JCEEncryption.java revision 9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: JCEEncryption.java,v 1.3 2008/10/20 17:24:43 beomsuk Exp $
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden * Portions Copyrighted 2010-2014 ForgeRock AS
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Maddenimport org.forgerock.openam.utils.CipherProvider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This class provides encryption and decryption facility for the SDK based on
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * the existence of a JCE provider in the runtime. Unlike
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code>JSSEncryption</code>, this class can only handle a fixed algorithm
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * for key generation and encryption which is <code>PBEWithMD5AndDES</code>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Since different JCE providers such as IAIK use slightly different names for
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * this algorithm, this class provides the facility to over-ride this hardcoded
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * value by setting the system properties for each of these algorithms. The
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * property name for specifying the key generation algorithm is
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code>amKeyGenDescriptor</code> and that for specifying encryption
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithm is <code>amCryptoDescriptor</code>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <b>NOTE:</b> The facility of overriding key generation and encryption
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithms must be used very carefully. In particular, this facility is not
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * meant to force the use of an algorithm different from the specified default
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithm <code>PBEWithMD5AndDES</code> since that will result in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * incompatibility between the <code>JSSEncryption</code> if it is being used
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * by any peer entity such as agent or server. This would not be a problem if
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * all entities in the network were configured to use this encryption provider
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * and all had the same implementation of the specified algorithms available.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class JCEEncryption implements AMEncryption, ConfigurableKey {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CRYPTO_DESCRIPTOR_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "amCryptoDescriptor";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CRYPTO_DESCRIPTOR_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "PBEWithMD5AndDES";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CRYPTO_DESCRIPTOR_PROVIDER;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CRYPTO_DESCRIPTOR_PROVIDER_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "amCryptoDescriptor.provider";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String CRYPTO_DESCRIPTOR_PROVIDER_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String KEYGEN_ALGORITHM_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "amKeyGenDescriptor";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String KEYGEN_ALGORITHM_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "PBEWithMD5AndDES";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String KEYGEN_ALGORITHM_PROVIDER;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String KEYGEN_ALGORITHM_PROVIDER_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "amKeyGenDescriptor.provider";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final String KEYGEN_ALGORITHM_PROVIDER_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final int DEFAULT_KEYGEN_ALG_INDEX = 2;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final int DEFAULT_ENC_ALG_INDEX = 2;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster CRYPTO_DESCRIPTOR = System.getProperty(CRYPTO_DESCRIPTOR_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster KEYGEN_ALGORITHM = System.getProperty(KEYGEN_ALGORITHM_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster CRYPTO_DESCRIPTOR_PROVIDER = System.getProperty(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster KEYGEN_ALGORITHM_PROVIDER = System.getProperty(
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private static final String CRYPTO_CACHE_SIZE_PROPERTY_NAME = "amCryptoCacheSize";
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private static final int DEFAULT_CACHE_SIZE = 500;
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private static final int CACHE_SIZE = Integer.getInteger(CRYPTO_CACHE_SIZE_PROPERTY_NAME, DEFAULT_CACHE_SIZE);
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden * Stores a per-thread copy of the underlying cipher, fetched from the standard {@link Cipher} implementation,
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden * preferring the Sun JCE provider if available.
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden private static final CipherProvider cipherProvider = Providers.cipherProvider(CRYPTO_DESCRIPTOR, CRYPTO_DESCRIPTOR_PROVIDER, CACHE_SIZE);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param clearText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param encText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param clearText
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private byte[] pbeEncrypt(final byte[] clearText) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster if (clearText == null || clearText.length == 0) {
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden final Cipher pbeCipher = cipherProvider.getCipher();
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParameterSpec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption: Failed to obtain Cipher");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption:: failed to encrypt data", ex);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption:: not yet initialized");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param type
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param share
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static byte[] addPrefix(byte type[], byte iv[], byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param cipherText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption:: Unsupported version: "
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden final Cipher pbeCipher = cipherProvider.getCipher();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption: Failed to obtain Cipher");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption:: failed to decrypt data", ex);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster debug.error("JCEEncryption:: not yet initialized");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @param share
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Sets password-based key to use
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public void setPassword(String password) throws Exception {
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden pbeKey = SecretKeyFactory.getInstance(KEYGEN_ALGORITHM, KEYGEN_ALGORITHM_PROVIDER)
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden .generateSecret(new PBEKeySpec(password.toCharArray()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private static final byte[] ___y = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private volatile boolean _initialized = false;
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden private static final PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(