bitstorm commented on a change in pull request #462: URL: https://github.com/apache/wicket/pull/462#discussion_r592726278
########## File path: wicket-util/src/main/java/org/apache/wicket/util/crypt/CipherUtils.java ########## @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.util.crypt; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * Utility class meant to help building {@link Cipher}. + */ +public class CipherUtils +{ + /** + * Generate a new {@link SecretKey} based on the given algorithm and with the given length. + * + * @param algorithm + * the algorithm that will be used to build the key. + * @param keyLength + * the key length + * @return a new {@link SecretKey} + */ + public static SecretKey generateKey(String algorithm, int keyLength) + { + try + { + KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm); + keyGenerator.init(keyLength); + SecretKey key = keyGenerator.generateKey(); + return key; + } + catch (NoSuchAlgorithmException e) + { + throw new RuntimeException(e); + } + } + + /** + * + * + * @param password + * the password that will be used to build the key. + * @param pbeAlgorithm + * the password-based algorithm that will be used to build the key. + * @param keyAlgorithm + * the algorithm that will be used to build the key. + * @param salt + * salt for encryption. + * @param iterationCount + * iteration count. + * @param keyLength + * the key length. + * @return a new {@link SecretKey} + */ + public static SecretKey generatePBEKey(String password, String pbeAlgorithm, + String keyAlgorithm, byte[] salt, int iterationCount, int keyLength) + { + try + { + SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgorithm); + KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keyLength); + SecretKey secret = new SecretKeySpec(factory.generateSecret(spec).getEncoded(), + keyAlgorithm); + return secret; + } + catch (NoSuchAlgorithmException | InvalidKeySpecException e) + { + throw new RuntimeException(e); + } + } + + /** + * Generates a random generated byte array of the given size. + * + * @param size + * the size of the array. + * @return the new byte array of the given size. + */ + public static byte[] randomByteArray(int size) + { + byte[] iv = new byte[size]; + new SecureRandom().nextBytes(iv); Review comment: Unfortunately we are talking of classes from module wicket-util which can't see or use classes Application or ISecureRandomSupplier. But we could move AESCrypt to wicket-core module so it can access to application setting. WDYT? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
