diff --git a/encrypted-config-value-bundle/src/test/java/com/palantir/config/crypto/EncryptConfigValueCommandTest.java b/encrypted-config-value-bundle/src/test/java/com/palantir/config/crypto/EncryptConfigValueCommandTest.java index e51bc0ab..372fc1a9 100644 --- a/encrypted-config-value-bundle/src/test/java/com/palantir/config/crypto/EncryptConfigValueCommandTest.java +++ b/encrypted-config-value-bundle/src/test/java/com/palantir/config/crypto/EncryptConfigValueCommandTest.java @@ -69,7 +69,7 @@ private void weEncryptAndPrintAValue(Algorithm algorithm) throws Exception { String output = outContent.toString(CHARSET).trim(); EncryptedValue configValue = EncryptedValue.of(output); - KeyWithAlgorithm decryptionKey = keyPair.privateKey().orElse(keyPair.publicKey()); + KeyWithAlgorithm decryptionKey = keyPair.privateKey().or(keyPair.publicKey()); String decryptedValue = configValue.getDecryptedValue(decryptionKey); assertThat(decryptedValue, is(plaintext)); diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/Base64Utils.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/Base64Utils.java index 4c48070c..ba247973 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/Base64Utils.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/Base64Utils.java @@ -16,7 +16,7 @@ package com.palantir.config.crypto; -import java.util.Base64; +import com.google.common.io.BaseEncoding; public final class Base64Utils { @@ -32,9 +32,9 @@ public static void checkIsBase64(String value) { // there are various edge cases // the regexes people claim to work are actually incorrect // implementations also differ in quite how they handle left-over bits/padding - // since we use the java base64 decoder, we'll claim it's valid if we can decode it + // since we use the Guava base64 decoder, we'll claim it's valid if we can decode it try { - Base64.getDecoder().decode(value); + BaseEncoding.base64().decode(value); } catch (IllegalArgumentException e) { throw new IllegalArgumentException("value " + value + " is not valid base64", e); } diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java index d60f7865..682144d7 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java @@ -49,7 +49,7 @@ public final String getDecryptedValue() { try { KeyPair keyPair = KeyPair.fromDefaultPath(); // use private if we have it, else assume symmetric - KeyWithAlgorithm kwa = keyPair.privateKey().orElse(keyPair.publicKey()); + KeyWithAlgorithm kwa = keyPair.privateKey().or(keyPair.publicKey()); return getDecryptedValue(kwa); } catch (IOException e) { throw new RuntimeException("Was unable to read key", e); diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyPair.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyPair.java index d05fc5b0..96c0788f 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyPair.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyPair.java @@ -16,10 +16,10 @@ package com.palantir.config.crypto; +import com.google.common.base.Optional; import java.io.IOException; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.Optional; import org.immutables.value.Value; /** diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithAlgorithm.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithAlgorithm.java index 7d6c18ee..f7f0160c 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithAlgorithm.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithAlgorithm.java @@ -18,12 +18,12 @@ import static com.google.common.base.Preconditions.checkArgument; +import com.google.common.io.BaseEncoding; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.StandardOpenOption; -import java.util.Base64; import org.immutables.value.Value; @Value.Immutable @@ -35,8 +35,7 @@ public abstract class KeyWithAlgorithm { @Override public final String toString() { - byte[] encodedKey = Base64.getEncoder().encode(getKey()); - String encodedKeyString = new String(encodedKey, StandardCharsets.UTF_8); + String encodedKeyString = BaseEncoding.base64().encode(getKey()); return getAlgorithm() + ":" + encodedKeyString; } @@ -58,7 +57,7 @@ public static KeyWithAlgorithm fromString(String keyWithAlgorithm) { String[] tokens = keyWithAlgorithm.split(":", 2); Base64Utils.checkIsBase64(tokens[1]); - byte[] decodedKey = Base64.getDecoder().decode(tokens[1].getBytes(StandardCharsets.UTF_8)); + byte[] decodedKey = BaseEncoding.base64().decode(tokens[1]); return KeyWithAlgorithm.from(tokens[0], decodedKey); } diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/AesAlgorithm.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/AesAlgorithm.java index 52825b05..9aa79f0a 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/AesAlgorithm.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/AesAlgorithm.java @@ -17,6 +17,7 @@ import static com.google.common.base.Preconditions.checkArgument; +import com.google.common.io.BaseEncoding; import com.palantir.config.crypto.EncryptedValue; import com.palantir.config.crypto.KeyPair; import com.palantir.config.crypto.KeyWithAlgorithm; @@ -27,7 +28,6 @@ import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; @@ -73,7 +73,7 @@ public EncryptedValue get() throws Exception { outputStream.write(ivBytes); outputStream.write(encrypted); - String encryptedString = Base64.getEncoder().encodeToString(outputStream.toByteArray()); + String encryptedString = BaseEncoding.base64().encode(outputStream.toByteArray()); return EncryptedValue.fromEncryptedString(encryptedString); } @@ -92,7 +92,7 @@ public String get() throws Exception { Key secretKeySpec = getSecretKeySpec(kwa); String ciphertext = encryptedValue.encryptedValue(); - byte[] cipherBytes = Base64.getDecoder().decode(ciphertext); + byte[] cipherBytes = BaseEncoding.base64().decode(ciphertext); GCMParameterSpec gcmSpecWithIv = new GCMParameterSpec(GCM_AUTH_TAG_LENGTH, cipherBytes, 0, IV_LENGTH); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmSpecWithIv); diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/RsaAlgorithm.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/RsaAlgorithm.java index 9b1cd5df..708635d5 100644 --- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/RsaAlgorithm.java +++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/RsaAlgorithm.java @@ -18,6 +18,7 @@ import static com.google.common.base.Preconditions.checkArgument; +import com.google.common.io.BaseEncoding; import com.palantir.config.crypto.EncryptedValue; import com.palantir.config.crypto.KeyPair; import com.palantir.config.crypto.KeyWithAlgorithm; @@ -33,7 +34,6 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; -import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; @@ -61,7 +61,7 @@ public EncryptedValue get() throws Exception { cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] encrypted = cipher.doFinal(plaintext.getBytes(charset)); - String encryptedString = Base64.getEncoder().encodeToString(encrypted); + String encryptedString = BaseEncoding.base64().encode(encrypted); return EncryptedValue.fromEncryptedString(encryptedString); } }); @@ -79,7 +79,7 @@ public String get() throws Exception { PrivateKey privateKey = generatePrivateKey(kwa); String ciphertext = encryptedValue.encryptedValue(); - byte[] cipherBytes = Base64.getDecoder().decode(ciphertext); + byte[] cipherBytes = BaseEncoding.base64().decode(ciphertext); cipher.init(Cipher.DECRYPT_MODE, privateKey); diff --git a/encrypted-config-value/src/test/java/com/palantir/config/crypto/AlgorithmTest.java b/encrypted-config-value/src/test/java/com/palantir/config/crypto/AlgorithmTest.java index d384440e..67c99321 100644 --- a/encrypted-config-value/src/test/java/com/palantir/config/crypto/AlgorithmTest.java +++ b/encrypted-config-value/src/test/java/com/palantir/config/crypto/AlgorithmTest.java @@ -20,13 +20,13 @@ import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertThat; +import com.google.common.base.Supplier; import com.google.common.collect.ImmutableList; import com.palantir.config.crypto.algorithm.AesAlgorithm; import com.palantir.config.crypto.algorithm.Algorithm; import com.palantir.config.crypto.algorithm.RsaAlgorithm; import java.security.NoSuchAlgorithmException; import java.util.Collection; -import java.util.function.Supplier; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; @@ -59,7 +59,7 @@ public void weCanEncryptAndDecrypt() throws NoSuchAlgorithmException { EncryptedValue encryptedValue = algorithm.getEncryptedValue(plaintext, keyPair.publicKey()); - KeyWithAlgorithm decryptionKey = keyPair.privateKey().orElse(keyPair.publicKey()); + KeyWithAlgorithm decryptionKey = keyPair.privateKey().or(keyPair.publicKey()); String decrypted = algorithm.getDecryptedString(encryptedValue, decryptionKey); assertThat(decrypted, is(plaintext)); @@ -79,7 +79,7 @@ public void theSameStringEncryptsToDifferentCiphertexts() throws NoSuchAlgorithm assertThat(encrypted1.encryptedValue(), is(not(encrypted2.encryptedValue()))); // we should naturally decrypt back to the same thing - the plaintext - KeyWithAlgorithm decryptionKey = keyPair.privateKey().orElse(keyPair.publicKey()); + KeyWithAlgorithm decryptionKey = keyPair.privateKey().or(keyPair.publicKey()); String decryptedString1 = algorithm.getDecryptedString(encrypted1, decryptionKey); String decryptedString2 = algorithm.getDecryptedString(encrypted2, decryptionKey); diff --git a/encrypted-config-value/src/test/java/com/palantir/config/crypto/EncryptedValueTest.java b/encrypted-config-value/src/test/java/com/palantir/config/crypto/EncryptedValueTest.java index 464a19db..20d80d8a 100644 --- a/encrypted-config-value/src/test/java/com/palantir/config/crypto/EncryptedValueTest.java +++ b/encrypted-config-value/src/test/java/com/palantir/config/crypto/EncryptedValueTest.java @@ -60,7 +60,7 @@ private void weCannotDecryptWithTheWrongKey(Algorithm algorithm) throws NoSuchAl EncryptedValue encryptedValue = algorithm.getEncryptedValue(plaintext, keyPair.publicKey()); - KeyWithAlgorithm decryptionKey = otherKeyPair.privateKey().orElse(otherKeyPair.publicKey()); + KeyWithAlgorithm decryptionKey = otherKeyPair.privateKey().or(otherKeyPair.publicKey()); encryptedValue.getDecryptedValue(decryptionKey); //throws } @@ -78,7 +78,7 @@ private void weCanDecryptAValue(Algorithm algorithm) { KeyPair keyPair = algorithm.generateKey(); EncryptedValue encryptedValue = algorithm.getEncryptedValue(plaintext, keyPair.publicKey()); - KeyWithAlgorithm decryptionKey = keyPair.privateKey().orElse(keyPair.publicKey()); + KeyWithAlgorithm decryptionKey = keyPair.privateKey().or(keyPair.publicKey()); String decryptedValue = encryptedValue.getDecryptedValue(decryptionKey); assertThat(decryptedValue, is(plaintext));