New features, tests and some needed refactoring

(cherry picked from commit 9cb8c02)

Author: sgrampone

gamutils/src/main/java/com/genexus/gam/GamUtilsEO.java

@@ -1,6 +1,11 @@
 package com.genexus.gam;
 
-import com.genexus.gam.utils.*;
+import com.genexus.gam.utils.Random;
+import com.genexus.gam.utils.cryptography.Encryption;
+import com.genexus.gam.utils.cryptography.Hash;
+import com.genexus.gam.utils.json.Jwk;
+import com.genexus.gam.utils.json.Jwks;
+import com.genexus.gam.utils.json.Jwt;
 
 public class GamUtilsEO {
 
@@ -11,15 +16,24 @@ public static String sha512(String plainText) {
 		return Hash.sha512(plainText);
 	}
 
+	//**ENCRYPTION**//
+
+	public static String AesGcm(String input, String key, String nonce, int macSize, boolean toEncrypt) {
+		return Encryption.AesGcm(input, key, nonce, macSize, toEncrypt);
+	}
+
 	//**RANDOM**//
 	public static String randomAlphanumeric(int length) {
-		return Random.randomAlphanumeric(length);
+		return Random.alphanumeric(length);
 	}
 
 	public static String randomNumeric(int length) {
-		return Random.randomNumeric(length);
+		return Random.numeric(length);
 	}
 
+	public static String randomHexaBits(int bits) {
+		return Random.hexaBits(bits);
+	}
 
 	//**JWK**//
 
@@ -50,5 +64,9 @@ public static boolean verifyJWTWithFile(String path, String alias, String passwo
 		return Jwt.verify(path, alias, password, token);
 	}
 
+	public static String createJWTWithFile(String path, String alias, String password, String payload, String header) {
+		return Jwt.create(path, alias, password, payload, header);
+	}
+
 	/********EXTERNAL OBJECT PUBLIC METHODS  - END ********/
 }

gamutils/src/main/java/com/genexus/gam/utils/Random.java

@@ -18,7 +18,7 @@ private static SecureRandom instanceRandom() {
 		}
 	}
 
-	public static String randomAlphanumeric(int length) {
+	public static String alphanumeric(int length) {
 		SecureRandom random = instanceRandom();
 		if (random == null) {
 			logger.error("randomAlphanumeric SecureRandom is null");
@@ -31,7 +31,7 @@ public static String randomAlphanumeric(int length) {
 		return sb.toString();
 	}
 
-	public static String randomNumeric(int length) {
+	public static String numeric(int length) {
 		SecureRandom random = instanceRandom();
 		if (random == null) {
 			logger.error("randomNumeric SecureRandom is null");
@@ -43,4 +43,20 @@ public static String randomNumeric(int length) {
 		}
 		return sb.toString();
 	}
+
+	public static String hexaBits(int bits)
+	{
+		SecureRandom random = instanceRandom();
+		if (random == null) {
+			logger.error("randomNumeric SecureRandom is null");
+			return "";
+		}
+		byte[] values = new byte[bits / 8];
+		random.nextBytes(values);
+		StringBuilder sb = new StringBuilder();
+		for (byte b : values) {
+			sb.append(String.format("%02x", b));
+		}
+		return sb.toString().replaceAll("\\s", "");
+	}
 }

gamutils/src/main/java/com/genexus/gam/utils/cryptography/Encryption.java

@@ -0,0 +1,38 @@
+package com.genexus.gam.utils.cryptography;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.nio.charset.StandardCharsets;
+
+public class Encryption {
+
+	private static Logger logger = LogManager.getLogger(Encryption.class);
+
+	public static String AesGcm(String input, String key, String nonce, int macSize, boolean toEncrypt) {
+		return toEncrypt ? Base64.toBase64String(internal_AesGcm(input.getBytes(StandardCharsets.UTF_8), key, nonce, macSize, toEncrypt)) : new String(internal_AesGcm(Base64.decode(input), key, nonce, macSize, toEncrypt), StandardCharsets.UTF_8);
+	}
+
+	public static byte[] internal_AesGcm(byte[] inputBytes, String key, String nonce, int macSize, boolean toEncrypt) {
+		logger.debug("internal_AesGcm");
+		AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
+		AEADParameters AEADparams = new AEADParameters(new KeyParameter(Hex.decode(key)), macSize, Hex.decode(nonce));
+		try {
+			cipher.init(toEncrypt, AEADparams);
+			byte[] outputBytes = new byte[cipher.getOutputSize(inputBytes.length)];
+			int length = cipher.processBytes(inputBytes, 0, inputBytes.length, outputBytes, 0);
+			cipher.doFinal(outputBytes, length);
+			return outputBytes;
+		} catch (Exception e) {
+			logger.error("Aes_gcm", e);
+			return null;
+		}
+	}
+}

gamutils/src/main/java/com/genexus/gam/utils/Hash.java renamed to gamutils/src/main/java/com/genexus/gam/utils/cryptography/Hash.java

@@ -1,4 +1,4 @@
-package com.genexus.gam.utils;
+package com.genexus.gam.utils.cryptography;
 
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;

gamutils/src/main/java/com/genexus/gam/utils/Jwk.java renamed to gamutils/src/main/java/com/genexus/gam/utils/json/Jwk.java

@@ -1,4 +1,4 @@
-package com.genexus.gam.utils;
+package com.genexus.gam.utils.json;
 
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.jwk.JWK;

gamutils/src/main/java/com/genexus/gam/utils/Jwks.java renamed to gamutils/src/main/java/com/genexus/gam/utils/json/Jwks.java

@@ -1,4 +1,4 @@
-package com.genexus.gam.utils;
+package com.genexus.gam.utils.json;
 
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;

gamutils/src/main/java/com/genexus/gam/utils/Jwt.java renamed to gamutils/src/main/java/com/genexus/gam/utils/json/Jwt.java

@@ -1,5 +1,7 @@
-package com.genexus.gam.utils;
+package com.genexus.gam.utils.json;
 
+import com.genexus.gam.utils.keys.CertificateUtil;
+import com.genexus.gam.utils.keys.PrivateKeyUtil;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSVerifier;
 import com.nimbusds.jose.crypto.RSASSASigner;
@@ -44,6 +46,11 @@ public static boolean verify(String path, String alias, String password, String
 		return verify((RSAPublicKey) CertificateUtil.getCertificate(path, alias, password).getPublicKey(), token);
 	}
 
+	public static String create(String path, String alias, String password, String payload, String header)
+	{
+		return create(PrivateKeyUtil.getPrivateKey(path, alias, password), payload, header);
+	}
+
 	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
 
 

gamutils/src/main/java/com/genexus/gam/utils/CertificateUtil.java renamed to gamutils/src/main/java/com/genexus/gam/utils/keys/CertificateUtil.java

@@ -1,19 +1,20 @@
-package com.genexus.gam.utils;
+package com.genexus.gam.utils.keys;
 
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 import org.apache.commons.io.FilenameUtils;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
 import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.util.encoders.Base64;
 
 import java.io.*;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 
 public enum CertificateUtil {
 
-	crt, cer, pfx, jks, pkcs12, p12, pem, key;
+	crt, cer, pfx, jks, pkcs12, p12, pem, key, b64;
 
 	private static Logger logger = LogManager.getLogger(CertificateUtil.class);
 
@@ -35,18 +36,17 @@ public static CertificateUtil value(String ext) {
 				return pem;
 			case "key":
 				return key;
+			case "b64":
+				return b64;
 			default:
 				logger.error("Invalid certificate file extension");
 				return null;
 		}
 	}
 
 	public static X509Certificate getCertificate(String path, String alias, String password) {
-		CertificateUtil ext = CertificateUtil.value(FilenameUtils.getExtension(path));
-		if (ext == null) {
-			logger.error("Error reading certificate path");
-			return null;
-		}
+		String extension = FilenameUtils.getExtension(path);
+		CertificateUtil ext = extension.isEmpty() ? CertificateUtil.value("b64"): CertificateUtil.value(extension);
 		switch (ext) {
 			case crt:
 			case cer:
@@ -59,12 +59,27 @@ public static X509Certificate getCertificate(String path, String alias, String p
 			case pem:
 			case key:
 				return loadFromPkcs8(path);
+			case b64:
+				return loadBase64(path);
 			default:
 				logger.error("Invalid certificate file extension");
 				return null;
 		}
 	}
 
+	private static X509Certificate loadBase64(String base64)
+	{
+		logger.debug("loadBase64");
+		try {
+			ByteArrayInputStream byteArray = new ByteArrayInputStream(Base64.decode(base64));
+			CertificateFactory factory = new CertificateFactory();
+			return (X509Certificate) factory.engineGenerateCertificate(byteArray);
+		} catch (Exception e) {
+			logger.error("loadBase64", e);
+			return null;
+		}
+	}
+
 	private static X509Certificate loadFromPkcs8(String path) {
 		try (FileReader privateKeyReader = new FileReader(new File(path))) {
 			try (PEMParser parser = new PEMParser(privateKeyReader)) {

gamutils/src/main/java/com/genexus/gam/utils/keys/PrivateKeyUtil.java

@@ -0,0 +1,132 @@
+package com.genexus.gam.utils.keys;
+
+import org.apache.commons.io.FilenameUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.util.encoders.Base64;
+
+import java.io.FileReader;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+public enum PrivateKeyUtil {
+
+	pfx, jks, pkcs12, p12, pem, key, b64;
+
+	private static Logger logger = LogManager.getLogger(PrivateKeyUtil.class);
+
+	public static PrivateKeyUtil value(String ext) {
+		switch (ext.toLowerCase().trim()) {
+			case "pfx":
+				return pfx;
+			case "jks":
+				return jks;
+			case "pkcs12":
+				return pkcs12;
+			case "p12":
+				return p12;
+			case "pem":
+				return pem;
+			case "key":
+				return key;
+			case "b64":
+				return b64;
+			default:
+				logger.error("Invalid certificate file extension");
+				return null;
+		}
+	}
+
+	public static RSAPrivateKey getPrivateKey(String path, String alias, String password) {
+		String extension = FilenameUtils.getExtension(path);
+		PrivateKeyUtil ext = extension.isEmpty() ? PrivateKeyUtil.value("b64"): PrivateKeyUtil.value(extension);
+		switch (ext) {
+			case pfx:
+			case jks:
+			case pkcs12:
+			case p12:
+				return loadFromPkcs12(path, alias, password);
+			case pem:
+			case key:
+				return loadFromPkcs8(path);
+			case b64:
+				return loadFromBase64(path);
+			default:
+				logger.error("Invalid private key file extension");
+				return null;
+		}
+	}
+
+	private static RSAPrivateKey loadFromBase64(String base64)
+	{
+		logger.debug("loadFromBase64");
+		try(ASN1InputStream stream = new ASN1InputStream(Base64.decode(base64))) {
+			ASN1Sequence seq = (ASN1Sequence) stream.readObject();
+			return castPrivateKeyInfo(PrivateKeyInfo.getInstance(seq));
+		}catch (Exception e)
+		{
+			logger.error("loadFromBase64", e);
+			return null;
+		}
+	}
+
+	private static RSAPrivateKey loadFromPkcs8(String path) {
+		logger.debug("loadFromPkcs8");
+		try (FileReader privateKeyReader = new FileReader(path)) {
+			try (PEMParser parser = new PEMParser(privateKeyReader)) {
+				Object obj;
+				obj = parser.readObject();
+				if (obj instanceof PrivateKeyInfo) {
+					return castPrivateKeyInfo((PrivateKeyInfo) obj);
+				} else if (obj instanceof PEMKeyPair) {
+					PEMKeyPair pemKeyPair = (PEMKeyPair) obj;
+					return castPrivateKeyInfo(pemKeyPair.getPrivateKeyInfo());
+				} else {
+					logger.error("loadFromPkcs8: Could not load private key");
+					return null;
+				}
+			}
+		} catch (Exception e) {
+			logger.error("loadFromPkcs8", e);
+			return null;
+		}
+	}
+
+	private static RSAPrivateKey castPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) {
+		logger.debug("castPrivateKeyInfo");
+		try {
+			KeyFactory kf = KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId());
+			PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
+			return (RSAPrivateKey) kf.generatePrivate(keySpec);
+		} catch (Exception e) {
+			logger.error("castPrivateKeyInfo", e);
+			return null;
+		}
+	}
+
+	private static RSAPrivateKey loadFromPkcs12(String path, String alias, String password) {
+		logger.debug("loadFromPkcs12");
+		try (InputStream targetStream = Files.newInputStream(Paths.get(path))) {
+			KeyStore ks = KeyStore.getInstance("PKCS12");
+			ks.load(targetStream, password.toCharArray());
+			if (alias.isEmpty()) {
+				return (RSAPrivateKey) ks.getKey(ks.aliases().nextElement(), password.toCharArray());
+			} else {
+				return (RSAPrivateKey) ks.getKey(alias, password.toCharArray());
+			}
+		} catch (Exception e) {
+			logger.error("loadFromPkcs12", e);
+			return null;
+		}
+	}
+}

gamutils/src/test/java/com/genexus/gam/utils/test/CertificateTest.java

@@ -1,6 +1,6 @@
 package com.genexus.gam.utils.test;
 
-import com.genexus.gam.utils.CertificateUtil;
+import com.genexus.gam.utils.keys.CertificateUtil;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -76,4 +76,12 @@ public void testLoadKey() {
 		X509Certificate cert = CertificateUtil.getCertificate(path_RSA_sha256_2048 + "sha256_cert.key", "", "");
 		Assert.assertNotNull("testLoadKey", cert);
 	}
+
+	@Test
+	public void testLoadBase64()
+	{
+		String base64 = "MIIEATCCAumgAwIBAgIJAIAqvKHZ+gFhMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJVWTETMBEGA1UECAwKTW9udGV2aWRlbzETMBEGA1UEBwwKTW9udGV2aWRlbzEQMA4GA1UECgwHR2VuZVh1czERMA8GA1UECwwIU2VjdXJpdHkxEjAQBgNVBAMMCXNncmFtcG9uZTEkMCIGCSqGSIb3DQEJARYVc2dyYW1wb25lQGdlbmV4dXMuY29tMB4XDTIwMDcwODE4NTcxN1oXDTI1MDcwNzE4NTcxN1owgZYxCzAJBgNVBAYTAlVZMRMwEQYDVQQIDApNb250ZXZpZGVvMRMwEQYDVQQHDApNb250ZXZpZGVvMRAwDgYDVQQKDAdHZW5lWHVzMREwDwYDVQQLDAhTZWN1cml0eTESMBAGA1UEAwwJc2dyYW1wb25lMSQwIgYJKoZIhvcNAQkBFhVzZ3JhbXBvbmVAZ2VuZXh1cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1zgaU+Wh63p9DNWoAy64252EvZjN49AY3x0QCnAa8JO9Pk7znQwrxEFUKgZzv0GHEYW7+X+uyJr7BW4TA6fuJJ8agE/bmZRZyjdJjoue0FML6fbmCZ9Tsxpxe4pzispyWQ8jYT4Kl4I3fdZNUSn4XSidnDKBISeC05mrcchDKhInpiYDJ481lsB4JTEti3S4Xy/ToKwY4t6attw6z5QDhBc+Yro+YUqruliOAKqcfybe9k07jwMCvFVM1hrYYJ7hwHDSFo3MKwZ0y2gw0w6SgVBxLFo+KYP3q63b5wVhD8lzaSh+8UcyiHM2/yjEej7EnRFzdclTSNXRFNaiLnEVdAgMBAAGjUDBOMB0GA1UdDgQWBBQtQAWJRWNr/OswPSAdwCQh0Eei/DAfBgNVHSMEGDAWgBQtQAWJRWNr/OswPSAdwCQh0Eei/DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCjHe3JbNKv0Ywc1zlLacUNWcjLbmzvnjs8Wq5oxtf5wG5PUlhLSYZ9MPhuf95PlibnrO/xVY292P5lo4NKhS7VOonpbPQ/PrCMO84Pz1LGfM/wCWQIowh6VHq18PiZka9zbwl6So0tgClKkFSRk4wpKrWX3+M3+Y+D0brd8sEtA6dXeYHDtqV0YgjKdZIIOx0vDT4alCoVQrQ1yAIq5INT3cSLgJezIhEadDv3Tc7bMxMFeL+81qHm9Z/9/KE6Z+JB0ZEOkF/2NSQJd+Z7MBR8CxOdTQis3ltMoXDatNkjZ2Env40sw4NICB8YYhsWMIarew5uNT+RS28YHNlbmogh";
+		X509Certificate cert = CertificateUtil.getCertificate(base64, "", "");
+		Assert.assertNotNull("testLoadBase64", cert);
+	}
 }