This repository has been archived by the owner on May 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
26 changed files
with
252 additions
and
512 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
21 changes: 21 additions & 0 deletions
21
src/main/kotlin/network/cere/ddc/crypto/v1/common/BaseCryptoService.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package network.cere.ddc.crypto.v1.common | ||
|
||
import com.goterl.lazysodium.LazySodium | ||
import com.goterl.lazysodium.interfaces.AEAD | ||
import com.goterl.lazysodium.interfaces.Box | ||
import com.goterl.lazysodium.utils.Key | ||
|
||
abstract class BaseCryptoService(protected val sodium: LazySodium) { | ||
protected companion object { | ||
const val JSON_ROOT_PATH = "$" | ||
} | ||
|
||
private val emptyNonce = ByteArray(Box.NONCEBYTES) | ||
private val encryptionMethod = AEAD.Method.XCHACHA20_POLY1305_IETF | ||
|
||
protected fun encrypt(message: String, key: Key) = | ||
sodium.encrypt(message, null, emptyNonce, key, encryptionMethod) | ||
|
||
protected fun decrypt(cipherHex: String, key: Key) = | ||
sodium.decrypt(cipherHex, null, emptyNonce, key, encryptionMethod) | ||
} |
9 changes: 0 additions & 9 deletions
9
src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/AbstractDecrypter.kt
This file was deleted.
Oops, something went wrong.
47 changes: 42 additions & 5 deletions
47
src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/Decrypter.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,46 @@ | ||
package network.cere.ddc.crypto.v1.decrypt | ||
|
||
import network.cere.ddc.crypto.v1.TypeHint | ||
import com.fasterxml.jackson.databind.JsonNode | ||
import com.goterl.lazysodium.LazySodium | ||
import com.goterl.lazysodium.utils.Key | ||
import com.jayway.jsonpath.JsonPath | ||
import network.cere.ddc.crypto.v1.common.BaseCryptoService | ||
import org.jsfr.json.JacksonParser | ||
import org.jsfr.json.JsonPathListener | ||
import org.jsfr.json.JsonSurfer | ||
import org.jsfr.json.ParsingContext | ||
import org.jsfr.json.provider.JacksonProvider | ||
|
||
interface Decrypter { | ||
val supportedDataType: TypeHint | ||
|
||
fun decrypt(data: ByteArray): ByteArray | ||
class Decrypter( | ||
sodium: LazySodium, | ||
private val pathToDecryptToDecryptionKeyHex: Map<String, String> | ||
) : BaseCryptoService(sodium) { | ||
fun decrypt(data: String): String { | ||
val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE) | ||
val toReplace = mutableMapOf<String, String>() | ||
val builder = surfer.configBuilder() | ||
pathToDecryptToDecryptionKeyHex.forEach { | ||
builder.bind(it.key, object : JsonPathListener { | ||
override fun onValue(value: Any, context: ParsingContext) { | ||
val node = value as JsonNode | ||
if (node.isValueNode) { | ||
val path = context.jsonPath | ||
toReplace[path] = decrypt(node.textValue(), Key.fromHexString(it.value)) | ||
} | ||
} | ||
}) | ||
} | ||
return runCatching { | ||
builder.buildAndSurf(data) | ||
}.fold( | ||
{ | ||
val ctx = JsonPath.parse(data) | ||
toReplace.forEach { (p, v) -> ctx.set(p, v) } | ||
ctx.jsonString() | ||
}, | ||
{ | ||
decrypt(data, Key.fromHexString(pathToDecryptToDecryptionKeyHex[JSON_ROOT_PATH])) | ||
} | ||
) | ||
} | ||
} |
5 changes: 0 additions & 5 deletions
5
src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/DecryptionConfig.kt
This file was deleted.
Oops, something went wrong.
36 changes: 0 additions & 36 deletions
36
src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/JsonDataDecrypter.kt
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
src/main/kotlin/network/cere/ddc/crypto/v1/decrypt/RawDataDecrypter.kt
This file was deleted.
Oops, something went wrong.
9 changes: 0 additions & 9 deletions
9
src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/AbstractEncrypter.kt
This file was deleted.
Oops, something went wrong.
56 changes: 52 additions & 4 deletions
56
src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/Encrypter.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,57 @@ | ||
package network.cere.ddc.crypto.v1.encrypt | ||
|
||
import network.cere.ddc.crypto.v1.TypeHint | ||
import com.fasterxml.jackson.databind.JsonNode | ||
import com.goterl.lazysodium.LazySodium | ||
import com.goterl.lazysodium.utils.Key | ||
import com.jayway.jsonpath.JsonPath | ||
import network.cere.ddc.crypto.v1.common.BaseCryptoService | ||
import org.jsfr.json.JacksonParser | ||
import org.jsfr.json.JsonPathListener | ||
import org.jsfr.json.JsonSurfer | ||
import org.jsfr.json.ParsingContext | ||
import org.jsfr.json.provider.JacksonProvider | ||
|
||
interface Encrypter { | ||
val supportedDataType: TypeHint | ||
class Encrypter( | ||
sodium: LazySodium, | ||
private val encryptionConfig: EncryptionConfig | ||
) : BaseCryptoService(sodium) { | ||
private val masterKey = Key.fromHexString(encryptionConfig.masterKeyHex) | ||
|
||
fun encrypt(data: ByteArray): ByteArray | ||
fun encrypt(data: String): Pair<String, Map<String, String>> { | ||
val surfer = JsonSurfer(JacksonParser.INSTANCE, JacksonProvider.INSTANCE) | ||
val toReplace = mutableMapOf<String, String>() | ||
val builder = surfer.configBuilder() | ||
val pathToKey = mutableMapOf<String, String>() | ||
encryptionConfig.jsonPathsToEncrypt.forEach { | ||
builder.bind(it, object : JsonPathListener { | ||
override fun onValue(value: Any, context: ParsingContext) { | ||
val node = value as JsonNode | ||
if (node.isValueNode) { | ||
val path = context.jsonPath | ||
val dek = dek(path) | ||
val encrypted = encrypt(node.asText(), Key.fromHexString(dek)) | ||
toReplace[path] = encrypted | ||
pathToKey[path] = dek | ||
} | ||
} | ||
}) | ||
} | ||
return runCatching { | ||
builder.buildAndSurf(data) | ||
}.fold( | ||
{ | ||
val ctx = JsonPath.parse(data) | ||
toReplace.forEach { (p, v) -> ctx.set(p, v) } | ||
ctx.jsonString() to pathToKey | ||
}, | ||
{ | ||
val dek = dek(JSON_ROOT_PATH) | ||
encrypt(data, Key.fromHexString(dek)) to mapOf(JSON_ROOT_PATH to dek) | ||
} | ||
) | ||
} | ||
|
||
private fun dek(path: String): String { | ||
return sodium.cryptoGenericHash(path, masterKey) | ||
} | ||
} |
68 changes: 0 additions & 68 deletions
68
src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/JsonDataEncrypter.kt
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
src/main/kotlin/network/cere/ddc/crypto/v1/encrypt/RawDataEncrypter.kt
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
src/main/kotlin/network/cere/ddc/crypto/v1/sign/Ed25519Signer.kt
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.