From 464d43194b8f8dd31bc86a40c213a530778337e0 Mon Sep 17 00:00:00 2001
From: jendib <benjamin.gam@gmail.com>
Date: Mon, 19 Aug 2013 23:57:50 +0200
Subject: [PATCH] File encryption (in progress)

---
 docs-core/pom.xml                             |  5 ++
 .../com/sismics/docs/core/util/FileUtil.java  | 47 +++++++++++++++++++
 docs-parent/TODO                              |  1 +
 docs-parent/pom.xml                           |  7 +++
 .../docs/rest/resource/FileResource.java      |  1 +
 5 files changed, 61 insertions(+)

diff --git a/docs-core/pom.xml b/docs-core/pom.xml
index 3b6e8fc6..5777ab3f 100644
--- a/docs-core/pom.xml
+++ b/docs-core/pom.xml
@@ -122,6 +122,11 @@
       <artifactId>pdfbox</artifactId>
     </dependency>
     
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+    </dependency>
+    
     <!-- OCR dependencies -->
     <dependency>
       <groupId>jna</groupId>
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
index 3fc2e60d..9d19bb4c 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
@@ -3,11 +3,18 @@ package com.sismics.docs.core.util;
 import java.awt.image.BufferedImage;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.List;
 
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
 import javax.imageio.ImageIO;
 
 import net.sourceforge.tess4j.Tesseract;
@@ -21,6 +28,7 @@ import org.imgscalr.Scalr.Mode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.io.ByteStreams;
 import com.sismics.docs.core.model.jpa.Document;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.util.ImageUtil;
@@ -128,6 +136,8 @@ public class FileUtil {
      * @throws IOException
      */
     public static void save(InputStream is, File file) throws IOException {
+        // TODO Encrypt file and variations
+        
         Path path = Paths.get(DirectoryUtil.getStorageDirectory().getPath(), file.getId());
         Files.copy(is, path);
         
@@ -197,4 +207,41 @@ public class FileUtil {
             thumbnailFile.delete();
         }
     }
+    
+//    Security.insertProviderAt(new BouncyCastleProvider(), 1);
+//    String key = "pwd";
+//
+//    FileInputStream fis = new FileInputStream("plain.jpg");
+//    FileOutputStream fos = new FileOutputStream("encrypted.jpg");
+//    encrypt(key, fis, fos);
+//
+//    FileInputStream fis2 = new FileInputStream("encrypted.jpg");
+//    FileOutputStream fos2 = new FileOutputStream("decrypted.jpg");
+//    decrypt(key, fis2, fos2);
+    
+    public static void encrypt(String key, InputStream is, OutputStream os) throws Throwable {
+        encryptOrDecrypt(key, Cipher.ENCRYPT_MODE, is, os);
+    }
+
+    public static void decrypt(String key, InputStream is, OutputStream os) throws Throwable {
+        encryptOrDecrypt(key, Cipher.DECRYPT_MODE, is, os);
+    }
+
+    public static void encryptOrDecrypt(String key, int mode, InputStream is, OutputStream os) throws Throwable {
+
+        PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray(), "salt".getBytes(), 2000, 256);
+        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBEWITHSHA256AND256BITAES-CBC-BC");
+        SecretKey desKey = skf.generateSecret(keySpec);
+        Cipher cipher = Cipher.getInstance("AES/CTR/NOPADDING");
+
+        if (mode == Cipher.ENCRYPT_MODE) {
+            cipher.init(Cipher.ENCRYPT_MODE, desKey);
+            CipherInputStream cis = new CipherInputStream(is, cipher);
+            ByteStreams.copy(cis, os);
+        } else if (mode == Cipher.DECRYPT_MODE) {
+            cipher.init(Cipher.DECRYPT_MODE, desKey);
+            CipherOutputStream cos = new CipherOutputStream(os, cipher);
+            ByteStreams.copy(is, cos);
+        }
+    }
 }
diff --git a/docs-parent/TODO b/docs-parent/TODO
index e69de29b..ba6a21f9 100644
--- a/docs-parent/TODO
+++ b/docs-parent/TODO
@@ -0,0 +1 @@
+- Encrypt files stored on FS (server)
\ No newline at end of file
diff --git a/docs-parent/pom.xml b/docs-parent/pom.xml
index d8e29a15..0c651bd9 100644
--- a/docs-parent/pom.xml
+++ b/docs-parent/pom.xml
@@ -63,6 +63,7 @@
     <org.vafer.jdeb.version>1.0.1</org.vafer.jdeb.version>
     <com.samaxes.maven.minify-maven-plugin.version>1.7</com.samaxes.maven.minify-maven-plugin.version>
     <org.apache.pdfbox.pdfbox.version>1.8.2</org.apache.pdfbox.pdfbox.version>
+    <org.bouncycastle.bcprov-jdk15on.version>1.49</org.bouncycastle.bcprov-jdk15on.version>
   </properties>
   
   <scm>
@@ -443,6 +444,12 @@
         <version>${org.apache.pdfbox.pdfbox.version}</version>
       </dependency>
       
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk15on</artifactId>
+        <version>${org.bouncycastle.bcprov-jdk15on.version}</version>
+      </dependency>
+      
       <!-- OCR dependencies -->
       <dependency>
         <groupId>jna</groupId>
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
index 7d1258e9..6f14e925 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
@@ -304,6 +304,7 @@ public class FileResource extends BaseResource {
 
         
         // Get the stored file
+        // TODO Decrypt file
         java.io.File storedfile;
         String mimeType;
         if (size != null) {