - the secure random algorithm to find.