CryptoUtil.java

package org.sdnplatform.sync.internal.util;

import java.io.File;
import java.io.FileNotFoundException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.sdnplatform.sync.ISyncService;

public class CryptoUtil {
    private static SecureRandom secureRandom = new SecureRandom();

    public static final String CHALLENGE_RESPONSE_SECRET = 
            ISyncService.class.getPackage().getName() + 
            ".ChallengeResponseSecret";
    
    public static byte[] secureRandom(int bytes) {
        byte[] r = new byte[bytes];
        secureRandom.nextBytes(r);
        return r;
    }
    
    public static KeyStore readKeyStore(String keyStorePath,
                                        char[] keyStorePassword) 
                                                throws Exception {
        KeyStore ks = KeyStore.getInstance("JCEKS");

        java.io.FileInputStream fis = null;
        try {
            fis = new java.io.FileInputStream(keyStorePath);
            ks.load(fis, keyStorePassword);
        } finally {
            if (fis != null) {
                fis.close();
            }
        }
        return ks;
    }
    
    public static byte[] getSharedSecret(String keyStorePath,
                                         String keyStorePassword) 
                                                    throws Exception {
        if (keyStorePath == null) return null;
        char[] password = keyStorePassword.toCharArray();
        KeyStore.ProtectionParameter protParam =
                new KeyStore.PasswordProtection(password);

        KeyStore ks = readKeyStore(keyStorePath, password);

        KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry)
                ks.getEntry(CHALLENGE_RESPONSE_SECRET, protParam);
        SecretKey secretKey = entry.getSecretKey();
        return secretKey.getEncoded();
    }
    
    public static void writeSharedSecret(String keyStorePath,
                                         String keyStorePassword,
                                         byte[] sharedSecret) 
                                                   throws Exception {
        char[] password = keyStorePassword.toCharArray();
        KeyStore ks;
        try {
            ks = readKeyStore(keyStorePath, password);
        } catch (FileNotFoundException e) {
            ks = KeyStore.getInstance("JCEKS");
            ks.load(null, password);
        } 

        KeyStore.ProtectionParameter protParam =
                new KeyStore.PasswordProtection(password);
        SecretKeySpec signingKey = 
                new SecretKeySpec(sharedSecret, "HmacSHA1");
        KeyStore.SecretKeyEntry skEntry =
                new KeyStore.SecretKeyEntry(signingKey);
        ks.setEntry(CHALLENGE_RESPONSE_SECRET, skEntry, protParam);

        // store away the keystore
        java.io.FileOutputStream fos = null;
        File keyStoreFile = new File(keyStorePath);
        File parent = keyStoreFile.getParentFile();
        if (parent != null)
            parent.mkdirs();
        try {
            fos = new java.io.FileOutputStream(keyStoreFile);
            ks.store(fos, password);
            keyStoreFile.setReadable(false, false);
            keyStoreFile.setReadable(true, true);
            keyStoreFile.setWritable(false, false);
            keyStoreFile.setWritable(true, true);
            keyStoreFile.setExecutable(false, false);
        } finally {
            if (fos != null) {
                fos.close();
            }
        }
    }
}