services/util/JSSEncryption.java

5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * opensso/legal/CDDLv1.0.txt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * at opensso/legal/CDDLv1.0.txt.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: JSSEncryption.java,v 1.3 2009/01/23 22:16:26 beomsuk Exp $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpackage com.iplanet.services.util;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.io.File;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.io.FileInputStream;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.io.InputStreamReader;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.io.BufferedReader;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.security.Provider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.security.Security;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.util.Enumeration;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.CryptoManager;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.CryptoToken;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.SymmetricKey;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.IVParameterSpec;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.PBEAlgorithm;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.KeyGenerator;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.PBEKeyGenParams;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.EncryptionAlgorithm;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.crypto.Cipher;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.mozilla.jss.util.Password;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.iplanet.am.util.JSSInit;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.sun.identity.shared.debug.Debug;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This class uses JSS symmetric algorithm for string encryption/decryption.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The encrypted string contains BASE64 Characters as specified
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * in RFC1521.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The format of the encoded byte before BASE64 encoding is
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    byte[0] = crypt version number. This version is 1.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    byte[1]=keyGenAlg
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    bype[2]=EncrytionAlg
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    byte[3-10]=IV for encryption/decryption
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    The rest is the encoded bytes.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * subnote:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This is initially intended to replace SessionID
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * encryption/decryption (xor). And is pulled to the DAI space at the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * last minutes. Since the requirement and restrictions are different,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * It needs adjustment later.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * for furtue "enhancement" (adopted form the old Password.java):
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 1. Use an array of pins to be randomly picked. Add the index as a
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    prefix of the encrypted string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Aravindan's thought:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 1. From the password, generate the key multiple times, put the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    number of times as a prefix of the encrypted string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 2. Random generated a pwd and build a key from it. Put the pwd
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    encrypted somehow as a prefix of the encrypted string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 3. put pwd in a class and embeded in a jar file, so that it's not
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    in "plain text", somewhat.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    The class can be replaced at installation time by taking a
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    pwd from user and dynamically created and replaced in the jar.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    (mzhao: And it should be able to be replaced by customer
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    periodically. However if it's used for password encryption. The
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    encrypted version of pwds should be changed simultaneously.)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * mzhao thought:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 1. There is known problem in this framework that we need to store
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    the password securely in some way. Hardcoding it is not considered
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    secure, putting it in a file is not either.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 2. Client Auth can be used for web based SSO.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Borrowed from CMS:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 1. A storage cert can be created to encrypt/decrypt the pwd.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 2. A password cache can be used to store all passwords, such as
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    puser, daiuser, amadmin password, and ssl password. A SSO
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    password is used to encryt them. When server restarts, this SSO
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *    password must be asked.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * 3. A watchdog may be needed to auto restart the server.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @author mzhao
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @version $Revision: 1.3 $, $Date: 2009/01/23 22:16:26 $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster **/
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class JSSEncryption implements AMEncryption, ConfigurableKey {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final byte VERSION = 1;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static String DEFAULT_KEYGEN_ALG = "PBE_MD5_DES_CBC";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static String DEFAULT_ENCYPTION_ALG = "DES_CBC_PAD";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static Debug debug = Debug.getInstance("amJSS");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    static String method = "JSSEncryption.initialize";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    static {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        JSSInit.initialize();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            CryptoManager cm = CryptoManager.getInstance();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            /* if FIPS is enabled, configure only FIPS ciphersuites */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (cm.FIPSEnabled()) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                DEFAULT_KEYGEN_ALG = "PBE_SHA1_DES3_CBC";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                DEFAULT_ENCYPTION_ALG = "DES3_CBC_PAD";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } catch (Exception e) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("Crypt: Initialize JSS ", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String[] KEYGEN_ALGS = {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_DES3_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_MD2_DES_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_MD5_DES_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_DES_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_RC2_128_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_RC2_40_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_RC4_128",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBE_SHA1_RC4_40"};
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static int NUM_KEYGEN_ALG = KEYGEN_ALGS.length;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String[] ENCRYPTION_ALGS = {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES3_CBC_PAD",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES_CBC_PAD",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES_ECB",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES3_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "DES3_ECB",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "RC2_CBC",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "RC4"};
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static int NUM_ENCRYPTION_ALG = ENCRYPTION_ALGS.length;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private SymmetricKey sKeys[] = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private IVParameterSpec ivParamSpecs[] = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static CryptoToken mToken = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    static {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            mToken = findToken();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } catch (CryptoManager.NotInitializedException ex) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                JSSInit.initialize();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                mToken = findToken();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            } catch (Exception e) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error("Crypt: Initialize JSS ", e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Default constructor
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    JSSEncryption() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static CryptoToken findToken()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        throws CryptoManager.NotInitializedException {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        // This crypto token has to support encryption algorithm
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        // and all the key generation algorithms in KEYGEN_ALGS.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        // CryptoManager returns "Internal Key Storage Token" at least.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        CryptoToken token = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        CryptoManager cm = CryptoManager.getInstance();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        Enumeration e = cm.getTokensSupportingAlgorithm(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        getEncryptionAlg(DEFAULT_ENCYPTION_ALG));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        while (e.hasMoreElements()) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           CryptoToken tok = (CryptoToken) e.nextElement();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           boolean foundToken = true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           for (int i = 0; i<NUM_KEYGEN_ALG; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster              if (!tok.doesAlgorithm(getKeyGenAlg(KEYGEN_ALGS[i]))) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                 foundToken = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                 break;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster              }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           if (foundToken) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster              return tok;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster           }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Sets password-based key to use
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public void setPassword(String password) throws Exception {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        initSymmetricKeysAndInitializationVectors(password);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private void initSymmetricKeysAndInitializationVectors(String password) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        sKeys = new SymmetricKey[NUM_KEYGEN_ALG];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        ivParamSpecs = new IVParameterSpec[NUM_KEYGEN_ALG];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte salt[] = {0x01, 0x01, 0x01, 0x01, 0x01,0x01, 0x01, 0x01};
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        Password pass = new Password(password.toCharArray());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i=0; i<NUM_KEYGEN_ALG; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                PBEAlgorithm keyAlg = getKeyGenAlg(KEYGEN_ALGS[i]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                KeyGenerator kg = mToken.getKeyGenerator(keyAlg);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                PBEKeyGenParams kgp = new PBEKeyGenParams(pass, salt, 5);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                kg.initialize(kgp);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                sKeys[i] = kg.generate();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                ivParamSpecs[i] = new IVParameterSpec(kg.generatePBE_IV());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug.messageEnabled()) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.message("Created symKey successfully : " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                            KEYGEN_ALGS[i]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            } catch (Exception e) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("Failed creating symKey : " + KEYGEN_ALGS[i], e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        pass.clear();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private SymmetricKey getSymmetricKey(int type) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (type >= 0 && type < NUM_KEYGEN_ALG)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return sKeys[type];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        else
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private IVParameterSpec getIVParameterSpec(int type) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster         if (type >= 0 && type < NUM_KEYGEN_ALG)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster             return ivParamSpecs[type];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster         else
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster             return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * <p>Encrypt a String.</p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param clearText The string to be encoded.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @return The encoded string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public byte[] encrypt(byte[] clearText){
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return encode(clearText);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * <p>Decrypt a String.</p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param encoded The string to be decoded.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @return The decoded string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public byte[] decrypt(byte[] encoded){
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return decode(encoded);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * <p>Encrypt a String.</p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param clearText The string to be encoded.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @return The encoded string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private byte[] encode(byte[] clearText){
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (clearText == null || clearText.length == 0)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte type[] = new byte[2];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            String encAlgString = DEFAULT_ENCYPTION_ALG;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            EncryptionAlgorithm encAlg = getEncryptionAlg(encAlgString);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            int i = getEncryptionByte(encAlgString);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            type[1] = (byte)i;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            Cipher cipher = mToken.getCipherContext(encAlg);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            String keyA = DEFAULT_KEYGEN_ALG;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            i = getKeyGenByte(keyA);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            type[0] = (byte)i;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            SymmetricKey sk = getSymmetricKey(i);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            // bug in JSS: msg in stdout.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            //secureRandom.nextBytes(iv);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            IVParameterSpec ivSpec = getIVParameterSpec(i);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte iv[] = ivSpec.getIV();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            cipher.initEncrypt(sk, ivSpec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte enc[] = cipher.doFinal(clearText);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            enc = addPrefix(type, iv, enc);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return (enc);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } catch (Throwable e) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("in encode string " + e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Decode an encoded string
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param encoded The encoded string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @return The decoded string.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     **/
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private byte[] decode(byte[] encoded) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (encoded == null || encoded.length == 0) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte share[] = encoded;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (share[0] != VERSION) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        "In decode string: unsupported version:"+share[0]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            // get the alg from the string
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte type[] = getType(share);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            // get the encrypted data
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            share = getRaw(share);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if ((int)type[1] < 0 && (int)type[1] >= NUM_ENCRYPTION_ALG){
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error("In decode string: unsupported encryption bit:"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        + (int)type[1]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            EncryptionAlgorithm encAlg =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                getEncryptionAlg(ENCRYPTION_ALGS[(int)type[1]]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            Cipher cipher = mToken.getCipherContext(encAlg);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if ((int)type[0] < 0 && (int)type[0] >= NUM_KEYGEN_ALG){
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        "In decode string: unsupported keygen bit:"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        + (int)type[0]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            SymmetricKey sk = getSymmetricKey((int)type[0]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            IVParameterSpec ivSpec = getIVParameterSpec((int)type[0]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            cipher.initDecrypt(sk, ivSpec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            byte dec[] = cipher.doFinal(share);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (dec == null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("Failed to decode " + encoded);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return (dec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } catch (Throwable e) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("in decoding string " + encoded, e);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] addPrefix(byte type[], byte iv[], byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte data[] = new byte[share.length + 11];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[0] = VERSION;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[1] = type[0];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[2] = type[1];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < 8; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[3+i] = iv[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < share.length; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[11+i] = share[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return data;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] getType(byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte type[] = new byte[2];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        type[0] = share[1];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        type[1] = share[2];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return type;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] getIV(byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte iv[] = new byte[8];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < 8; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            iv[i] = share[i+3];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return iv;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] getRaw(byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte data[] = new byte[share.length-11];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 11; i <share.length; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[i-11] = share[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return data;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static int getKeyGenByte(String algName) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < NUM_KEYGEN_ALG; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (algName.equals(KEYGEN_ALGS[i])) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return i;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            debug.error("keyGen algorithm is not valid.");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        // return the default
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return 0;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static PBEAlgorithm getKeyGenAlg(String algName) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (algName.equals("PBE_SHA1_DES3_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_DES3_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_MD2_DES_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_MD2_DES_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_MD5_DES_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_MD5_DES_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_SHA1_DES_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_DES_CBC ;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_SHA1_RC2_128_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_RC2_128_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_SHA1_RC2_40_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_RC2_40_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_SHA1_RC4_128")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_RC4_128;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("PBE_SHA1_RC4_40")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_RC4_40;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.message("keyGen algorithm is not valid.");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return PBEAlgorithm.PBE_SHA1_DES3_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static int getEncryptionByte(String algName) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < NUM_ENCRYPTION_ALG; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (algName.equals(ENCRYPTION_ALGS[i])) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                return i;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            debug.error("Encryption algorithm is not valid.");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        // return the default
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return 0;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static EncryptionAlgorithm getEncryptionAlg(String algName) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (algName.equals("DES3_CBC_PAD")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES3_CBC_PAD;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("DES3_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES3_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("DES3_ECB")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES3_ECB;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("DES_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("DES_CBC_PAD")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES_CBC_PAD;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("DES_ECB")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES_ECB;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("RC2_CBC")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.RC2_CBC;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else if (algName.equals("RC4")) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.RC4;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.message("Encryption algorithm is not valid.");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return EncryptionAlgorithm.DES3_CBC_PAD;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster}