com.eucalyptus.crypto.StringCrypto.java Source code

Java tutorial

Introduction

Here is the source code for com.eucalyptus.crypto.StringCrypto.java

Source

/*************************************************************************
 * Copyright 2009-2012 Eucalyptus Systems, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 3 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see http://www.gnu.org/licenses/.
 *
 * Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
 * CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
 * additional information or have any questions.
 *
 * This file may incorporate work covered under the following copyright
 * and permission notice:
 *
 *   Software License Agreement (BSD License)
 *
 *   Copyright (c) 2008, Regents of the University of California
 *   All rights reserved.
 *
 *   Redistribution and use of this software in source and binary forms,
 *   with or without modification, are permitted provided that the
 *   following conditions are met:
 *
 *     Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *     Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer
 *     in the documentation and/or other materials provided with the
 *     distribution.
 *
 *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 *   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 *   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 *   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 *   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 *   CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 *   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 *   ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *   POSSIBILITY OF SUCH DAMAGE. USERS OF THIS SOFTWARE ACKNOWLEDGE
 *   THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE LICENSED MATERIAL,
 *   COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS SOFTWARE,
 *   AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
 *   IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA,
 *   SANTA BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY,
 *   WHICH IN THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION,
 *   REPLACEMENT OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO
 *   IDENTIFIED, OR WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT
 *   NEEDED TO COMPLY WITH ANY SUCH LICENSES OR RIGHTS.
 ************************************************************************/

package com.eucalyptus.crypto;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.UrlBase64;
import com.eucalyptus.component.auth.SystemCredentials;

public class StringCrypto {

    private final String ALIAS = "eucalyptus"; // TODO: don't hardcode these?
    private final String PASSWORD = "eucalyptus";

    private static KeyStore keystore;
    private String asymmetricFormat = "RSA/ECB/PKCS1Padding";
    private String provider = "BC";

    public static byte[] cat(byte[] bs, byte[] bs2) {
        byte[] result = Arrays.copyOf(bs, bs.length + bs2.length);
        System.arraycopy(bs2, 0, result, bs.length, bs2.length);
        return result;
    }

    public StringCrypto() {
    }

    public StringCrypto(String format, String provider) {
        this.asymmetricFormat = format;
        this.provider = provider;
        Security.addProvider(new BouncyCastleProvider());
        if (Security.getProvider(this.provider) == null)
            throw new RuntimeException("cannot find security provider " + this.provider);
        keystore = SystemCredentials.getKeyStore();
        if (keystore == null)
            throw new RuntimeException("cannot load keystore or find the key");
    }

    public byte[] encrypt(String password) throws GeneralSecurityException {
        Key pk = keystore.getCertificate(ALIAS).getPublicKey();
        Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
        cipher.init(Cipher.ENCRYPT_MODE, pk, Crypto.getSecureRandomSupplier().get());
        byte[] passwordEncrypted = cipher.doFinal(password.getBytes());
        return UrlBase64.encode(passwordEncrypted);
        //return cat (VMwareBrokerProperties.ENCRYPTION_FORMAT.getBytes(), UrlBase64.encode(passwordEncrypted)); // prepend format
    }

    public String decrypt(String passwordEncoded) throws GeneralSecurityException {
        //String withoutPrefix = passwordEncoded.substring(VMwareBrokerProperties.ENCRYPTION_FORMAT.length(), passwordEncoded.length());
        byte[] passwordEncrypted = UrlBase64.decode(passwordEncoded);
        Key pk = keystore.getKey(ALIAS, PASSWORD);
        Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
        cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier().get());
        return new String(cipher.doFinal(passwordEncrypted));
    }

    /**
     * Decrypt base64 encoded password generated by openssl.
     * @param passwordEncrypted in base64
     * @return
     * @throws GeneralSecurityException
     */
    public String decryptOpenssl(String passwordEncoded) throws GeneralSecurityException {
        // Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
        // We have to use the Base64 from Commons codec library.
        byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
        Key pk = keystore.getKey(ALIAS, PASSWORD);
        Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
        cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier().get());
        return new String(cipher.doFinal(passwordEncrypted));
    }

    /**
    * Decrypt base64 encoded password generated by openssl.
    * @param format encryption format
    * @param passwordEncrypted in base64
    * @return
    * @throws GeneralSecurityException
    */
    public String decryptOpenssl(String format, String passwordEncoded) throws GeneralSecurityException {
        // Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
        // We have to use the Base64 from Commons codec library.
        byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
        Key pk = keystore.getKey(ALIAS, PASSWORD);
        Cipher cipher = Cipher.getInstance(format, this.provider);
        cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier().get());
        return new String(cipher.doFinal(passwordEncrypted));
    }
}