There are some WebAPI endpoints that require passing a password as an encoded and encrypted HTTP header value for the purpose of presenting a login to the endpoint container.
There are plenty of examples of how to do this across the internet in all the usual places, but here is one that RiDP uses for exercising endpoints when researching issues:
/* No package */
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* A simple AES-128 encryption class.
*
* This code is provided as-is for your convenience. No guarantee of fitness
* or suitablility for any purpose is stated or implied.
*/
public class Crypt {
public static byte[] encrypt(final byte[] key, final byte[] IV, final byte[] message)
throws Exception {
return Crypt.encryptDecrypt(Cipher.ENCRYPT_MODE, key, IV, message);
}
public static byte[] decrypt(final byte[] key, final byte[] IV, final byte[] message)
throws Exception {
return Crypt.encryptDecrypt(Cipher.DECRYPT_MODE, key, IV, message);
}
private static byte[] encryptDecrypt(final int mode, final byte[] key, final byte[] IV,
final byte[] message) throws Exception {
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
final IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(mode, keySpec, ivSpec);
return cipher.doFinal(message);
}
/**
* Test wrapper that uses the fixed key and IV as documented in the RICOH
* SmartSDK Developer's Guide.
*/
public static void main(String... args) throws Exception {
final byte[] key = {
0x66, 0x63, 0x32, 0x6d, 0x39, 0x30, 0x61, 0x66, 0x6a, 0x64,
0x6b, 0x6c, 0x37, 0x64, 0x39, 0x73
};
// Key is identical to IV.
final byte[] iv = key;
// Determine the message we want to encode.
String message;
if (args != null && args.length > 1) {
message = args[0];
} else {
message = "Test message";
}
System.out.println("Plaintext message to encrypt: " + message);
// Encrypt the message, and display the Base64 encoded version.
byte[] cipherText = encrypt(key, iv, message.getBytes());
System.out.println("Encrypted, Base64 text of message: " +
Base64.getEncoder().encodeToString(cipherText));
// Decrypt the encrypted message showing symmetric encryption worked.
byte[] plainText = decrypt(key, iv, cipherText);
System.out.println("Decrypted message: " +
new String(plainText, StandardCharsets.UTF_8));
}
}
This should output the following to the console when compiled and run with a single argument of "Password123":
Plaintext message to encrypt: Password123
Encrypted, Base64 text of message: OpHIO+6i7pjNEo9CtGcshQ==
Decrypted message: Password123
This could be used in a WebAPI HTTP request that required a special password header thusly (assuming these credentials were for the "admin" user):
X-SOP-Authorization:admin:OpHIO+6i7pjNEo9CtGcshQ==