Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String,
byte[] key16)
---------------------------------------------------------------------------------------
Key: CLK-608
URL: https://issues.apache.org/jira/browse/CLK-608
Project: Click
Issue Type: Improvement
Components: core
Reporter: Andrey Rybin
Priority: Minor
ClickUtils has handy methods encode(Object) and decode(String), but it is
possible for client to corrupt our internal state in saved objects.
If you will add also encode(Object, byte[] key16) and ClickUtils.decode(String,
byte[] key16), which will encipher serialized, gzipped object before base64
encoding and decipher after base64 decoding, then objects will be safe and we
can store all sensitive information on client side.
Encipher/decipher are easy in Java:
private static final String DEFAULT_CRYPT_ALGORITHM = "AES";
public static byte[] encrypt (@NotNull final byte[] src, @NotNull final
byte[] key16) throws IllegalArgumentException {
final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws
IAE
try {
final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
cf.init(Cipher.ENCRYPT_MODE, sks);
//byte[] out = cf.update(buf, 0, n);
return cf.doFinal(src);
} catch (Throwable e) {
throw new IllegalArgumentException("encrypt failed for "+
toHexString(key16) +'='+ sks, e);
}//t
}//encrypt
public static byte[] decrypt (@NotNull final byte[] src, @NotNull final
byte[] key16) throws IllegalArgumentException {
final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws
IAE
try {
final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
cf.init(Cipher.DECRYPT_MODE, sks);
//byte[] out = cf.update(buf, 0, n);
return cf.doFinal(src);
} catch (Throwable e) {
throw new IllegalArgumentException("decrypt failed for "+
toHexString(key16) +'='+ sks, e);
}//t
}//decrypt
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
