prov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

package org.bouncycastle.jcajce.io;

import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;

import org.bouncycastle.crypto.io.InvalidCipherTextIOException;

/**
 * A CipherOutputStream is composed of an OutputStream and a cipher so that write() methods process
 * the written data with the cipher, and the output of the cipher is in turn written to the
 * underlying OutputStream. The cipher must be fully initialized before being used by a
 * CipherInputStream.
 * <p/>
 * For example, if the cipher is initialized for encryption, the CipherOutputStream will encrypt the
 * data before writing the encrypted data to the underlying stream.
 * <p/>
 * This is a reimplementation of {@link javax.crypto.CipherOutputStream} that is safe for use with
 * AEAD block ciphers, and does not silently catch {@link BadPaddingException} and
 * {@link IllegalBlockSizeException} errors. Any errors that occur during {@link Cipher#doFinal()
 * finalisation} are rethrown wrapped in an {@link InvalidCipherTextIOException}.
 */
public class CipherOutputStream
    extends FilterOutputStream
{
    private final Cipher cipher;
    private final byte[] oneByte = new byte[1];

    /**
     * Constructs a CipherOutputStream from an OutputStream and a Cipher.
     */
    public CipherOutputStream(OutputStream output, Cipher cipher)
    {
        super(output);
        this.cipher = cipher;
    }

    /**
     * Writes the specified byte to this output stream.
     *
     * @param b the <code>byte</code>.
     * @throws java.io.IOException if an I/O error occurs.
     */
    public void write(int b)
        throws IOException
    {
        oneByte[0] = (byte)b;
        write(oneByte, 0, 1);
    }

    /**
     * Writes <code>len</code> bytes from the specified byte array starting at offset
     * <code>off</code> to this output stream.
     *
     * @param b   the data.
     * @param off the start offset in the data.
     * @param len the number of bytes to write.
     * @throws java.io.IOException if an I/O error occurs.
     */
    public void write(byte[] b, int off, int len)
        throws IOException
    {
        byte[] outData = cipher.update(b, off, len);
        if (outData != null)
        {
            out.write(outData);
        }
    }

    /**
     * Flushes this output stream by forcing any buffered output bytes that have already been
     * processed by the encapsulated cipher object to be written out.
     * <p/>
     * <p/>
     * Any bytes buffered by the encapsulated cipher and waiting to be processed by it will not be
     * written out. For example, if the encapsulated cipher is a block cipher, and the total number
     * of bytes written using one of the <code>write</code> methods is less than the cipher's block
     * size, no bytes will be written out.
     *
     * @throws java.io.IOException if an I/O error occurs.
     */
    public void flush()
        throws IOException
    {
        out.flush();
    }

    /**
     * Closes this output stream and releases any system resources associated with this stream.
     * <p/>
     * This method invokes the <code>doFinal</code> method of the encapsulated cipher object, which
     * causes any bytes buffered by the encapsulated cipher to be processed. The result is written
     * out by calling the <code>flush</code> method of this output stream.
     * <p/>
     * This method resets the encapsulated cipher object to its initial state and calls the
     * <code>close</code> method of the underlying output stream.
     *
     * @throws java.io.IOException if an I/O error occurs.
     * @throws InvalidCipherTextIOException if the data written to this stream was invalid
     * ciphertext (e.g. the cipher is an AEAD cipher and the ciphertext tag check
     * fails).
     */
    public void close()
        throws IOException
    {
        IOException error = null;
        try
        {
            byte[] outData = cipher.doFinal();
            if (outData != null)
            {
                out.write(outData);
            }
        }
        catch (GeneralSecurityException e)
        {
            error = new InvalidCipherTextIOException("Error during cipher finalisation", e);
        }
        catch (Exception e)
        {
            error = new IOException("Error closing stream: " + e);
        }
        try
        {
            flush();
            out.close();
        }
        catch (IOException e)
        {
            // Invalid ciphertext takes precedence over close error
            if (error == null)
            {
                error = e;
            }
        }
        if (error != null)
        {
            throw error;
        }
    }

}