Adding missing new classes

Author: marcos-albornoz

src/main/java/com/venafi/vcert/sdk/connectors/cloud/SealedBoxUtility.java

@@ -0,0 +1,96 @@
+/**
+ * 
+ */
+package com.venafi.vcert.sdk.connectors.cloud;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import org.bouncycastle.crypto.digests.Blake2bDigest;
+
+import com.iwebpp.crypto.TweetNaclFast;
+
+
+/**
+ * The following utility is based on the SealBoxUtility code shared in the stackoverflow question
+ * <a href="https://stackoverflow.com/questions/42456624/how-can-i-create-or-open-a-libsodium-compatible-sealed-box-in-pure-java">
+ * How can I create or open a libsodium compatible sealed box in pure Java</a>.
+ * <br/>
+ * The main difference is on this version is being used the <a href="https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/digests/Blake2bDigest.java">
+ *  org.bouncycastle.crypto.digests.Blake2bDigest</a> from <a href="https://github.com/bcgit/bc-java">The Bouncy Castle Crypto Package For Java</a> 
+ *  instead of <a href="https://github.com/alphazero/Blake2b">Blake2b</a> to get the Blake2b hash.
+ * <br/><br/>
+ * 
+ * Has also a dependency on TweetNaclFast from <a href="https://github.com/InstantWebP2P/tweetnacl-java">https://github.com/InstantWebP2P/tweetnacl-java</a>.
+ * 
+ * 
+ */
+public class SealedBoxUtility {
+
+
+	public static final int crypto_box_NONCEBYTES = 24;
+	//public static final int crypto_box_PUBLICKEYBYTES = 32;
+	//public static final int crypto_box_MACBYTES = 16;
+	//public static final int crypto_box_SEALBYTES = (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES);
+
+	//  libsodium
+	//  int crypto_box_seal(unsigned char *c, const unsigned char *m,
+	//            unsigned long long mlen, const unsigned char *pk);
+	/**
+	 * Encrypt in  a sealed box
+	 *
+	 * @param receiverPubKey receiver public key
+	 * @param clearText clear text
+	 * @return encrypted message
+	 * @throws GeneralSecurityException 
+	 */
+	public static byte[] crypto_box_seal(byte[] receiverPubKey, byte[] clearText) throws GeneralSecurityException {
+
+		// create ephemeral keypair for sender
+		TweetNaclFast.Box.KeyPair ephkeypair = TweetNaclFast.Box.keyPair();
+		// create nonce
+		byte[] nonce = crypto_box_seal_nonce(ephkeypair.getPublicKey(), receiverPubKey);
+		TweetNaclFast.Box box = new TweetNaclFast.Box(receiverPubKey, ephkeypair.getSecretKey());
+		byte[] ciphertext = box.box(clearText, nonce);
+		if (ciphertext == null) 
+			throw new GeneralSecurityException("Could not create the crypto box");
+		
+		byte[] sealedbox = null;
+		try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
+			byteArrayOutputStream.write(ephkeypair.getPublicKey());
+			byteArrayOutputStream.write(ciphertext);
+			sealedbox = byteArrayOutputStream.toByteArray();
+		} catch (IOException e) {
+			throw new GeneralSecurityException("Could not create the sealed crypto box", e);
+		}
+		return sealedbox;
+	}
+
+	/**
+	 *  hash the combination of senderpk + mypk into nonce using blake2b hash
+	 * @param senderpk the senders public key
+	 * @param mypk my own public key
+	 * @return the nonce computed using Blake2b generic hash
+	 */
+	public static byte[] crypto_box_seal_nonce(byte[] senderpk, byte[] mypk){
+		// C source ported from libsodium
+		//      crypto_generichash_state st;
+		//
+		//      crypto_generichash_init(&st, NULL, 0U, crypto_box_NONCEBYTES);
+		//      crypto_generichash_update(&st, pk1, crypto_box_PUBLICKEYBYTES);
+		//      crypto_generichash_update(&st, pk2, crypto_box_PUBLICKEYBYTES);
+		//      crypto_generichash_final(&st, nonce, crypto_box_NONCEBYTES);
+		//
+		//      return 0;
+		//final org.bouncycastle.jcajce.provider.digest.Blake2b blake2b = Blake2b.Digest.newInstance( crypto_box_NONCEBYTES ); 
+		final Blake2bDigest blake2b = new Blake2bDigest( crypto_box_NONCEBYTES*8 ); 
+		blake2b.update(senderpk, 0, senderpk.length);
+		blake2b.update(mypk, 0, mypk.length);
+		byte[] nonce = new byte[crypto_box_NONCEBYTES];
+		blake2b.doFinal(nonce, 0);
+		if (nonce == null || nonce.length!=crypto_box_NONCEBYTES) throw new IllegalArgumentException("Blake2b hashing failed");
+		return nonce;
+	}
+
+}

src/main/java/com/venafi/vcert/sdk/connectors/cloud/domain/EdgeEncryptionKey.java

@@ -0,0 +1,14 @@
+package com.venafi.vcert.sdk.connectors.cloud.domain;
+
+import java.time.OffsetDateTime;
+import lombok.Data;
+
+@Data
+public class EdgeEncryptionKey {
+
+  private String id;
+  private String companyId;
+  private String key;
+  private String keyAlgorithm;
+  private OffsetDateTime lastBackupDate;
+}

src/main/java/com/venafi/vcert/sdk/connectors/cloud/endpoint/KeystoreRequest.java

@@ -0,0 +1,11 @@
+package com.venafi.vcert.sdk.connectors.cloud.endpoint;
+
+import lombok.Data;
+
+@Data
+public class KeystoreRequest {
+	private String exportFormat;
+	private String encryptedPrivateKeyPassphrase;
+	private String encryptedKeystorePassphrase;
+	private String certificateLabel;
+}