changes according to comments

mustyantsev · mustyantsev · commit 1d0af7b506b0 · 2024-04-22T16:02:42.000+03:00
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/AesGcm.java b/sdk/src/main/java/io/opentdf/platform/sdk/AesGcm.java
@@ -3,7 +3,6 @@
 import javax.crypto.*;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -14,21 +13,33 @@
 public class AesGcm {
     private static final int GCM_NONCE_LENGTH = 12; // in bytes
     private static final int GCM_TAG_LENGTH = 16; // in bytes
+    private static final String CIPHER_TRANSFORM = "AES/GCM/NoPadding";
 
     private final SecretKey key;
 
+    /**
+     * <p>Constructor for AesGcm.</p>
+     *
+     * @param key secret key for encryption and decryption
+     */
     public AesGcm(byte[] key) {
         if (key.length == 0) {
             throw new IllegalArgumentException("Invalid key size for gcm encryption");
         }
         this.key = new SecretKeySpec(key, "AES");
     }
 
+    /**
+     * <p>encrypt.</p>
+     *
+     * @param plaintext the plaintext to encrypt
+     * @return the encrypted text
+     */
     public byte[] encrypt(byte[] plaintext) throws NoSuchPaddingException, NoSuchAlgorithmException,
             InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
-        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
         byte[] nonce = new byte[GCM_NONCE_LENGTH];
-        new SecureRandom().nextBytes(nonce);
+        SecureRandom.getInstanceStrong().nextBytes(nonce);
         GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
         cipher.init(Cipher.ENCRYPT_MODE, key, spec);
 
@@ -39,9 +50,15 @@ public byte[] encrypt(byte[] plaintext) throws NoSuchPaddingException, NoSuchAlg
         return cipherTextWithNonce;
     }
 
+    /**
+     * <p>decrypt.</p>
+     *
+     * @param cipherTextWithNonce the ciphertext with nonce to decrypt
+     * @return the decrypted text
+     */
     public byte[] decrypt(byte[] cipherTextWithNonce) throws NoSuchPaddingException, NoSuchAlgorithmException,
             InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
-        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
         byte[] nonce = Arrays.copyOfRange(cipherTextWithNonce, 0, GCM_NONCE_LENGTH);
         byte[] cipherText = Arrays.copyOfRange(cipherTextWithNonce, GCM_NONCE_LENGTH, cipherTextWithNonce.length);
         GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/AsymDecryption.java b/sdk/src/main/java/io/opentdf/platform/sdk/AsymDecryption.java
@@ -1,18 +1,25 @@
 package io.opentdf.platform.sdk;
 
 import javax.crypto.Cipher;
-import java.nio.charset.StandardCharsets;
 import java.security.*;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Base64;
 
 public class AsymDecryption {
     private PrivateKey privateKey;
+    private static final String PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
+    private static final String PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
+    private static final String CIPHER_TRANSFORM = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
 
+    /**
+     * <p>Constructor for AsymDecryption.</p>
+     *
+     * @param privateKeyInPem a Private Key in PEM format
+     */
     public AsymDecryption(String privateKeyInPem) throws Exception {
         String privateKeyPEM = privateKeyInPem
-                .replace("-----BEGIN PRIVATE KEY-----\n", "")
-                .replace("-----END PRIVATE KEY-----\n", "")
+                .replace(PRIVATE_KEY_HEADER, "")
+                .replace(PRIVATE_KEY_FOOTER, "")
                 .replaceAll("\\s", ""); // remove whitespaces
 
         byte[] decoded = Base64.getDecoder().decode(privateKeyPEM);
@@ -22,12 +29,18 @@ public AsymDecryption(String privateKeyInPem) throws Exception {
         this.privateKey = kf.generatePrivate(spec);
     }
 
+    /**
+     * <p>decrypt.</p>
+     *
+     * @param data the data to decrypt
+     * @return the decrypted data
+     */
     public byte[] decrypt(byte[] data) throws Exception {
         if (this.privateKey == null) {
             throw new Exception("Failed to decrypt, private key is empty");
         }
 
-        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
+        Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
         cipher.init(Cipher.DECRYPT_MODE, this.privateKey);
         return cipher.doFinal(data);
     }
diff --git a/sdk/src/main/java/io/opentdf/platform/sdk/AsymEncryption.java b/sdk/src/main/java/io/opentdf/platform/sdk/AsymEncryption.java
@@ -1,18 +1,25 @@
 package io.opentdf.platform.sdk;
 
-
 import javax.crypto.Cipher;
-import java.nio.charset.StandardCharsets;
 import java.security.*;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
 
 public class AsymEncryption {
     private PublicKey publicKey;
-
+    private static final String PUBLIC_KEY_HEADER = "-----BEGIN PUBLIC KEY-----";
+    private static final String PUBLIC_KEY_FOOTER = "-----END PUBLIC KEY-----";
+    private static final String CIPHER_TRANSFORM = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
+
+    /**
+     * <p>Constructor for AsymEncryption.</p>
+     *
+     * @param publicKeyInPem a Public Key in PEM format
+     */
     public AsymEncryption(String publicKeyInPem) throws Exception {
-        publicKeyInPem = publicKeyInPem.replace("-----BEGIN PUBLIC KEY-----", "")
-                .replace("-----END PUBLIC KEY-----", "")
+        publicKeyInPem = publicKeyInPem
+                .replace(PUBLIC_KEY_HEADER, "")
+                .replace(PUBLIC_KEY_FOOTER, "")
                 .replaceAll("\\s", "");
 
         byte[] decoded = Base64.getDecoder().decode(publicKeyInPem);
@@ -21,22 +28,32 @@ public AsymEncryption(String publicKeyInPem) throws Exception {
         this.publicKey = kf.generatePublic(spec);
     }
 
+    /**
+     * <p>encrypt.</p>
+     *
+     * @param data the data to encrypt
+     * @return the encrypted data
+     */
     public byte[] encrypt(byte[] data) throws Exception {
         if (this.publicKey == null) {
             throw new Exception("Failed to encrypt, public key is empty");
         }
 
-        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
+        Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
         cipher.init(Cipher.ENCRYPT_MODE, this.publicKey);
         return cipher.doFinal(data);
     }
 
+    /**
+     * <p>publicKeyInPemFormat.</p>
+     * @return the public key in PEM format
+     */
     public String publicKeyInPemFormat() throws Exception {
         if (this.publicKey == null) {
             throw new Exception("Failed to generate PEM formatted public key");
         }
 
         String publicKeyPem = Base64.getEncoder().encodeToString(this.publicKey.getEncoded());
-        return "-----BEGIN PUBLIC KEY-----\n" + publicKeyPem + "\n-----END PUBLIC KEY-----\n";
+        return PUBLIC_KEY_HEADER + '\n' + publicKeyPem + '\n' + PUBLIC_KEY_FOOTER + '\n';
     }
 }
