CryptoManagerImpl.java revision edc595e56216e680d268376e85c7625f2f052b6a
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2009 Parametric Technology Corporation (PTC)
* Portions Copyright 2011-2015 ForgeRock AS
*/
/**
This class implements the Directory Server cryptographic framework,
which is described in the
CrytpoManager design document</a>. {@code CryptoManager} implements
inter-OpenDJ-instance authentication and authorization using the
ADS-based truststore, and secret key distribution. The interface also
provides methods for hashing, encryption, and other kinds of
cryptographic operations.
<p>
Note that it also contains methods for compressing and uncompressing
data: while these are not strictly cryptographic operations, there
are a lot of similarities and it is conceivable at some point that
accelerated compression may be available just as it is for
cryptographic operations.
<p>
Other components of CryptoManager:
@see org.opends.server.crypto.CryptoManagerSync
@see org.opends.server.crypto.GetSymmetricKeyExtendedOperation
*/
public class CryptoManagerImpl
{
/** Various schema element references. */
private static AttributeType attrKeyID;
private static AttributeType attrPublicKeyCertificate;
private static AttributeType attrTransformation;
private static AttributeType attrMacAlgorithm;
private static AttributeType attrSymmetricKey;
private static AttributeType attrInitVectorLength;
private static AttributeType attrKeyLength;
private static AttributeType attrCompromisedTime;
private static ObjectClass ocCertRequest;
private static ObjectClass ocInstanceKey;
private static ObjectClass ocCipherKey;
private static ObjectClass ocMacKey;
/** The DN of the local truststore backend. */
private static DN localTruststoreDN;
/** The DN of the ADS instance keys container. */
private static DN instanceKeysDN;
/** The DN of the ADS secret keys container. */
private static DN secretKeysDN;
/** The DN of the ADS servers container. */
/** Indicates whether the schema references have been initialized. */
private static boolean schemaInitDone;
/**
* The secure random number generator used for key generation, initialization
* vector PRNG seed...
*/
/** The random number generator used for initialization vector production. */
private static final Random pseudoRandom
/**
* The first byte in any ciphertext produced by CryptoManager is the prologue
* version. At present, this constant is both the version written and the
* expected version. If a new version is introduced (e.g., to allow embedding
* the HMAC key identifier and signature in a signed backup) the prologue
* version will likely need to be configurable at the granularity of the
* CryptoManager client (e.g., password encryption might use version 1, while
* signed backups might use version 2.
*/
private static final int CIPHERTEXT_PROLOGUE_VERSION = 1 ;
/**
* The map from encryption key ID to CipherKeyEntry (cache). The cache is
* accessed by methods that request, publish, and import keys.
*/
/**
* The map from encryption key ID to MacKeyEntry (cache). The cache is
* accessed by methods that request, publish, and import keys.
*/
/** The preferred key wrapping transformation. */
private String preferredKeyWrappingTransformation;
// TODO: Move the following configuration to backup or backend configuration.
/** The preferred message digest algorithm for the Directory Server. */
private String preferredDigestAlgorithm;
/** The preferred cipher for the Directory Server. */
private String preferredCipherTransformation;
/** The preferred key length for the preferred cipher. */
private int preferredCipherTransformationKeyLengthBits;
/** The preferred MAC algorithm for the Directory Server. */
private String preferredMACAlgorithm;
/** The preferred key length for the preferred MAC algorithm. */
private int preferredMACAlgorithmKeyLengthBits;
// TODO: Move the following configuration to replication configuration.
/** The name of the local certificate to use for SSL. */
private final String sslCertNickname;
/** Whether replication sessions use SSL encryption. */
private final boolean sslEncryption;
/** The set of SSL protocols enabled or null for the default set. */
/** The set of SSL cipher suites enabled or null for the default set. */
private final ServerContext serverContext;
/**
* Creates a new instance of this crypto manager object from a given
* configuration, plus some static member initialization.
*
* @param serverContext
* The server context.
* @param config
* The configuration of this crypto manager.
* @throws ConfigException
* If a problem occurs while creating this {@code CryptoManager}
* that is a result of a problem in the configuration.
* @throws InitializationException
* If a problem occurs while creating this {@code CryptoManager}
* that is not the result of a problem in the configuration.
*/
throws ConfigException, InitializationException {
this.serverContext = serverContext;
if (!schemaInitDone) {
// Initialize various schema references.
"ds-cfg-self-signed-cert-request"); // TODO: ConfigConstants
try {
}
catch (DirectoryException ex) {
}
schemaInitDone = true;
}
// CryptoMangager crypto config parameters.
}
// Secure replication related...
// Register as a configuration change listener.
config.addChangeListener(this);
}
/** {@inheritDoc} */
public boolean isConfigurationChangeAcceptable(
{
// Acceptable until we find an error.
boolean isAcceptable = true;
// Requested digest validation.
{
try{
}
isAcceptable = false;
}
}
// Requested encryption cipher validation.
this.preferredCipherTransformation) ||
isAcceptable = false;
}
else {
try {
}
isAcceptable = false;
}
}
}
// Requested MAC algorithm validation.
{
try {
null,
}
isAcceptable = false;
}
}
// Requested secret key wrapping cipher and validation. Validation
// depends on MAC cipher for secret key.
this.preferredKeyWrappingTransformation)) {
isAcceptable = false;
}
else {
try {
/* Note that the TrustStoreBackend not available at initial,
CryptoManager configuration, hence a "dummy" certificate must be used
to validate the choice of secret key wrapping cipher. Otherwise, call
getInstanceKeyCertificateFromLocalTruststore() */
final String certificateBase64 =
"MIIB2jCCAUMCBEb7wpYwDQYJKoZIhvcNAQEEBQAwNDEbMBkGA1UEChMST3B" +
"lbkRTIENlcnRpZmljYXRlMRUwEwYDVQQDEwwxMC4wLjI0OC4yNTEwHhcNMD" +
"cwOTI3MTQ0NzUwWhcNMjcwOTIyMTQ0NzUwWjA0MRswGQYDVQQKExJPcGVuR" +
"FMgQ2VydGlmaWNhdGUxFTATBgNVBAMTDDEwLjAuMjQ4LjI1MTCBnzANBgkq" +
"b2gPTdb9n1HLOBqh2lmLLHvt2SgBeN5TSa1PAHW8zJy9LDhpWKZvsUOIdQD" +
"8Ula/0d/jvMEByEj/hr00P6yqgLXk+EudPgOkFXHA+IfkkOSghMooWc/L8H" +
"nD1REdqeZuxp+ARNU+cc/ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQBemyCU" +
"oNL+HHKW0vi5/7W5KwOZsPqKI2SdYV7nDqTZklm5ZP0gmIuNO6mTqBRtC2D" +
"lplX1Iq+BrQJAmteiPtwhdZD+EIghe51CaseImjlLlY2ZK8w==";
}
isAcceptable = false;
}
}
}
return isAcceptable;
}
/** {@inheritDoc} */
{
return new ConfigChangeResult();
}
/**
* Retrieve the ADS trust store backend.
* @return The ADS trust store backend.
* @throws ConfigException If the ADS trust store backend is
* not configured.
*/
private TrustStoreBackend getTrustStoreBackend()
throws ConfigException
{
if (b == null)
{
}
if (!(b instanceof TrustStoreBackend))
{
}
return (TrustStoreBackend)b;
}
/**
* Returns this instance's instance-key public-key certificate from
* the local keystore (i.e., from the truststore-backend and not
* from the ADS backed keystore). If the certificate entry does not
* yet exist in the truststore backend, the truststore is signaled
* to initialized that entry, and the newly generated certificate
* is then retrieved and returned. The certificate returned can never
* be null.
*
* @return This instance's instance-key public-key certificate from
* the local truststore backend.
* @throws CryptoManagerException If the certificate cannot be
* retrieved, or, was not able to be initialized by the trust-store.
*/
static byte[] getInstanceKeyCertificateFromLocalTruststore()
throws CryptoManagerException {
// Construct the key entry DN.
// Construct the search filter.
// Construct the attribute list.
// Retrieve the certificate from the entry.
byte[] certificate = null;
try {
for (int i = 0; i < 2; ++i) {
try {
/* If the entry does not exist in the instance's truststore
backend, add it using a special object class that induces
the backend to create the public-key certificate
attribute, then repeat the search. */
final SearchRequest request = newSearchRequest(entryDN, SearchScope.BASE_OBJECT, FILTER_OC_INSTANCE_KEY)
/* attribute ds-cfg-public-key-certificate is a MUST in
the schema */
}
break;
}
catch (DirectoryException ex) {
if (0 == i
throw new DirectoryException(
}
}
else {
throw ex;
}
}
}
}
catch (DirectoryException ex) {
throw new CryptoManagerException(
}
//The certificate can never be null. The LocalizableMessage digest code that will
//use it later throws a NPE if the certificate is null.
if (certificate == null) {
throw new CryptoManagerException(
}
return certificate;
}
/**
* Return the identifier of this instance's instance-key. An
* instance-key identifier is a hex string of the MD5 hash of an
* instance's instance-key public-key certificate.
* @see #getInstanceKeyID(byte[])
* @return This instance's instance-key identifier.
* @throws CryptoManagerException If there is a problem retrieving
* the instance-key public-key certificate or computing its MD5
* hash.
*/
throws CryptoManagerException {
return getInstanceKeyID(
}
/**
* Return the identifier of an instance's instance key. An
* instance-key identifier is a hex string of the MD5 hash of an
* instance's instance-key public-key certificate.
* @see #getInstanceKeyID()
* @param instanceKeyCertificate The instance key for which to
* return an identifier.
* @return The identifier of the supplied instance key.
* @throws CryptoManagerException If there is a problem computing
* the identifier from the instance key.
*
* TODO: Make package-private if ADSContextHelper can get keyID from ADS
* TODO: suffix: Issue https://opends.dev.java.net/issues/show_bug.cgi?id=2442
*/
throws CryptoManagerException {
try {
}
catch (NoSuchAlgorithmException ex) {
throw new CryptoManagerException(
}
return StaticUtils.bytesToHexNoSpace(
}
/**
Publishes the instance key entry in ADS, if it does not already
exist.
@throws CryptoManagerException In case there is a problem
searching for the entry, or, if necessary, adding it.
*/
static void publishInstanceKeyEntryInADS()
throws CryptoManagerException {
final byte[] instanceKeyCertificate = getInstanceKeyCertificateFromLocalTruststore();
// Construct the key entry DN.
// Check for the entry. If it does not exist, create it.
try {
final SearchRequest request =
// Add the key ID attribute.
// Add the public key certificate attribute.
throw new DirectoryException(
}
}
} catch (DirectoryException ex) {
throw new CryptoManagerException(
}
}
/**
Return the set of valid (i.e., not tagged as compromised) instance
key-pair public-key certificate entries in ADS.
@return The set of valid (i.e., not tagged as compromised) instance
key-pair public-key certificate entries in ADS represented as a Map
from ds-cfg-key-id value to ds-cfg-public-key-certificate value.
Note that the collection might be empty.
@throws CryptoManagerException In case of a problem with the
search operation.
@see org.opends.admin.ads.ADSContext#getTrustedCertificates()
*/
try {
// Construct the search filter.
final SearchRequest request = newSearchRequest(instanceKeysDN, SearchScope.SINGLE_LEVEL, searchFilter)
/* attribute ds-cfg-key-id is the RDN and attribute
ds-cfg-public-key-certificate is a MUST in the schema */
final byte[] certificate = e.parseAttribute(
}
}
catch (DirectoryException ex) {
throw new CryptoManagerException(
}
return certificateMap;
}
/**
* Encodes a ds-cfg-symmetric-key attribute value with the preferred
* key wrapping transformation and using the supplied arguments.
*
* The syntax of the ds-cfg-symmetric-key attribute:
* <pre>
* wrappingKeyID:wrappingTransformation:wrappedKeyAlgorithm:\
* wrappedKeyType:hexWrappedKey
*
* wrappingKeyID ::= hexBytes[16]
* wrappingTransformation
* ::= e.g., RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING
* wrappedKeyAlgorithm ::= e.g., DESede
* hexifiedwrappedKey ::= 0123456789abcdef01...
* </pre>
*
* @param wrappingKeyID The key identifier of the wrapping key. This
* parameter is the first field in the encoded value and identifies
* the instance that will be able to unwrap the secret key.
*
* @param wrappingKeyCertificateData The public key certificate used
* to derive the wrapping key.
*
* @param secretKey The secret key value to be wrapped for the
* encoded value.
*
* @return The encoded representation of the ds-cfg-symmetric-key
* attribute with the secret key wrapped with the supplied public
* key.
*
* @throws CryptoManagerException If there is a problem wrapping
* the secret key.
*/
private String encodeSymmetricKeyAttribute(
final String wrappingKeyID,
final byte[] wrappingKeyCertificateData,
throws CryptoManagerException {
return encodeSymmetricKeyAttribute(
}
/**
* Encodes a ds-cfg-symmetric-key attribute value with a specified
* key wrapping transformation and using the supplied arguments.
*
* @param wrappingTransformationName The name of the key wrapping
* transformation.
*
* @param wrappingKeyID The key identifier of the wrapping key. This
* parameter is the first field in the encoded value and identifies
* the instance that will be able to unwrap the secret key.
*
* @param wrappingKeyCertificateData The public key certificate used
* to derive the wrapping key.
*
* @param secretKey The secret key value to be wrapped for the
* encoded value.
*
* @return The encoded representation of the ds-cfg-symmetric-key
* attribute with the secret key wrapped with the supplied public
* key.
*
* @throws CryptoManagerException If there is a problem wrapping
* the secret key.
*/
private String encodeSymmetricKeyAttribute(
final String wrappingTransformationName,
final String wrappingKeyID,
final byte[] wrappingKeyCertificateData,
throws CryptoManagerException {
// Wrap secret key.
try {
final CertificateFactory cf
}
catch (GeneralSecurityException ex) {
throw new CryptoManagerException(
}
// Compose ds-cfg-symmetric-key value.
}
/**
* Takes an encoded ds-cfg-symmetric-key attribute value and the
* associated key algorithm name, and returns an initialized
* {@code java.security.Key} object.
* @param symmetricKeyAttribute The encoded
* ds-cfg-symmetric-key-attribute value.
* @return A SecretKey object instantiated with the key data,
* algorithm, and Ciper.SECRET_KEY type, or {@code null} if the
* supplied symmetricKeyAttribute was encoded for another instance.
* @throws CryptoManagerException If there is a problem decomposing
* the supplied attribute value or unwrapping the encoded key.
*/
private SecretKey decodeSymmetricKeyAttribute(
final String symmetricKeyAttribute)
throws CryptoManagerException {
// Initial decomposition.
throw new CryptoManagerException(
}
// Parse individual fields.
byte[] wrappedKeyCipherTextElement;
try {
fieldName = "instance key identifier";
fieldName = "key wrapping transformation";
fieldName = "wrapped key algorithm";
fieldName = "wrapped key data";
}
catch (ParseException ex) {
throw new CryptoManagerException(
}
// Confirm key can be unwrapped at this instance.
return null;
}
// Retrieve instance-key-pair private key part.
try {
}
catch(ConfigException ce)
{
throw new CryptoManagerException(
}
catch (IdentifiedException ex) {
// ConfigException, DirectoryException
throw new CryptoManagerException(
}
// Unwrap secret key.
try {
} catch(GeneralSecurityException ex) {
throw new CryptoManagerException(
}
return secretKey;
}
/**
* Decodes the supplied symmetric key attribute value and re-encodes
* it with the public key referred to by the requested instance key
* identifier. The symmetric key attribute must be wrapped in this
* instance's instance-key-pair public key.
* @param symmetricKeyAttribute The symmetric key attribute value to
* unwrap and rewrap.
* @param requestedInstanceKeyID The key identifier of the public
* key to use in the re-wrapping.
* @return The symmetric key attribute value with the symmetric key
* re-wrapped in the requested public key.
* @throws CryptoManagerException If there is a problem decoding
* the supplied symmetric key attribute value, unwrapping the
* embedded secret key, or retrieving the requested public key.
*/
final String symmetricKeyAttribute,
final String requestedInstanceKeyID)
throws CryptoManagerException {
throw new CryptoManagerException(
}
final byte[] wrappingKeyCert =
return encodeSymmetricKeyAttribute(
}
/**
* Given a set of other servers' symmetric key values for
* a given secret key, use the Get Symmetric Key extended
* operation to request this server's symmetric key value.
*
* @param symmetricKeys The known symmetric key values for
* a given secret key.
*
* @return The symmetric key value for this server, or null if
* none could be obtained.
*/
{
{
try
{
// Get the server instance key ID from the symmetric key.
// Find the server entry from the instance key ID.
{
continue;
}
{
// Connect to the server.
new LDAPConnectionOptions();
new PrintStream(new OutputStream() {
public void write ( int b ) { }
});
try
{
// Send the Get Symmetric Key extended request.
if (extendedResponse.getResultCode() ==
{
// Got our symmetric key value.
}
}
finally
{
}
}
}
catch (Exception e)
{
// Just try another server.
}
}
// Give up.
return null;
}
/**
* Imports a cipher key entry from an entry in ADS.
*
* @param entry The ADS cipher key entry to be imported.
* The entry will be ignored if it does not have
* the ds-cfg-cipher-key objectclass, or if the
* key is already present.
*
* @throws CryptoManagerException
* If the entry had the correct objectclass,
* was not already present but could not
* be imported.
*/
throws CryptoManagerException
{
// Ignore the entry if it does not have the appropriate objectclass.
{
return;
}
try
{
// Find the symmetric key value that was wrapped using
// our instance key.
{
{
break;
}
}
return;
}
// Request the value from another server.
if (symmetricKey == null)
{
throw new CryptoManagerException(
}
// Write the value to the entry.
{
throw new CryptoManagerException(
}
}
catch (CryptoManagerException e)
{
throw e;
}
{
throw new CryptoManagerException(
}
}
/**
* Imports a mac key entry from an entry in ADS.
*
* @param entry The ADS mac key entry to be imported. The
* entry will be ignored if it does not have the
* ds-cfg-mac-key objectclass, or if the key is
* already present.
*
* @throws CryptoManagerException
* If the entry had the correct objectclass,
* was not already present but could not
* be imported.
*/
throws CryptoManagerException
{
// Ignore the entry if it does not have the appropriate objectclass.
{
return;
}
try
{
// Find the symmetric key value that was wrapped using our
// instance key.
{
{
break;
}
}
{
// Request the value from another server.
if (symmetricKey == null)
{
throw new CryptoManagerException(
}
// Write the value to the entry.
{
throw new CryptoManagerException(
}
}
else
{
}
}
catch (CryptoManagerException e)
{
throw e;
}
{
throw new CryptoManagerException(
}
}
/**
* This class implements a utility interface to the unique
* identifier corresponding to a cryptographic key. For each key
* stored in an entry in ADS, the key identifier is the naming
* attribute of the entry. The external binary representation of the
* key entry identifier is compact, because it is typically stored
* as a prefix of encrypted data.
*/
private static class KeyEntryID
{
/**
* Constructs a KeyEntryID using a new unique identifier.
*/
public KeyEntryID() {
}
/**
* Construct a {@code KeyEntryID} from its {@code byte[]}
* representation.
*
* @param keyEntryID The {@code byte[]} representation of a
* {@code KeyEntryID}.
*/
public KeyEntryID(final byte[] keyEntryID) {
long hiBytes = 0;
long loBytes = 0;
for (int i = 0; i < 8; ++i) {
}
}
/**
* Constructs a {@code KeyEntryID} from its {@code String}
* representation.
*
* @param keyEntryID The {@code String} reprentation of a
* {@code KeyEntryID}.
*
* @throws CryptoManagerException If the argument does
* not conform to the {@code KeyEntryID} string syntax.
*/
throws CryptoManagerException {
try {
}
catch (IllegalArgumentException ex) {
throw new CryptoManagerException(
}
}
/**
* Copy constructor.
*
* @param keyEntryID The {@code KeyEntryID} to copy.
*/
}
/**
* Returns the compact {@code byte[]} representation of this
* {@code KeyEntryID}.
* @return The compact {@code byte[]} representation of this
* {@code KeyEntryID}.
*/
public byte[] getByteValue(){
final byte[] uuidBytes = new byte[16];
for (int i = 7; i >= 0; --i) {
hiBytes >>>= 8;
loBytes >>>= 8;
}
return uuidBytes;
}
/**
* Returns the {@code String} representation of this
* {@code KeyEntryID}.
* @return The {@code String} representation of this
* {@code KeyEntryID}.
*/
public String getStringValue() {
}
/**
* Returns the length of the compact {@code byte[]} representation
* of a {@code KeyEntryID}.
*
* @return The length of the compact {@code byte[]} representation
* of a {@code KeyEntryID}.
*/
public static int getByteValueLength() {
return 16;
}
/**
* Compares this object to the specified object. The result is
* true if and only if the argument is not null, is of type
* {@code KeyEntryID}, and has the same value (i.e., the
* {@code String} and {@code byte[]} representations are
* identical).
*
* @param obj The object to which to compare this instance.
*
* @return {@code true} if the objects are the same, {@code false}
* otherwise.
*/
return obj instanceof KeyEntryID
}
/**
* Returns a hash code for this {@code KeyEntryID}.
*
* @return a hash code value for this {@code KeyEntryID}.
*/
public int hashCode() {
}
/** State. */
}
/**
This class corresponds to the secret key portion if a secret
key entry in ADS.
<p>
Note that the generated key length is in some cases longer than requested
key length. For example, when a 56-bit key is requested for DES (or 168-bit
for DESede) the default provider for the Sun JRE produces an 8-byte (24-byte)
key, which embeds the generated key in an array with one parity bit per byte.
The requested key length is what is recorded in this object and in the
published key entry; hence, users of the actual key data must be sure to
operate on the full key byte array, and not truncate it to the key length.
*/
private static class SecretKeyEntry
{
/**
Construct an instance of {@code SecretKeyEntry} using the specified
parameters. This constructor is used for key generation.
<p>
Note the relationship between the secret key data array length and the
secret key length parameter described in {@link SecretKeyEntry}
@param algorithm The name of the secret key algorithm for which the key
entry is to be produced.
@param keyLengthBits The length of the requested key in bits.
@throws CryptoManagerException If there is a problem instantiating the key
generator.
*/
throws CryptoManagerException {
try {
}
catch (NoSuchAlgorithmException ex) {
throw new CryptoManagerException(
}
//See if key length is beyond the permissible value.
{
throw new CryptoManagerException(
}
this.fKeyID = new KeyEntryID();
this.fKeyLengthBits = keyLengthBits;
this.fIsCompromised = false;
}
/**
Construct an instance of {@code SecretKeyEntry} using the specified
parameters. This constructor would typically be used for key entries
imported from ADS, for which the full set of paramters is known.
<p>
Note the relationship between the secret key data array length and the
secret key length parameter described in {@link SecretKeyEntry}
@param secretKey The secret key.
@param secretKeyLengthBits The length in bits of the secret key.
@param isCompromised {@code false} if the key may be used
for operations on new data, or {@code true} if the key is being
retained only for use in validation.
*/
final int secretKeyLengthBits,
final boolean isCompromised) {
// copy arguments
this.fSecretKey = secretKey;
this.fKeyLengthBits = secretKeyLengthBits;
this.fIsCompromised = isCompromised;
}
/**
*
*/
public KeyEntryID getKeyID() {
return fKeyID;
}
/**
* The secret key spec containing the secret key.
*
* @return The secret key spec containing the secret key.
*/
public SecretKey getSecretKey() {
return fSecretKey;
}
/**
* Mark a key entry as compromised. The entry will no longer be
* eligible for use as an encryption key.
* <p>
* There is no need to lock the entry to make this change: The
* only valid transition for this field is from false to true,
* the change is asynchronous across the topology (i.e., a key
* might continue to be used at this instance for at least the
* replication propagation delay after being marked compromised at
* another instance), and modifying a boolean is guaranteed to be
* atomic.
*/
public void setIsCompromised() {
fIsCompromised = true;
}
/**
Returns the length of the secret key in bits.
<p>
Note the relationship between the secret key data array length and the
secret key length parameter described in {@link SecretKeyEntry}
@return the length of the secret key in bits.
*/
public int getKeyLengthBits() {
return fKeyLengthBits;
}
/**
* Returns the status of the key.
* @return {@code false} if the key may be used for operations on
* new data, or {@code true} if the key is being retained only for
* use in validation.
*/
public boolean isCompromised() {
return fIsCompromised;
}
/** State. */
private final KeyEntryID fKeyID;
private final SecretKey fSecretKey;
private final int fKeyLengthBits;
private boolean fIsCompromised;
}
private static void putSingleValueAttribute(
{
}
{
return attrList;
}
/**
* This class corresponds to the cipher key entry in ADS. It is
* used in the local cache of key entries that have been requested
* by CryptoManager clients.
*/
private static class CipherKeyEntry extends SecretKeyEntry
{
/**
* This method generates a key according to the key parameters,
* and creates a key entry and registers it in the supplied map.
*
* @param cryptoManager The CryptoManager instance for which the
* key is to be generated. Pass {@code null} as the argument to
* this parameter in order to validate a proposed cipher
* transformation and key length without publishing the key.
*
* @param transformation The cipher transformation for which the
* key is to be produced. This argument is required.
*
* @param keyLengthBits The cipher key length in bits. This argument is
* required and must be suitable for the requested transformation.
*
* @return The key entry corresponding to the parameters.
*
* @throws CryptoManagerException If there is a problem
* instantiating a Cipher object in order to validate the supplied
* parameters when creating a new entry.
*
* @see MacKeyEntry#getKeyEntry(CryptoManagerImpl, String, int)
*/
public static CipherKeyEntry generateKeyEntry(
final CryptoManagerImpl cryptoManager,
final String transformation,
final int keyLengthBits)
throws CryptoManagerException {
// Validate the key entry. Record the initialization vector length, if any
/* The key is published to ADS before making it available in the local
cache with the intention to ensure the key is persisted before use.
This ordering allows the possibility that data encrypted at another
instance could arrive at this instance before the key is available in
the local cache to decode the data. */
}
return keyEntry;
}
/**
* Publish a new cipher key by adding an entry into ADS.
* @param cryptoManager The CryptoManager instance for which the
* key was generated.
* @param keyEntry The cipher key to be published.
* @throws CryptoManagerException
* If the key entry could not be added to
* ADS.
*/
throws CryptoManagerException
{
// Construct the key entry DN.
// Set the entry object classes.
// Create the operational and user attributes.
// Add the key ID attribute.
// Add the transformation name attribute.
// Add the init vector length attribute.
// Add the key length attribute.
// Get the trusted certificates.
// Need to add our own instance certificate.
byte[] instanceKeyCertificate =
// Add the symmetric key attribute.
{
}
// Create the entry.
{
throw new CryptoManagerException(
}
}
/**
* Initializes a secret key entry from the supplied parameters,
* validates it, and registers it in the supplied map. The
* anticipated use of this method is to import a key entry from
* ADS.
*
* @param cryptoManager The CryptoManager instance.
*
* @param keyIDString The key identifier.
*
* @param transformation The cipher transformation for which the
* key entry was produced.
*
* @param secretKey The cipher key.
*
* @param secretKeyLengthBits The length of the cipher key in
* bits.
*
* @param ivLengthBits The length of the initialization vector,
* which will be zero in the case of any stream cipher algorithm,
* any block cipher algorithm for which the transformation mode
* does not use an initialization vector, and any HMAC algorithm.
*
* @param isCompromised Mark the key as compromised, so that it
* will not subsequently be used for encryption. The key entry
* must be maintained in order to decrypt existing ciphertext.
*
* @return The key entry, if one was successfully produced.
*
* @throws CryptoManagerException In case of an error in the
* parameters used to initialize or validate the key entry.
*/
public static CipherKeyEntry importCipherKeyEntry(
final CryptoManagerImpl cryptoManager,
final String keyIDString,
final String transformation,
final int secretKeyLengthBits,
final int ivLengthBits,
final boolean isCompromised)
throws CryptoManagerException {
// Check map for existing key entry with the supplied keyID.
// Paranoiac check to ensure exact type match.
throw new CryptoManagerException(
keyIDString));
}
// Allow transition to compromised.
}
return keyEntry;
}
// Instantiate new entry.
// Validate new entry.
if (0 < ivLengthBits) {
}
// Cache new entry.
keyEntry);
return keyEntry;
}
/**
* Retrieve a CipherKeyEntry from the CipherKeyEntry Map based on
* the algorithm name and key length.
* <p>
* ADS is not searched in the case a key entry meeting the
* specifications is not found. Instead, the ADS monitoring thread
* is responsible for asynchronous updates to the key map.
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
*
* @param transformation The cipher transformation for which the
* key was produced.
*
* @param keyLengthBits The cipher key length in bits.
*
* @return The key entry corresponding to the parameters, or
* {@code null} if no such entry exists.
*/
public static CipherKeyEntry getKeyEntry(
final CryptoManagerImpl cryptoManager,
final String transformation,
final int keyLengthBits) {
// search for an existing key that satisfies the request
if (! entry.isCompromised()
break;
}
}
return keyEntry;
}
/**
* Given a key identifier, return the associated cipher key entry
* from the supplied map. This method would typically be used by
* a decryption routine.
* <p>
* Although the existence of data tagged with the requested keyID
* implies the key entry exists in the system, it is possible for
* the distribution of the key entry to lag that of the data;
* hence this routine might return null. No attempt is made to
* query the other instances in the ADS topology (presumably at
* least the instance producing the key entry will have it), due
* to the presumed infrequency of key generation and expected low
* latency of replication, compared to the complexity of finding
* the set of instances and querying them. Instead, the caller
* must retry the operation requesting the decryption.
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
*
* @param keyID The key identifier.
*
* @return The key entry associated with the key identifier, or
* {@code null} if no such entry exists.
*
* @see CryptoManagerImpl.MacKeyEntry
* #getKeyEntry(CryptoManagerImpl, String, int)
*/
public static CipherKeyEntry getKeyEntry(
final KeyEntryID keyID) {
}
/**
In case a transformation is supplied instead of an algorithm:
E.g., AES/CBC/PKCS5Padding -> AES.
@param transformation The cipher transformation from which to
extract the cipher algorithm.
@return The algorithm prefix of the Cipher transformation. If
the transformation is supplied as an algorithm-only (no mode or
padding), return the transformation as-is.
*/
private static String keyAlgorithmFromTransformation(
return 0 < separatorIndex
}
/**
* Construct an instance of {@code CipherKeyEntry} using the
* specified parameters. This constructor would typically be used
* for key generation.
*
* @param transformation The name of the Cipher transformation
* for which the key entry is to be produced.
*
* @param keyLengthBits The length of the requested key in bits.
*
* @throws CryptoManagerException If there is a problem
* instantiating the key generator.
*/
throws CryptoManagerException {
// Generate a new key.
// copy arguments.
this.fType = transformation;
}
/**
* Construct an instance of CipherKeyEntry using the specified
* parameters. This constructor would typically be used for key
* entries imported from ADS, for which the full set of paramters
* is known, and for a newly generated key entry, for which the
* initialization vector length might not yet be known, but which
* must be set prior to using the key.
*
* @param keyID The unique identifier of this cipher
* transformation/key pair.
*
* @param transformation The name of the secret-key cipher
* transformation for which the key entry is to be produced.
*
* @param secretKey The cipher key.
*
* @param secretKeyLengthBits The length of the secret key in
* bits.
*
* @param ivLengthBits The length in bits of a mandatory
* initialization vector or 0 if none is required. Set this
* parameter to -1 when generating a new encryption key and this
* method will attempt to compute the proper value by first using
* the cipher block size and then, if the cipher block size is
* non-zero, using 0 (i.e., no initialization vector).
*
* @param isCompromised {@code false} if the key may be used
* for encryption, or {@code true} if the key is being retained
* only for use in decrypting existing data.
*
* @throws CryptoManagerException If there is a problem
* instantiating a Cipher object in order to validate the supplied
* parameters when creating a new entry.
*/
final String transformation,
final int secretKeyLengthBits,
final int ivLengthBits,
final boolean isCompromised)
throws CryptoManagerException {
// copy arguments
this.fType = transformation;
this.fIVLengthBits = ivLengthBits;
}
/**
* The cipher transformation for which the key entry was created.
*
* @return The cipher transformation.
*/
return fType;
}
/**
* length in bits. Typically, this will be the cipher's block
* size, or 0 for a stream cipher or a block cipher mode that does
* not use an initialization vector (e.g., ECB).
*
* @param ivLengthBits The initiazliation vector length in bits.
*/
private void setIVLengthBits(int ivLengthBits) {
}
/**
* The initialization vector length in bits: 0 is a stream cipher
* or a block cipher that does not use an IV (e.g., ECB); or a
* positive integer, typically the block size of the cipher.
* <p>
* This method returns -1 if the object initialization has not
* been completed.
*
* @return The initialization vector length.
*/
public int getIVLengthBits() {
return fIVLengthBits;
}
/** State. */
private int fIVLengthBits = -1;
}
/**
* This method produces an initialized Cipher based on the supplied
* CipherKeyEntry's state.
*
* @param keyEntry The secret key entry containing the cipher
* transformation and secret key for which to instantiate
* the cipher.
*
* @param mode Either Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE.
*
* @param initializationVector For Cipher.DECRYPT_MODE, supply
* the initialzation vector used in the corresponding encryption
* cipher, or {@code null} if none.
*
* @return The initialized cipher object.
*
* @throws CryptoManagerException In case of a problem creating
* or initializing the requested cipher object. Possible causes
* include NoSuchAlgorithmException, NoSuchPaddingException,
* InvalidKeyException, and InvalidAlgorithmParameterException.
*/
final int mode,
final byte[] initializationVector)
throws CryptoManagerException {
|| null == initializationVector);
== keyEntry.getIVLengthBits());
try {
/* If a client specifies only an algorithm for a transformation, the
Cipher provider can supply default values for mode and padding. Hence
in order to avoid a decryption error due to mismatched defaults in the
provider implementation of JREs supplied by different vendors, the
{@code CryptoManager} configuration validator requires the mode and
padding be explicitly specified. Some cipher algorithms, including
RC4 and ARCFOUR, do not have a mode or padding, and hence must be
}
}
catch (GeneralSecurityException ex) {
// NoSuchAlgorithmException, NoSuchPaddingException
throw new CryptoManagerException(
}
try {
byte[] iv;
}
else {
}
}
else {
}
}
catch (GeneralSecurityException ex) {
// InvalidKeyException, InvalidAlgorithmParameterException
throw new CryptoManagerException(
}
return cipher;
}
/**
* This class corresponds to the MAC key entry in ADS. It is
* used in the local cache of key entries that have been requested
* by CryptoManager clients.
*/
private static class MacKeyEntry extends SecretKeyEntry
{
/**
* This method generates a key according to the key parameters,
* creates a key entry, and optionally registers it in the
* supplied CryptoManager context.
*
* @param cryptoManager The CryptoManager instance for which the
* key is to be generated. Pass {@code null} as the argument to
* this parameter in order to validate a proposed MAC algorithm
* and key length, but not publish the key entry.
*
* @param algorithm The MAC algorithm for which the
* key is to be produced. This argument is required.
*
* @param keyLengthBits The MAC key length in bits. The argument is
* required and must be suitable for the requested algorithm.
*
* @return The key entry corresponding to the parameters.
*
* @throws CryptoManagerException If there is a problem
* instantiating a Mac object in order to validate the supplied
* parameters when creating a new entry.
*
* @see CipherKeyEntry#getKeyEntry(CryptoManagerImpl, String, int)
*/
public static MacKeyEntry generateKeyEntry(
final CryptoManagerImpl cryptoManager,
final int keyLengthBits)
throws CryptoManagerException {
// Validate the key entry.
/* The key is published to ADS before making it available in the local
cache with the intention to ensure the key is persisted before use.
This ordering allows the possibility that data encrypted at another
instance could arrive at this instance before the key is available in
the local cache to decode the data. */
}
return keyEntry;
}
/**
* Publish a new mac key by adding an entry into ADS.
* @param cryptoManager The CryptoManager instance for which the
* key was generated.
* @param keyEntry The mac key to be published.
* @throws CryptoManagerException
* If the key entry could not be added to
* ADS.
*/
throws CryptoManagerException
{
// Construct the key entry DN.
// Set the entry object classes.
// Create the operational and user attributes.
// Add the key ID attribute.
// Add the mac algorithm name attribute.
// Add the key length attribute.
// Get the trusted certificates.
// Need to add our own instance certificate.
byte[] instanceKeyCertificate =
// Add the symmetric key attribute.
{
keyEntry.getSecretKey());
}
// Create the entry.
{
throw new CryptoManagerException(
}
}
/**
* Initializes a secret key entry from the supplied parameters,
* validates it, and registers it in the supplied map. The
* anticipated use of this method is to import a key entry from
* ADS.
*
* @param cryptoManager The CryptoManager instance.
*
* @param keyIDString The key identifier.
*
* @param algorithm The name of the MAC algorithm for which the
* key entry is to be produced.
*
* @param secretKey The MAC key.
*
* @param secretKeyLengthBits The length of the secret key in
* bits.
*
* @param isCompromised Mark the key as compromised, so that it
* will not subsequently be used for new data. The key entry
* must be maintained in order to verify existing signatures.
*
* @return The key entry, if one was successfully produced.
*
* @throws CryptoManagerException In case of an error in the
* parameters used to initialize or validate the key entry.
*/
public static MacKeyEntry importMacKeyEntry(
final CryptoManagerImpl cryptoManager,
final String keyIDString,
final int secretKeyLengthBits,
final boolean isCompromised)
throws CryptoManagerException {
// Check map for existing key entry with the supplied keyID.
// Paranoiac check to ensure exact type match.
throw new CryptoManagerException(
keyIDString));
}
// Allow transition to compromised.
}
return keyEntry;
}
// Instantiate new entry.
// Validate new entry.
// Cache new entry.
keyEntry);
return keyEntry;
}
/**
* Retrieve a MacKeyEntry from the MacKeyEntry Map based on
* the algorithm name and key length.
* <p>
* ADS is not searched in the case a key entry meeting the
* specifications is not found. Instead, the ADS monitoring thread
* is responsible for asynchronous updates to the key map.
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
*
* @param algorithm The MAC algorithm for which the key was
* produced.
*
* @param keyLengthBits The MAC key length in bits.
*
* @return The key entry corresponding to the parameters, or
* {@code null} if no such entry exists.
*/
public static MacKeyEntry getKeyEntry(
final CryptoManagerImpl cryptoManager,
final int keyLengthBits) {
// search for an existing key that satisfies the request
if (! entry.isCompromised()
break;
}
}
return keyEntry;
}
/**
* Given a key identifier, return the associated cipher key entry
* from the supplied map. This method would typically be used by
* a decryption routine.
* <p>
* Although the existence of data tagged with the requested keyID
* implies the key entry exists in the system, it is possible for
* the distribution of the key entry to lag that of the data;
* hence this routine might return null. No attempt is made to
* query the other instances in the ADS topology (presumably at
* least the instance producing the key entry will have it), due
* to the presumed infrequency of key generation and expected low
* latency of replication, compared to the complexity of finding
* the set of instances and querying them. Instead, the caller
* must retry the operation requesting the decryption.
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
*
* @param keyID The key identifier.
*
* @return The key entry associated with the key identifier, or
* {@code null} if no such entry exists.
*
* @see CryptoManagerImpl.CipherKeyEntry
* #getKeyEntry(CryptoManagerImpl, String, int)
*/
public static MacKeyEntry getKeyEntry(
final CryptoManagerImpl cryptoManager,
final KeyEntryID keyID) {
}
/**
* Construct an instance of {@code MacKeyEntry} using the
* specified parameters. This constructor would typically be used
* for key generation.
*
* @param algorithm The name of the MAC algorithm for which the
* key entry is to be produced.
*
* @param keyLengthBits The length of the requested key in bits.
*
* @throws CryptoManagerException If there is a problem
* instantiating the key generator.
*/
final int keyLengthBits)
throws CryptoManagerException {
// Generate a new key.
super(algorithm, keyLengthBits);
// copy arguments
}
/**
* Construct an instance of MacKeyEntry using the specified
* parameters. This constructor would typically be used for key
* entries imported from ADS, for which the full set of paramters
* is known.
*
* pair.
*
* @param algorithm The name of the MAC algorithm for which the
* key entry is to be produced.
*
* @param secretKey The MAC key.
*
* @param secretKeyLengthBits The length of the secret key in
* bits.
*
* @param isCompromised {@code false} if the key may be used
* for signing, or {@code true} if the key is being retained only
* for use in signature verification.
*/
final int secretKeyLengthBits,
final boolean isCompromised) {
// copy arguments
}
/**
* The algorithm for which the key entry was created.
*
* @return The algorithm.
*/
return fType;
}
/** State. */
}
/**
* This method produces an initialized MAC engine based on the
* supplied MacKeyEntry's state.
*
* @param keyEntry The MacKeyEntry specifying the Mac properties.
*
* @return An initialized Mac object.
*
* @throws CryptoManagerException In case there was a error
* instantiating the Mac object.
*/
throws CryptoManagerException
{
try {
}
catch (NoSuchAlgorithmException ex){
throw new CryptoManagerException(
ex);
}
try {
}
catch (InvalidKeyException ex) {
throw new CryptoManagerException(
}
return mac;
}
/** {@inheritDoc} */
public String getPreferredMessageDigestAlgorithm()
{
return preferredDigestAlgorithm;
}
/** {@inheritDoc} */
public MessageDigest getPreferredMessageDigest()
throws NoSuchAlgorithmException
{
}
/** {@inheritDoc} */
throws NoSuchAlgorithmException
{
}
/** {@inheritDoc} */
throws NoSuchAlgorithmException
{
}
/** {@inheritDoc} */
throws NoSuchAlgorithmException
{
}
/** {@inheritDoc} */
throws IOException, NoSuchAlgorithmException
{
byte[] buffer = new byte[8192];
while (true)
{
if (bytesRead < 0)
{
break;
}
}
}
/** {@inheritDoc} */
throws IOException, NoSuchAlgorithmException
{
byte[] buffer = new byte[8192];
while (true)
{
if (bytesRead < 0)
{
break;
}
}
}
/** {@inheritDoc} */
public String getMacEngineKeyEntryID()
throws CryptoManagerException
{
}
/** {@inheritDoc} */
final int keyLengthBits)
throws CryptoManagerException {
}
}
/** {@inheritDoc} */
throws CryptoManagerException
{
new KeyEntryID(keyEntryID));
}
/** {@inheritDoc} */
{
return encrypt(preferredCipherTransformation,
}
/** {@inheritDoc} */
int keyLengthBits,
byte[] data)
{
}
final int prologueLength
int writeIndex = 0;
}
return cipherText;
}
/** {@inheritDoc} */
{
}
/** {@inheritDoc} */
throws CryptoManagerException
{
this, cipherTransformation, keyLengthBits);
}
try {
}
}
catch (IOException ex) {
throw new CryptoManagerException(
}
}
/** {@inheritDoc} */
throws GeneralSecurityException,
{
int readIndex = 0;
int version;
try {
}
// IndexOutOfBoundsException, ArrayStoreException, ...
throw new CryptoManagerException(
}
switch (version) {
// Encryption key identifier only in the data prologue.
break;
default:
throw new CryptoManagerException(
}
try {
final byte[] keyIDBytes
= new byte[KeyEntryID.getByteValueLength()];
}
// IndexOutOfBoundsException, ArrayStoreException, ...
throw new CryptoManagerException(
}
throw new CryptoManagerException(
}
try {
}
// IndexOutOfBoundsException, ArrayStoreException, ...
throw new CryptoManagerException(
}
}
{
}
else
{
// IBM Java 6 throws an IllegalArgumentException when there's no
// data to process.
}
}
/** {@inheritDoc} */
{
int version;
try {
final byte[] rawVersion = new byte[1];
throw new CryptoManagerException(
"stream underflow"));
}
switch (version) {
// Encryption key identifier only in the data prologue.
break;
default:
throw new CryptoManagerException(
}
throw new CryptoManagerException(
"stream underflow"));
}
new KeyEntryID(keyID));
throw new CryptoManagerException(
}
throw new CryptoManagerException(
}
}
}
catch (IOException ex) {
throw new CryptoManagerException(
}
return new CipherInputStream(inputStream,
}
/** {@inheritDoc} */
{
try
{
{
return compressedLength;
}
else
{
return -1;
}
}
finally
{
}
}
/** {@inheritDoc} */
throws DataFormatException
{
try
{
{
return decompressedLength;
}
else
{
int totalLength = decompressedLength;
{
}
return -totalLength;
}
}
finally
{
}
}
/** {@inheritDoc} */
throws ConfigException
{
try
{
if (sslCertNickname == null)
{
}
else
{
}
}
catch (Exception e)
{
logger.traceException(e);
getExceptionMessage(e));
throw new ConfigException(message, e);
}
return sslContext;
}
/** {@inheritDoc} */
public String getSslCertNickname()
{
return sslCertNickname;
}
/** {@inheritDoc} */
public boolean isSslEncryption()
{
return sslEncryption;
}
/** {@inheritDoc} */
{
return sslProtocols;
}
/** {@inheritDoc} */
{
return sslCipherSuites;
}
}