Class AesResultEncryptor

java.lang.Object
cloud.opencode.base.web.crypto.AbstractResultEncryptor
cloud.opencode.base.web.crypto.AesResultEncryptor
All Implemented Interfaces:
ResultEncryptor
public class AesResultEncryptor extends AbstractResultEncryptor
AES Result Encryptor AES响应加密器

AES-GCM encryption with HMAC-SHA256 signature for result data.

使用AES-GCM加密和HMAC-SHA256签名保护响应数据。

Security | 安全性:

  • Encryption: AES-256-GCM (via opencode-base-crypto) - 加密: AES-256-GCM
  • Signature: HMAC-SHA256 (via opencode-base-crypto) - 签名: HMAC-SHA256
  • Key size: 256 bits - 密钥长度: 256位
  • Separate encryption and signing keys - 加密密钥与签名密钥独立派生

Features | 主要功能:

  • AES-256-GCM encryption for result data - AES-256-GCM响应数据加密
  • HMAC-SHA256 signature covering all plaintext fields - HMAC-SHA256签名覆盖所有明文字段
  • Signature verification before decryption - 解密前先验签
  • SHA-256 key derivation from string - 从字符串SHA-256密钥派生
  • Random key generation support - 随机密钥生成支持

Usage Examples | 使用示例:

AesResultEncryptor encryptor = new AesResultEncryptor("my-secret-key");
EncryptedResult encrypted = encryptor.encrypt(result);
Result<String> decrypted = encryptor.decrypt(encrypted, String.class);
Since:
JDK 25, opencode-base-web V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Constructor Details

    • AesResultEncryptor

      public AesResultEncryptor(byte[] key)
      Create AES encryptor with key 使用密钥创建AES加密器
      Parameters:
      key - the encryption key (32 bytes for AES-256) | 加密密钥(AES-256需要32字节)

    • AesResultEncryptor

      public AesResultEncryptor(String keyString)
      Create AES encryptor with key string 使用密钥字符串创建AES加密器
      Parameters:
      keyString - the key string (will be hashed to 32 bytes) | 密钥字符串(将被散列为32字节)

  • Method Details

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: ResultEncryptor
      Get the algorithm name 获取算法名称
      Returns:
      the algorithm name | 算法名称

    • doEncrypt

      protected byte[] doEncrypt(byte[] data) throws Exception
      Description copied from class: AbstractResultEncryptor
      Perform encryption 执行加密
      Specified by:
      doEncrypt in class AbstractResultEncryptor
      Parameters:
      data - the data to encrypt | 要加密的数据
      Returns:
      the encrypted data | 加密后的数据
      Throws:
      Exception - if encryption fails | 如果加密失败

    • doDecrypt

      protected byte[] doDecrypt(byte[] data) throws Exception
      Description copied from class: AbstractResultEncryptor
      Perform decryption 执行解密
      Specified by:
      doDecrypt in class AbstractResultEncryptor
      Parameters:
      data - the data to decrypt | 要解密的数据
      Returns:
      the decrypted data | 解密后的数据
      Throws:
      Exception - if decryption fails | 如果解密失败

    • doSign

      protected byte[] doSign(byte[] data) throws Exception
      Description copied from class: AbstractResultEncryptor
      Compute HMAC signature 计算HMAC签名
      Specified by:
      doSign in class AbstractResultEncryptor
      Parameters:
      data - the data to sign | 要签名的数据
      Returns:
      the HMAC signature bytes | HMAC签名字节
      Throws:
      Exception - if signing fails | 如果签名失败

    • withRandomKey

      public static AesResultEncryptor.KeyAndEncryptor withRandomKey()
      Create encryptor with random key 使用随机密钥创建加密器
      Returns:
      the encryptor and generated key | 加密器和生成的密钥