Class CryptoKeyUtils

java.lang.Object
com.bld.crypto.bean.CryptoKeyUtils
Direct Known Subclasses:
CryptoAesUtils, CryptoJksUtils, CryptoMapPublicKeyUtils, CryptoPublicKeyUtils

public abstract class CryptoKeyUtils extends Object
Abstract base class that provides low-level encrypt/decrypt operations using the Java Cipher API.

Concrete subclasses supply the key-lookup strategy (AES secret key, RSA JKS key, or RSA public key) and delegate the actual cipher work to the protected static helpers defined here. The class also exposes convenience URL-encoding variants that wrap the cipher output in an additional Base64 layer so that the result is safe for use in URL path segments or query parameters.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected com.fasterxml.jackson.databind.ObjectMapper
    Jackson ObjectMapper injected by Spring for JSON serialization/deserialization.
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    protected String
    decryptUri(String value, String key)
    Decodes the outer URL-safe Base64 layer and then decrypts the inner cipher text using the named key.
    protected abstract String
    decryptValue(String value, String key)
    Decrypts a Base64-encoded cipher text using the named key.
    decryptValue(String value, Key key, InstanceType instanceType)
    Decrypts a Base64-encoded cipher-text string using the supplied key and algorithm.
    protected String
    encodeValue(String valueEncrypted)
    Applies an additional Base64 encoding to an already-encrypted value, making it safe for embedding in a URL.
    protected String
    encryptUri(String value, String key)
    Encrypts a value and then encodes the result with an additional Base64 layer so that it is safe for use in URL path segments or query parameters.
    protected abstract String
    encryptValue(String value, String key)
    Encrypts a plain-text value using the named key.
    static String
    encryptValue(String value, Key key, InstanceType instanceType)
    Encrypts a plain-text string using the supplied key and algorithm, then encodes the resulting bytes as a Base64 string.
    protected static Cipher
    getCipher(int mode, Key key, InstanceType instanceType)
    Creates and initialises a Cipher instance for the given mode and key.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • objMapper

      @Autowired protected com.fasterxml.jackson.databind.ObjectMapper objMapper
      Jackson ObjectMapper injected by Spring for JSON serialization/deserialization.
  • Constructor Details

    • CryptoKeyUtils

      public CryptoKeyUtils()
  • Method Details

    • getCipher

      protected static Cipher getCipher(int mode, Key key, InstanceType instanceType) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException
      Creates and initialises a Cipher instance for the given mode and key.
      Parameters:
      mode - the cipher mode, e.g. Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE
      key - the cryptographic key
      instanceType - the algorithm identifier (AES, RSA, EC …)
      Returns:
      an initialised Cipher
      Throws:
      NoSuchAlgorithmException - if the requested algorithm is not available
      NoSuchPaddingException - if the requested padding is not available
      InvalidKeyException - if the key is inappropriate for the cipher
    • encryptValue

      public static String encryptValue(String value, Key key, InstanceType instanceType)
      Encrypts a plain-text string using the supplied key and algorithm, then encodes the resulting bytes as a Base64 string.
      Parameters:
      value - the plain-text value to encrypt; ignored if blank
      key - the cryptographic key
      instanceType - the algorithm identifier (AES, RSA, EC …)
      Returns:
      the Base64-encoded cipher text, or null if value is blank
      Throws:
      CryptoException - if any cryptographic error occurs
    • decryptValue

      public String decryptValue(String value, Key key, InstanceType instanceType)
      Decrypts a Base64-encoded cipher-text string using the supplied key and algorithm.
      Parameters:
      value - the Base64-encoded cipher text to decrypt; ignored if blank
      key - the cryptographic key
      instanceType - the algorithm identifier (AES, RSA, EC …)
      Returns:
      the plain-text string, or null if value is blank
      Throws:
      CryptoException - if any cryptographic error occurs
    • encryptValue

      protected abstract String encryptValue(String value, String key)
      Encrypts a plain-text value using the named key. Subclasses resolve the logical key name to the concrete Key and delegate to encryptValue(String, Key, InstanceType).
      Parameters:
      value - the plain-text value to encrypt
      key - the logical key name used to look up the actual cryptographic key
      Returns:
      the encrypted, Base64-encoded string
    • decryptValue

      protected abstract String decryptValue(String value, String key)
      Decrypts a Base64-encoded cipher text using the named key. Subclasses resolve the logical key name to the concrete Key and delegate to decryptValue(String, Key, InstanceType).
      Parameters:
      value - the Base64-encoded cipher text to decrypt
      key - the logical key name used to look up the actual cryptographic key
      Returns:
      the plain-text string
    • encryptUri

      protected String encryptUri(String value, String key)
      Encrypts a value and then encodes the result with an additional Base64 layer so that it is safe for use in URL path segments or query parameters.
      Parameters:
      value - the plain-text value to encrypt
      key - the logical key name
      Returns:
      the doubly-encoded cipher text suitable for embedding in a URL
    • encodeValue

      protected String encodeValue(String valueEncrypted)
      Applies an additional Base64 encoding to an already-encrypted value, making it safe for embedding in a URL.
      Parameters:
      valueEncrypted - the encrypted (Base64) string to encode further
      Returns:
      the URL-safe double-encoded string, or null if the input is empty
    • decryptUri

      protected String decryptUri(String value, String key)
      Decodes the outer URL-safe Base64 layer and then decrypts the inner cipher text using the named key.
      Parameters:
      value - the URL-safe double-encoded cipher text
      key - the logical key name
      Returns:
      the plain-text string, or null if value is blank