package com.github.ncredinburgh.tomcat; import static java.lang.String.format; import static java.nio.file.Files.readAllBytes; import static java.nio.file.Paths.get; import static javax.crypto.Cipher.ENCRYPT_MODE; import static javax.xml.bind.DatatypeConverter.printBase64Binary; import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.security.GeneralSecurityException; import java.security.Provider; import java.security.Security; import java.util.Arrays; import java.util.LinkedList; import java.util.NoSuchElementException; import java.util.Queue; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; public class Main { public static void main(String[] args) throws Exception { Queue<String> arguments = new LinkedList<String>(Arrays.asList(args)); try { String command = arguments.remove(); if (command.equals("listKeyGenerators")) listKeyGenerators(arguments); else if (command.equals("listCiphers")) listCiphers(arguments); else if (command.equals("generateKey")) generateKey(arguments); else if (command.equals("encryptPassword")) encryptPassword(arguments); else printUsage(); } catch (NoSuchElementException e) { printUsage(); } } private static void listKeyGenerators(Queue<String> arguments) { for (Provider provider : Security.getProviders()) { for (Provider.Service service : provider.getServices()) { if (service.getType().equals("KeyGenerator")) { System.out.println("Provider: " + provider.getName() + " Algorithm: " + service.getAlgorithm()); } } } } private static void listCiphers(Queue<String> arguments) { for (Provider provider : Security.getProviders()) { for (Provider.Service service : provider.getServices()) { if (service.getType().equals("Cipher")) { System.out.println("Provider: " + provider.getName() + " Algorithm: " + service.getAlgorithm()); } } } } private static void generateKey(Queue<String> arguments) throws GeneralSecurityException, IOException { try { String algorithm = arguments.remove(); int keySize = Integer.parseInt(arguments.remove()); String keyFilename = arguments.remove(); byte[] keyBytes = generateKey(algorithm, keySize); File keyFile = new File(keyFilename); Files.write(keyFile.toPath(), keyBytes); System.out.println("New key written to file: " + keyFilename); } catch (NoSuchElementException e) { printUsage(); } } private static byte[] generateKey(String algorithm, int keySize) throws GeneralSecurityException { KeyGenerator generator = KeyGenerator.getInstance(algorithm); generator.init(keySize); SecretKey key = generator.generateKey(); return key.getEncoded(); } private static void encryptPassword(Queue<String> arguments) throws GeneralSecurityException, IOException { try { String password = arguments.remove(); String algorithm = arguments.remove(); String mode = arguments.remove(); String padding = arguments.remove(); String keyFilename = arguments.remove(); byte[] key = readAllBytes(get(keyFilename)); System.out.println("Encrypted password: " + printBase64Binary(encryptPassword(password, algorithm, mode, padding, key))); } catch (NoSuchElementException e) { printUsage(); } } public static byte[] encryptPassword(String password, String algorithm, String mode, String padding, byte[] key) throws GeneralSecurityException { SecretKeySpec keySpec = new SecretKeySpec(key, algorithm); Cipher cipher = Cipher.getInstance(format("%s/%s/%s", algorithm, mode, padding)); cipher.init(ENCRYPT_MODE, keySpec); byte[] cipherText = cipher.doFinal(password.getBytes()); return cipherText; } private static void printUsage() { System.out.println("Usage: secure-tomcat-datasourcefactory <command> <options>"); System.out.println("Commands:"); System.out.println(" listKeyGenerators"); System.out.println(" listCiphers"); System.out.println(" generateKey <algorithm> <keySize> <keyFilename>"); System.out.println(" encryptPassword <password> <algorithm> <mode> <padding> <keyFilename>"); } }