jcehandler.java

pos机交易实现源代码 含金融卡交易8583协议实现 开发环境：linux 典型应用：嵌入系统开发 仅供参考

/*
 * Copyright (c) 2000 jPOS.org.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *    "This product includes software developed by the jPOS project 
 *    (http://www.jpos.org/)". Alternately, this acknowledgment may 
 *    appear in the software itself, if and wherever such third-party 
 *    acknowledgments normally appear.
 *
 * 4. The names "jPOS" and "jPOS.org" must not be used to endorse 
 *    or promote products derived from this software without prior 
 *    written permission. For written permission, please contact 
 *    license@jpos.org.
 *
 * 5. Products derived from this software may not be called "jPOS",
 *    nor may "jPOS" appear in their name, without prior written
 *    permission of the jPOS project.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  
 * IN NO EVENT SHALL THE JPOS PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR 
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the jPOS Project.  For more
 * information please see <http://www.jpos.org/>.
 */

package  org.jpos.security.jceadapter;

import  javax.crypto.*;
import  javax.crypto.spec.*;
import  java.security.*;
import  java.security.spec.*;
import  org.jpos.security.Util;
import  org.jpos.security.SMAdapter;
import  org.jpos.iso.ISOUtil;


/**
 * <p>
 * Provides some higher level methods that are needed by the JCE
 * Security Module, yet they are generic and can be used elsewhere.
 * </p>
 * <p>
 * It depends on the Java<font size=-1><sup>TM</sup></font> Cryptography Extension (JCE).
 * </p>
 * @author Hani S. Kirollos
 * @version $Revision: 1.1 $ $Date: 2002/04/17 23:22:03 $
 */
public class JCEHandler {
    static final String ALG_DES = "DES";
    static final String ALG_TRIPLE_DES = "DESede";

    /**
     * Registers the JCE provider whose name is providerName and sets it to be the
     * only provider to be used in this instance of the JCEHandler class.
     * @param jceProviderClassName Name of the JCE provider
     * (e.g. "com.sun.crypto.provider.SunJCE" for Sun's implementation,
     * or "org.bouncycastle.jce.provider.BouncyCastleProvider" for bouncycastle.org
     * implementation)
     * @throws JCEHandlerException
     */
    public JCEHandler (String jceProviderClassName) throws JCEHandlerException
    {
        try {
            provider = (Provider)Class.forName(jceProviderClassName).newInstance();
            Security.addProvider(provider);
        } catch (Exception e) {
            throw  new JCEHandlerException(e);
        }
    }

    /**
     * Uses the JCE provider specified
     * @param provider
     */
    public JCEHandler (Provider provider) {
        this.provider = provider;
    }

    /**
     * Generates a clear DES (DESede) key
     * @param keyLength the bit length (key size) of the generated key (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @return generated clear DES (or DESede) key
     * @exception JCEHandlerException
     */
    public Key generateDESKey (short keyLength) throws JCEHandlerException {
        Key generatedClearKey = null;
        try {
            KeyGenerator k1 = null;
            if (keyLength > SMAdapter.LENGTH_DES) {
                k1 = KeyGenerator.getInstance(ALG_TRIPLE_DES, provider.getName());
            }
            else {
                k1 = KeyGenerator.getInstance(ALG_DES, provider.getName());
            }
            generatedClearKey = k1.generateKey();
            /* These 3 steps not only enforce correct parity, but also enforces
             that when keyLength=128, the third key of the triple DES key is equal
             to the first key. This is needed because, JCE doesn't differenciate
             between Triple DES with 2 keys and Triple DES with 3 keys
             */
            byte[] clearKeyBytes = extractDESKeyMaterial(keyLength, generatedClearKey);
            Util.adjustDESParity(clearKeyBytes);
            generatedClearKey = formDESKey(keyLength, clearKeyBytes);
        } catch (Exception e) {
            if (e instanceof JCEHandlerException)
                throw  (JCEHandlerException)e;
            else
                throw  new JCEHandlerException(e);
        }
        return  generatedClearKey;
    }

    /**
     * Encrypts (wraps) a clear DES Key, it also sets odd parity before encryption
     * @param keyLength bit length (key size) of the clear DES key (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @param clearDESKey DES/Triple-DES key whose format is "RAW"
     * (for a DESede with 2 Keys, keyLength = 128 bits, while DESede key with 3 keys keyLength = 192 bits)
     * @param encryptingKey can be a key of any type (RSA, DES, DESede...)
     * @return encrypted DES key
     * @throws JCEHandlerException
     */
    public byte[] encryptDESKey (short keyLength, Key clearDESKey, Key encryptingKey) throws JCEHandlerException {
        byte[] encryptedDESKey = null;
        byte[] clearKeyBytes = extractDESKeyMaterial(keyLength, clearDESKey);
        // enforce correct (odd) parity before encrypting the key
        Util.adjustDESParity(clearKeyBytes);
        encryptedDESKey = doCryptStuff(clearKeyBytes, encryptingKey, Cipher.ENCRYPT_MODE);
        return  encryptedDESKey;
    }

    /**
     * Extracts the DES/DESede key material
     * @param keyLength bit length (key size) of the DES key. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @param clearDESKey DES/Triple-DES key whose format is "RAW"
     * @return encoded key material
     * @throws JCEHandlerException
     */
    byte[] extractDESKeyMaterial (short keyLength, Key clearDESKey) throws JCEHandlerException {
        byte[] clearKeyBytes = null;
        String keyAlg = clearDESKey.getAlgorithm();
        String keyFormat = clearDESKey.getFormat();
        if (keyFormat.compareTo("RAW") != 0) {
            throw  new JCEHandlerException("Unsupported DES key encoding format: "
                    + keyFormat);
        }
        if (!keyAlg.startsWith(ALG_DES)) {
            throw  new JCEHandlerException("Unsupported key algorithm: " + keyAlg);
        }
        clearKeyBytes = clearDESKey.getEncoded();
        clearKeyBytes = ISOUtil.trim(clearKeyBytes, getBytesLength(keyLength));
        return  clearKeyBytes;
    }

    /**
     * Decrypts an encrypted DES/Triple-DES key
     * @param keyLength bit length (key size) of the DES key to be decrypted. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @param encryptedDESKey the byte[] representing the encrypted key
     * @param encryptingKey can be of any algorithm (RSA, DES, DESede...)
     * @param checkParity if true, the parity of the key is checked
     * @return clear DES (DESede) Key
     * @throws JCEHandlerException if checkParity==true and the key does not have correct parity
     */
    public Key decryptDESKey (short keyLength, byte[] encryptedDESKey, Key encryptingKey,
            boolean checkParity) throws JCEHandlerException {
        Key key = null;
        byte[] clearKeyBytes = doCryptStuff(encryptedDESKey, encryptingKey, Cipher.DECRYPT_MODE);
        if (checkParity) {
            if (!Util.isDESParityAdjusted(clearKeyBytes)) {
                throw new JCEHandlerException("Parity not adjusted");
            }
        }
        key = formDESKey(keyLength, clearKeyBytes);
        return  key;
    }

    /**
     * Forms the clear DES key given its "RAW" encoded bytes
     * Does the inverse of extractDESKeyMaterial
     * @param keyLength bit length (key size) of the DES key. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @param clearKeyBytes the RAW DES/Triple-DES key
     * @return clear key
     * @throws JCEHandlerException
     */
    Key formDESKey (short keyLength, byte[] clearKeyBytes) throws JCEHandlerException {
        Key key = null;
        switch (keyLength) {
            case SMAdapter.LENGTH_DES:
                {
                    key = new SecretKeySpec(clearKeyBytes, ALG_DES);
                }
                ;
                break;
            case SMAdapter.LENGTH_DES3_2KEY:
                {
                    // make it 3 components to work with JCE
                    clearKeyBytes = ISOUtil.concat(
                        clearKeyBytes, 0, getBytesLength(SMAdapter.LENGTH_DES3_2KEY),
                        clearKeyBytes, 0, getBytesLength(SMAdapter.LENGTH_DES)
                        );
                }
            case SMAdapter.LENGTH_DES3_3KEY:
                {
                    key = new SecretKeySpec(clearKeyBytes, ALG_TRIPLE_DES);
                }
        }
        if (key == null)
            throw  new JCEHandlerException("Unsupported DES key length: " + keyLength
                    + " bits");
        return  key;
    }

    /**
     * Encrypts data
     * @param data
     * @param key
     * @return encrypted data
     * @exception JCEHandlerException
     */
    public byte[] encryptData (byte[] data, Key key) throws JCEHandlerException {
        byte[] encryptedData;
        encryptedData = doCryptStuff(data, key, Cipher.ENCRYPT_MODE);
        return  encryptedData;
    }

    /**
     * Decrypts data
     * @param encryptedData
     * @param key
     * @return clear data
     * @exception JCEHandlerException
     */
    public byte[] decryptData (byte[] encryptedData, Key key) throws JCEHandlerException {
        byte[] clearData;
        clearData = doCryptStuff(encryptedData, key, Cipher.DECRYPT_MODE);
        return  clearData;
    }

    /**
     * performs cryptographic operations (encryption/decryption) using JCE Cipher
     * @param data
     * @param key
     * @param CipherMode Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE
     * @return result of the cryptographic operations
     * @throws JCEHandlerException
     */
    byte[] doCryptStuff (byte[] data, Key key, int CipherMode) throws JCEHandlerException {
        byte[] result;
        String transformation;
        if (key.getAlgorithm().startsWith(ALG_DES)) {
            transformation = key.getAlgorithm() + "/" + desMode + "/" + desPadding;
            ;
        }
        else {
            transformation = key.getAlgorithm();
        }
        try {
            Cipher c1 = Cipher.getInstance(transformation, provider.getName());
            c1.init(CipherMode, key);
            result = c1.doFinal(data);
        } catch (Exception e) {
            throw  new JCEHandlerException(e);
        }
        return  result;
    }

    /**
     * Calculates the length of key in bytes
     * @param keyLength bit length (key size) of the DES key. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
     * @return keyLength/8
     * @throws JCEHandlerException if unknown key length
     */
    int getBytesLength(short keyLength) throws JCEHandlerException{
        int bytesLength = 0;
        switch (keyLength) {
            case SMAdapter.LENGTH_DES: bytesLength = 8;break;
            case SMAdapter.LENGTH_DES3_2KEY: bytesLength = 16;break;
            case SMAdapter.LENGTH_DES3_3KEY: bytesLength = 24; break;
            default: throw new JCEHandlerException("Unsupported key length: " + keyLength + " bits");
        }
        return bytesLength;
    }

    /**
     * The JCE provider
     */
    Provider provider = null;
    String desMode = "ECB";
    String desPadding = "NoPadding";
}