Package com.bld.crypto.bean
Class CryptoKeyUtils
java.lang.Object
com.bld.crypto.bean.CryptoKeyUtils
- Direct Known Subclasses:
CryptoAesUtils,CryptoJksUtils,CryptoMapPublicKeyUtils,CryptoPublicKeyUtils
Abstract base class that provides low-level encrypt/decrypt operations using the
Java
Cipher API.
Concrete subclasses supply the key-lookup strategy (AES secret key, RSA JKS key, or RSA public key) and delegate the actual cipher work to the protected static helpers defined here. The class also exposes convenience URL-encoding variants that wrap the cipher output in an additional Base64 layer so that the result is safe for use in URL path segments or query parameters.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected com.fasterxml.jackson.databind.ObjectMapperJacksonObjectMapperinjected by Spring for JSON serialization/deserialization. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected StringdecryptUri(String value, String key) Decodes the outer URL-safe Base64 layer and then decrypts the inner cipher text using the named key.protected abstract StringdecryptValue(String value, String key) Decrypts a Base64-encoded cipher text using the named key.decryptValue(String value, Key key, InstanceType instanceType) Decrypts a Base64-encoded cipher-text string using the supplied key and algorithm.protected StringencodeValue(String valueEncrypted) Applies an additional Base64 encoding to an already-encrypted value, making it safe for embedding in a URL.protected StringencryptUri(String value, String key) Encrypts a value and then encodes the result with an additional Base64 layer so that it is safe for use in URL path segments or query parameters.protected abstract StringencryptValue(String value, String key) Encrypts a plain-text value using the named key.static StringencryptValue(String value, Key key, InstanceType instanceType) Encrypts a plain-text string using the supplied key and algorithm, then encodes the resulting bytes as a Base64 string.protected static CiphergetCipher(int mode, Key key, InstanceType instanceType) Creates and initialises aCipherinstance for the given mode and key.
-
Field Details
-
objMapper
@Autowired protected com.fasterxml.jackson.databind.ObjectMapper objMapperJacksonObjectMapperinjected by Spring for JSON serialization/deserialization.
-
-
Constructor Details
-
CryptoKeyUtils
public CryptoKeyUtils()
-
-
Method Details
-
getCipher
protected static Cipher getCipher(int mode, Key key, InstanceType instanceType) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException Creates and initialises aCipherinstance for the given mode and key.- Parameters:
mode- the cipher mode, e.g.Cipher.ENCRYPT_MODEorCipher.DECRYPT_MODEkey- the cryptographic keyinstanceType- the algorithm identifier (AES, RSA, EC …)- Returns:
- an initialised
Cipher - Throws:
NoSuchAlgorithmException- if the requested algorithm is not availableNoSuchPaddingException- if the requested padding is not availableInvalidKeyException- if the key is inappropriate for the cipher
-
encryptValue
Encrypts a plain-text string using the supplied key and algorithm, then encodes the resulting bytes as a Base64 string.- Parameters:
value- the plain-text value to encrypt; ignored if blankkey- the cryptographic keyinstanceType- the algorithm identifier (AES, RSA, EC …)- Returns:
- the Base64-encoded cipher text, or
nullifvalueis blank - Throws:
CryptoException- if any cryptographic error occurs
-
decryptValue
Decrypts a Base64-encoded cipher-text string using the supplied key and algorithm.- Parameters:
value- the Base64-encoded cipher text to decrypt; ignored if blankkey- the cryptographic keyinstanceType- the algorithm identifier (AES, RSA, EC …)- Returns:
- the plain-text string, or
nullifvalueis blank - Throws:
CryptoException- if any cryptographic error occurs
-
encryptValue
Encrypts a plain-text value using the named key. Subclasses resolve the logical key name to the concreteKeyand delegate toencryptValue(String, Key, InstanceType).- Parameters:
value- the plain-text value to encryptkey- the logical key name used to look up the actual cryptographic key- Returns:
- the encrypted, Base64-encoded string
-
decryptValue
Decrypts a Base64-encoded cipher text using the named key. Subclasses resolve the logical key name to the concreteKeyand delegate todecryptValue(String, Key, InstanceType).- Parameters:
value- the Base64-encoded cipher text to decryptkey- the logical key name used to look up the actual cryptographic key- Returns:
- the plain-text string
-
encryptUri
Encrypts a value and then encodes the result with an additional Base64 layer so that it is safe for use in URL path segments or query parameters.- Parameters:
value- the plain-text value to encryptkey- the logical key name- Returns:
- the doubly-encoded cipher text suitable for embedding in a URL
-
encodeValue
Applies an additional Base64 encoding to an already-encrypted value, making it safe for embedding in a URL.- Parameters:
valueEncrypted- the encrypted (Base64) string to encode further- Returns:
- the URL-safe double-encoded string, or
nullif the input is empty
-
decryptUri
Decodes the outer URL-safe Base64 layer and then decrypts the inner cipher text using the named key.- Parameters:
value- the URL-safe double-encoded cipher textkey- the logical key name- Returns:
- the plain-text string, or
nullifvalueis blank
-