/*************************************************************************
* Copyright 2009-2012 Eucalyptus Systems, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see http://www.gnu.org/licenses/.
*
* Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
* CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
* additional information or have any questions.
*
* This file may incorporate work covered under the following copyright
* and permission notice:
*
* Software License Agreement (BSD License)
*
* Copyright (c) 2008, Regents of the University of California
* All rights reserved.
*
* Redistribution and use of this software in source and binary forms,
* with or without modification, are permitted provided that the
* following conditions are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE. USERS OF THIS SOFTWARE ACKNOWLEDGE
* THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE LICENSED MATERIAL,
* COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS SOFTWARE,
* AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA,
* SANTA BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY,
* WHICH IN THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION,
* REPLACEMENT OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO
* IDENTIFIED, OR WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT
* NEEDED TO COMPLY WITH ANY SUCH LICENSES OR RIGHTS.
************************************************************************/
package com.eucalyptus.crypto;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.UrlBase64;
import com.eucalyptus.component.auth.SystemCredentials;
public class StringCrypto {
private final String ALIAS = "eucalyptus"; // TODO: don't hardcode these?
private final String PASSWORD = "eucalyptus";
private static KeyStore keystore;
private String asymmetricFormat = "RSA/ECB/PKCS1Padding";
private String provider = "BC";
public static byte [] cat (byte[] bs, byte[] bs2) {
byte [] result = Arrays.copyOf (bs, bs.length + bs2.length);
System.arraycopy(bs2, 0, result, bs.length, bs2.length);
return result;
}
public StringCrypto () { }
public StringCrypto (String format, String provider)
{
this.asymmetricFormat = format;
this.provider = provider;
Security.addProvider( new BouncyCastleProvider( ) );
if (Security.getProvider (this.provider) == null)
throw new RuntimeException("cannot find security provider " + this.provider);
keystore = SystemCredentials.getKeyStore();
if (keystore==null)
throw new RuntimeException ("cannot load keystore or find the key");
}
public byte[] encrypt (String password)
throws GeneralSecurityException
{
Key pk = keystore.getCertificate(ALIAS).getPublicKey();
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
cipher.init(Cipher.ENCRYPT_MODE, pk, Crypto.getSecureRandomSupplier( ).get( ));
byte [] passwordEncrypted = cipher.doFinal(password.getBytes());
return UrlBase64.encode(passwordEncrypted);
//return cat (VMwareBrokerProperties.ENCRYPTION_FORMAT.getBytes(), UrlBase64.encode(passwordEncrypted)); // prepend format
}
public String decrypt (String passwordEncoded)
throws GeneralSecurityException
{
//String withoutPrefix = passwordEncoded.substring(VMwareBrokerProperties.ENCRYPTION_FORMAT.length(), passwordEncoded.length());
byte[] passwordEncrypted = UrlBase64.decode(passwordEncoded);
Key pk = keystore.getKey(ALIAS, PASSWORD);
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier( ).get( ));
return new String(cipher.doFinal(passwordEncrypted));
}
/**
* Decrypt base64 encoded password generated by openssl.
* @param passwordEncrypted in base64
* @return
* @throws GeneralSecurityException
*/
public String decryptOpenssl(String passwordEncoded) throws GeneralSecurityException {
// Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
// We have to use the Base64 from Commons codec library.
byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
Key pk = keystore.getKey(ALIAS, PASSWORD);
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider);
cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier( ).get( ));
return new String(cipher.doFinal(passwordEncrypted));
}
/**
* Decrypt base64 encoded password generated by openssl.
* @param format encryption format
* @param passwordEncrypted in base64
* @return
* @throws GeneralSecurityException
*/
public String decryptOpenssl(String format, String passwordEncoded) throws GeneralSecurityException {
// Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly.
// We have to use the Base64 from Commons codec library.
byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes());
Key pk = keystore.getKey(ALIAS, PASSWORD);
Cipher cipher = Cipher.getInstance(format, this.provider);
cipher.init(Cipher.DECRYPT_MODE, pk, Crypto.getSecureRandomSupplier( ).get( ));
return new String(cipher.doFinal(passwordEncrypted));
}
}