/*
  Name:         PBECrypt.java
  Licensing:    LGPL

  API:          Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
  Provider:     Bouncy Castle (http://www.bouncycastle.org)

  Disclaimer:

  COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
  EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
  IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
  RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
  PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
  ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
  CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
  HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
*/

package net.sourceforge.jcetaglib.lib;

import net.sourceforge.jcetaglib.exceptions.CryptoException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

import javax.crypto.*;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.io.*;
import java.security.SecureRandom;
import java.security.Security;

/**
 * PBE (Password-based) encryption & decryption routines for use with BouncyCastle JCE provider
 *
 * @author Gert Van Ham
 * @author hamgert@users.sourceforge.net
 * @author http://jcetaglib.sourceforge.net
 * @version $Id: PBECrypt.java,v 1.3 2004/04/15 07:28:25 hamgert Exp $
 */
public class PBECrypt {
    // iteration count for PBE encryption
    private static int PBE_COUNT = 20;

    // buffersizes in bytes
    private static int BUFFERSIZE_TEXT = 64;
    private static int BUFFERSIZE_FILE = 8192;

    /**
     * Encrypts a string with PBE and returns the ciphered text in BASE64 format.
     *
     * @param text the text to encrypt
     * @param passphrase password or passphrase
     * @param algorithm encryption algorithm (e.g. "PBEWithSHAAndIDEA-CBC")
     * @return the cipherstring in BASE64 format
     * @exception net.sourceforge.jcetaglib.exceptions.CryptoException for all encryption errors
     **/
    public static StringBuffer encrypt(StringBuffer text
                                       , StringBuffer passphrase
                                       , String algorithm) throws CryptoException {

        return encrypt(text, passphrase, null, algorithm);
    }

    /**
     * Encrypts a string with PBE and returns the ciphered text in BASE64 format.
     *
     * @param text the text to encrypt
     * @param passphrase password or passphrase
     * @param seed the seed for SecureRandom
     * @param algorithm encryption algorithm (e.g. "PBEWithSHAAndIDEA-CBC")
     * @return the cipherstring in BASE64 format
     * @exception net.sourceforge.jcetaglib.exceptions.CryptoException for all encryption errors
     **/
    public static StringBuffer encrypt(StringBuffer text
                                       , StringBuffer passphrase
                                       , byte[] seed
                                       , String algorithm) throws CryptoException {

        ByteArrayOutputStream bao = null;
        DataOutputStream dao = null;

        try {
            bao = new ByteArrayOutputStream();
            dao = new DataOutputStream(bao);

            // encrypt text
            encrypt(new ByteArrayInputStream(text.toString().getBytes()), dao, seed, passphrase, algorithm, BUFFERSIZE_TEXT);
            return new StringBuffer(new String(Base64.encode(bao.toByteArray())));
        } catch (IOException ioe) {
            ioe.printStackTrace();
            throw new CryptoException(ioe.getMessage());
        } finally {
            if (dao != null) {
                // close outputstream
                try {
                    dao.close();
                } catch (IOException e) {
                    ;
                }
            }
        }
    }

    /**
     * Encrypts any inputstream with PBE (password-based encryption)
     *
     * @param is any inputstream
     * @param daos ciphered outputstream
     * @param seed seed for SecureRandom (optional)
     * @param passphrase the password or passphrase
     * @param algorithm encryption algorithm (e.g. "PBEWithSHAAndIDEA-CBC")
     * @param bufferlength buffer length in bytes
     * @exception net.sourceforge.jcetaglib.exceptions.CryptoException for all errors
     **/
    public static void encrypt(InputStream is
                               , DataOutputStream daos
                               , byte[] seed
                               , StringBuffer passphrase
                               , String algorithm
                               , int bufferlength)
            throws CryptoException, IOException {

        CipherOutputStream cStr = null;
        PBEKeySpec pbeKeySpec;
        PBEParameterSpec pbeParamSpec;
        SecretKeyFactory keyFac;
        SecretKey pbeKey;
        Cipher pbeCipher;

        try {
            // Add Bouncy Castle provider
            Security.addProvider(new BouncyCastleProvider());

            // Create a random salt of 64 bits (8 bytes)
            byte[] randomsalt = new byte[8];
            SecureRandom sr = Seed.getSecureRandom(seed);
            sr.nextBytes(randomsalt);

            // Create PBE parameter set
            pbeParamSpec = new PBEParameterSpec(randomsalt, PBE_COUNT);

            pbeKeySpec = new PBEKeySpec(passphrase.toString().toCharArray());
            keyFac = SecretKeyFactory.getInstance(algorithm);
            pbeKey = keyFac.generateSecret(pbeKeySpec);

            // Create PBE Cipher
            pbeCipher = Cipher.getInstance(algorithm);

            // Initialize PBE Cipher with key and parameters
            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

            // Create CipherOutputStream using PBE cipher
            cStr = new CipherOutputStream(daos, pbeCipher);

            // first, write the salt to the file (8 bytes or 64 bits)
            daos.write(randomsalt);

            // Read input bytes into buffer and run them through the cipher stream
            byte[] buffer = new byte[bufferlength];
            int length = 0;
            while ((length = is.read(buffer)) != -1) {
                cStr.write(buffer, 0, length);
            }
        } catch (IOException ioe) {
            ioe.printStackTrace();
            throw new IOException(ioe.getMessage());
        } catch (Exception ex) {
            ex.printStackTrace();
            throw new CryptoException(ex.getMessage());
        } finally {
            if (cStr != null) {
                try {
                    cStr.close();
                } catch (IOException ioe) {
                    ;
                }
            }
        }
    }

    /**
     * Encrypts a file with PBE and creates a new file with the result.
     *
     * @param file the file to encrypt
     * @param file the encrypted file
     * @param passphrase password or passphrase
     * @param algorithm encryption algorithm (e.g. "PBEWithSHAAndIDEA-CBC")
     * @exception IOException I/O errors
     * @exception net.sourceforge.jcetaglib.exceptions.CryptoException for all encryption errors
     **/
    public static void encryptFile(String file
                                   , String newfile
                                   , StringBuffer passphrase
                                   , String algorithm) throws CryptoException, IOException {
        encryptFile(file, newfile, passphrase, null, algorithm);
    }

    /**
     * Encrypts a file with PBE and creates a new file with the result.
     *
     * @param file the file to encrypt
     * @param newfile the encrypted file
     * @param passphrase password or passphrase
     * @param seed the seed for SecureRandom
     * @param algorithm encryption algorithm (e.g. "PBEWithSHAAndIDEA-CBC")
     * @exception IOException I/O errors
     * @exception net.sourceforge.jcetaglib.exceptions.CryptoException for all encryption errors