Java Code Examples for javax.crypto.SecretKey#destroy()

The following examples show how to use javax.crypto.SecretKey#destroy() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: cxf   File: ModelEncryptionSupport.java    License: Apache License 2.0 6 votes vote down vote up
public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                             String encodedToken,
                                             String encodedSecretKey,
                                             KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    ServerAccessToken serverAccessToken = decryptAccessToken(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return serverAccessToken;
}
 
Example 2
public byte[] getContentEncryptionKey(JweHeaders headers) {
    byte[] theCek = null;
    if (cek == null) {
        String algoJava = getAlgorithm().getJavaName();
        SecretKey secretKey = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava),
                      getContentEncryptionKeySize(headers));
        theCek = secretKey.getEncoded();
        if (generateCekOnce) {
            synchronized (this) {
                cek = theCek;
            }
        }
        // Clean the key after we're done with it
        try {
            secretKey.destroy();
        } catch (DestroyFailedException e) {
            // ignore
        }
    } else {
        theCek = cek;
    }
    return theCek;
}
 
Example 3
Source Project: cxf   File: ModelEncryptionSupport.java    License: Apache License 2.0 6 votes vote down vote up
public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                              String encodedToken,
                                              String encodedSecretKey,
                                              KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    ServerAuthorizationCodeGrant authzCodeGrant = decryptCodeGrant(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return authzCodeGrant;
}
 
Example 4
Source Project: cxf   File: ModelEncryptionSupport.java    License: Apache License 2.0 6 votes vote down vote up
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                              String encodedToken,
                                              String encodedSecretKey,
                                              KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    RefreshToken refreshToken = decryptRefreshToken(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return refreshToken;
}
 
Example 5
Source Project: cxf   File: AbstractJweEncryption.java    License: Apache License 2.0 6 votes vote down vote up
protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
    try {
        SecretKey createCekSecretKey = createCekSecretKey(state);
        byte[] encryptedBytes = CryptoUtils.encryptBytes(content, createCekSecretKey, state.keyProps);

        // Here we're finished with the SecretKey we created, so we can destroy it
        try {
            createCekSecretKey.destroy();
        } catch (DestroyFailedException e) {
            // ignore
        }
        return encryptedBytes;
    } catch (SecurityException ex) {
        LOG.fine(ex.getMessage());
        if (ex.getCause() instanceof NoSuchAlgorithmException) {
            LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
        throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
    }
}
 
Example 6
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 7
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 8
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 9
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 10
Source Project: cxf   File: AbstractJweDecryption.java    License: Apache License 2.0 5 votes vote down vote up
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
    KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
    keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
    AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
    keyProperties.setAlgoSpec(spec);
    boolean compressionSupported =
        JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
    keyProperties.setCompressionSupported(compressionSupported);
    byte[] actualCek = getActualCek(cek,
                           jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
    byte[] bytes =
        CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);

    // Here we're finished with the SecretKey we created, so we can destroy it
    try {
        secretKey.destroy();
    } catch (DestroyFailedException e) {
        // ignore
    }
    Arrays.fill(cek, (byte) 0);
    if (actualCek != cek) {
        Arrays.fill(actualCek, (byte) 0);
    }

    return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
 
Example 11
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 12
Source Project: Bytecoder   File: KeyProtector.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                           "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 13
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 14
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 15
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 16
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 17
/**
 * Unseals the sealed key.
 *
 * @param maxLength Maximum possible length of so.
 *                  If bigger, must be illegal.
 */
Key unseal(SealedObject so, int maxLength)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher, maxLength);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 18
Source Project: Bytecoder   File: KeyProtector.java    License: Apache License 2.0 4 votes vote down vote up
Key recover(EncryptedPrivateKeyInfo encrInfo)
    throws UnrecoverableKeyException, NoSuchAlgorithmException
{
    byte[] plain = null;
    SecretKey sKey = null;
    try {
        String encrAlg = encrInfo.getAlgorithm().getOID().toString();
        if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
            && !encrAlg.equals(KEY_PROTECTOR_OID)) {
            throw new UnrecoverableKeyException("Unsupported encryption "
                                                + "algorithm");
        }

        if (encrAlg.equals(KEY_PROTECTOR_OID)) {
            // JDK 1.2 style recovery
            plain = recover(encrInfo.getEncryptedData());
        } else {
            byte[] encodedParams =
                encrInfo.getAlgorithm().getEncodedParams();

            // parse the PBE parameters into the corresponding spec
            AlgorithmParameters pbeParams =
                AlgorithmParameters.getInstance("PBE");
            pbeParams.init(encodedParams);
            PBEParameterSpec pbeSpec =
                    pbeParams.getParameterSpec(PBEParameterSpec.class);
            if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
                throw new IOException("PBE iteration count too large");
            }

            // create PBE key from password
            PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
            sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
            pbeKeySpec.clearPassword();

            // decrypt private key
            PBEWithMD5AndTripleDESCipher cipher;
            cipher = new PBEWithMD5AndTripleDESCipher();
            cipher.engineInit(Cipher.DECRYPT_MODE, sKey, pbeSpec, null);
            plain=cipher.engineDoFinal(encrInfo.getEncryptedData(), 0,
                                       encrInfo.getEncryptedData().length);
        }

        // determine the private-key algorithm, and parse private key
        // using the appropriate key factory
        String oidName = new AlgorithmId
            (new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
        KeyFactory kFac = KeyFactory.getInstance(oidName);
        return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (plain != null) Arrays.fill(plain, (byte) 0x00);
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 19
Source Project: Bytecoder   File: KeyProtector.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec,
                "PBEWithMD5AndTripleDES", false);
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 20
/**
 * Unseals the sealed key.
 *
 * @param maxLength Maximum possible length of so.
 *                  If bigger, must be illegal.
 */
Key unseal(SealedObject so, int maxLength)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher, maxLength);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}