services/util/JCEEncryption.java

5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * opensso/legal/CDDLv1.0.txt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * at opensso/legal/CDDLv1.0.txt.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: JCEEncryption.java,v 1.3 2008/10/20 17:24:43 beomsuk Exp $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/*
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden * Portions Copyrighted 2010-2014 ForgeRock AS
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpackage com.iplanet.services.util;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Maddenimport com.sun.identity.shared.debug.Debug;
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Maddenimport org.forgerock.openam.utils.CipherProvider;
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Maddenimport org.forgerock.openam.utils.Providers;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.crypto.Cipher;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.crypto.SecretKey;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.crypto.SecretKeyFactory;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.crypto.spec.PBEKeySpec;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.crypto.spec.PBEParameterSpec;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This class provides encryption and decryption facility for the SDK based on
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * the existence of a JCE provider in the runtime. Unlike
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code>JSSEncryption</code>, this class can only handle a fixed algorithm
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * for key generation and encryption which is <code>PBEWithMD5AndDES</code>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Since different JCE providers such as IAIK use slightly different names for
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * this algorithm, this class provides the facility to over-ride this hardcoded
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * value by setting the system properties for each of these algorithms. The
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * property name for specifying the key generation algorithm is
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code>amKeyGenDescriptor</code> and that for specifying encryption
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithm is <code>amCryptoDescriptor</code>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * </p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <b>NOTE:</b> The facility of overriding key generation and encryption
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithms must be used very carefully. In particular, this facility is not
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * meant to force the use of an algorithm different from the specified default
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * algorithm <code>PBEWithMD5AndDES</code> since that will result in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * incompatibility between the <code>JSSEncryption</code> if it is being used
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * by any peer entity such as agent or server. This would not be a problem if
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * all entities in the network were configured to use this encryption provider
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * and all had the same implementation of the specified algorithms available.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class JCEEncryption implements AMEncryption, ConfigurableKey {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final byte VERSION = 1;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "amCryptoDescriptor";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBEWithMD5AndDES";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR_PROVIDER;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR_PROVIDER_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "amCryptoDescriptor.provider";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String CRYPTO_DESCRIPTOR_PROVIDER_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "SunJCE";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "amKeyGenDescriptor";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "PBEWithMD5AndDES";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM_PROVIDER;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM_PROVIDER_PROPERTY_NAME =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "amKeyGenDescriptor.provider";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final String KEYGEN_ALGORITHM_PROVIDER_DEFAULT_VALUE =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        "SunJCE";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final int DEFAULT_KEYGEN_ALG_INDEX = 2;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final int DEFAULT_ENC_ALG_INDEX = 2;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final int ITERATION_COUNT = 5;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    static {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        CRYPTO_DESCRIPTOR = System.getProperty(CRYPTO_DESCRIPTOR_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                CRYPTO_DESCRIPTOR_DEFAULT_VALUE);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        KEYGEN_ALGORITHM = System.getProperty(KEYGEN_ALGORITHM_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                KEYGEN_ALGORITHM_DEFAULT_VALUE);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        CRYPTO_DESCRIPTOR_PROVIDER = System.getProperty(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                CRYPTO_DESCRIPTOR_PROVIDER_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                CRYPTO_DESCRIPTOR_PROVIDER_DEFAULT_VALUE);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        KEYGEN_ALGORITHM_PROVIDER = System.getProperty(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                KEYGEN_ALGORITHM_PROVIDER_PROPERTY_NAME,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                KEYGEN_ALGORITHM_PROVIDER_DEFAULT_VALUE);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private static final String CRYPTO_CACHE_SIZE_PROPERTY_NAME = "amCryptoCacheSize";
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private static final int DEFAULT_CACHE_SIZE = 500;
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private static final int CACHE_SIZE = Integer.getInteger(CRYPTO_CACHE_SIZE_PROPERTY_NAME, DEFAULT_CACHE_SIZE);
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    /**
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden     * Stores a per-thread copy of the underlying cipher, fetched from the standard {@link Cipher} implementation,
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden     * preferring the Sun JCE provider if available.
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden     */
9c1ec205dd4a7c6a5a2b06fa7385cf5b33274208Neil Madden    private static final CipherProvider cipherProvider = Providers.cipherProvider(CRYPTO_DESCRIPTOR, CRYPTO_DESCRIPTOR_PROVIDER, CACHE_SIZE);
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param clearText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public byte[] encrypt(byte[] clearText) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return pbeEncrypt(clearText);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param encText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public byte[] decrypt(byte[] encText) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return pbeDecrypt(encText);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param clearText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private byte[] pbeEncrypt(final byte[] clearText) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte[] result = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (clearText == null || clearText.length == 0) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (_initialized) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                byte type[] = new byte[2];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                type[1] = (byte) DEFAULT_ENC_ALG_INDEX;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                type[0] = (byte) DEFAULT_KEYGEN_ALG_INDEX;
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden                final Cipher pbeCipher = cipherProvider.getCipher();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (pbeCipher != null) {
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden                    pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParameterSpec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    result = pbeCipher.doFinal(clearText);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    byte[] iv = pbeCipher.getIV();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    result = addPrefix(type, iv, result);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        debug.error("JCEEncryption: Failed to obtain Cipher");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            } catch (Exception ex) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error("JCEEncryption:: failed to encrypt data", ex);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("JCEEncryption:: not yet initialized");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return result;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param type
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param iv
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param share
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] addPrefix(byte type[], byte iv[], byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte data[] = new byte[share.length + 11];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[0] = VERSION;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[1] = type[0];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        data[2] = type[1];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < 8; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[3 + i] = iv[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 0; i < share.length; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[11 + i] = share[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return data;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param cipherText
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private byte[] pbeDecrypt(byte[] cipherText) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte[] result = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (_initialized) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                byte share[] = cipherText;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (share[0] != VERSION) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        debug.error("JCEEncryption:: Unsupported version: "
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                                + share[0]);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    return null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                byte raw[] = getRaw(share);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden                final Cipher pbeCipher = cipherProvider.getCipher();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (pbeCipher != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    pbeCipher.init(Cipher.DECRYPT_MODE, pbeKey,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                            pbeParameterSpec);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    result = pbeCipher.doFinal(raw);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        debug.error("JCEEncryption: Failed to obtain Cipher");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            } catch (Exception ex) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                    debug.error("JCEEncryption:: failed to decrypt data", ex);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            Debug debug = Debug.getInstance("amSDK");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            if (debug != null) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                debug.error("JCEEncryption:: not yet initialized");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return result;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Method declaration
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param share
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static byte[] getRaw(byte share[]) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        byte data[] = new byte[share.length - 11];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        for (int i = 11; i < share.length; i++) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            data[i - 11] = share[i];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        return data;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Sets password-based key to use
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public void setPassword(String password) throws Exception {
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden        pbeKey = SecretKeyFactory.getInstance(KEYGEN_ALGORITHM, KEYGEN_ALGORITHM_PROVIDER)
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden                                 .generateSecret(new PBEKeySpec(password.toCharArray()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        _initialized = true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private static final byte[] ___y = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            0x01, 0x01 };
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private volatile SecretKey pbeKey;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private volatile boolean _initialized = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
7ab03be513893d7e066e2bdea5bb279a2502e1b8Neil Madden    private static final PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            ___y, ITERATION_COUNT);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster}