encryptionmanager.java

来自「derby database source code.good for you.」· Java 代码 · 共 497 行 · 第 1/2 页

            //Execute the first phase of DH keyagreement protocal.
            keyAgreement_.doPhase(pubKey, true);

            //generate the shared secret key. The application requestor's shared secret
            //key should be exactly the same as the application server's shared secret
            //key
            byte[] sharedSecret = keyAgreement_.generateSecret();
            byte[] newKey = new byte[32];

            //We adjust the length here. If the length of secret key is 33 and the first byte is 0,
            //we trim off the frist byte. If the length of secret key is less than 32, we will
            //pad 0 to the beginning of the byte array tho make the secret key 32 bytes.
            if (sharedSecret.length == 33 && sharedSecret[0] == 0) {
                for (int i = 0; i < newKey.length; i++) {
                    newKey[i] = sharedSecret[i + 1];
                }

            }
            if (sharedSecret.length < 32) {
                int i;
                for (i = 0; i < (32 - sharedSecret.length); i++) {
                    newKey[i] = 0;
                }
                for (int j = i; j < sharedSecret.length; j++) {
                    newKey[j] = sharedSecret[j - i];
                }
            }

            //The Data Encryption Standard (DES) is going to be used to encrypt userid
            //and password. DES is a block cipher; it encrypts data in 64-bit blocks.
            //PROTOCOL encryption uses DES CBC mode as defined by the FIPS standard
            //DES CBC requires an encryption key and an 8 byte token to encrypt the data.
            //The middle 8 bytes of Diffie-Hellman shared private key is used as the
            //encryption key. The following code retrieves middle 8 bytes of the shared
            //private key.
            byte[] key = new byte[8];

            //if secret key is not 32, we will use the adjust length secret key
            if (sharedSecret.length == 32) {
                for (int i = 0; i < 8; i++) {
                    key[i] = sharedSecret[i + 12];
                }
            } else if (sharedSecret.length == 33 || sharedSecret.length < 32) {
                for (int i = 0; i < 8; i++) {
                    key[i] = newKey[i + 12];
                }
            } else {
                throw new SqlException(agent_.logWriter_, "sharedSecret key length error " + sharedSecret.length);
            }

            //we do parity check here and flip the parity bit if the byte has even number of 1s
            keyParityCheck(key);
            return key;
        }/*
          catch (java.security.NoSuchProviderException e) {
            throw new SqlException (agent_.logWriter_, e, "java.security.NoSuchProviderException is caught "
                                    + "when encrypting data '" + e.getMessage() + "'");
          }*/ catch (java.security.NoSuchAlgorithmException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.NoSuchAlgorithmException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.spec.InvalidKeySpecException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidKeySpecException is caught "
                    + "when encrypting data");
        } catch (java.security.InvalidKeyException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidKeyException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        }


    }

    // This method encrypts the usreid/password with the middle 8 bytes of
    // the generated secret key and an encryption token. Then it returns the
    // encrypted data in a byte array.
    // plainText   The byte array form userid/password to encrypt.
    // initVector  The byte array which is used to calculate the
    //                             encryption token.
    // targetPublicKey   DERBY' public key.
    // Returns the encrypted data in a byte array.
    public byte[] encryptData(byte[] plainText,
                              int securityMechanism,
                              byte[] initVector,
                              byte[] targetPublicKey) throws SqlException {

        byte[] cipherText = null;
        java.security.Key key = null;

        if (token_ == null) {
            token_ = calculateEncryptionToken(securityMechanism, initVector);
        }

        try {
            if (secKey_ == null) {
                //use this encryption key to initiate a SecretKeySpec object
                secKey_ = generatePrivateKey(targetPublicKey);
                javax.crypto.spec.SecretKeySpec desKey = new javax.crypto.spec.SecretKeySpec(secKey_, "DES");
                key = desKey;
            } else {
                //use this encryption key to initiate a SecretKeySpec object
                javax.crypto.spec.DESKeySpec desKey = new javax.crypto.spec.DESKeySpec(secKey_);
                if (secretKeyFactory_ == null) {
                    secretKeyFactory_ = javax.crypto.SecretKeyFactory.getInstance("DES", providerName);
                }
                key = secretKeyFactory_.generateSecret(desKey);
            }

            //We use DES in CBC mode because this is the mode used in PROTOCOL. The
            //encryption mode has to be consistent for encryption and decryption.
            //CBC mode requires an initialization vector(IV) parameter. In CBC mode
            //we need to initialize the Cipher object with an IV, which can be supplied
            // using the javax.crypto.spec.IvParameterSpec class.
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding", providerName);

            //generate a IVParameterSpec object and use it to initiate the
            //Cipher object.
            javax.crypto.spec.IvParameterSpec ivParam = new javax.crypto.spec.IvParameterSpec(token_);

            //initiate the Cipher using encryption mode, encryption key and the
            //IV parameter.
            cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key, ivParam);

            //Execute the final phase of encryption
            cipherText = cipher.doFinal(plainText);
        } catch (java.security.NoSuchProviderException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.NoSuchProviderException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.NoSuchAlgorithmException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.NoSuchAlgorithmException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.InvalidKeyException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidKeyException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.NoSuchPaddingException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.NoSuchPaddingException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.BadPaddingException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.BadPaddingException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.InvalidAlgorithmParameterException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidAlgorithmParameterException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.IllegalBlockSizeException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.IllegalBlockSizeException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.spec.InvalidKeySpecException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.IllegalBlockSizeException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        }
        return cipherText;
    }


    // This method decrypts the usreid/password with the middle 8 bytes of
    // the generated secret key and an encryption token. Then it returns the
    // decrypted data in a byte array.
    // plainText   The byte array form userid/password to encrypt.
    // initVector  The byte array which is used to calculate the
    //                             encryption token.
    // targetPublicKey   DERBY' public key.
    // Returns the decrypted data in a byte array.
    public byte[] decryptData(byte[] cipherText,
                              int securityMechanism,
                              byte[] initVector,
                              byte[] targetPublicKey) throws SqlException {

        byte[] plainText = null;
        java.security.Key key = null;

        if (token_ == null) {
            token_ = calculateEncryptionToken(securityMechanism, initVector);
        }

        try {
            if (secKey_ == null) {
                //use this encryption key to initiate a SecretKeySpec object
                secKey_ = generatePrivateKey(targetPublicKey);
                javax.crypto.spec.SecretKeySpec desKey = new javax.crypto.spec.SecretKeySpec(secKey_, "DES");
                key = desKey;
            } else {
                //use this encryption key to initiate a SecretKeySpec object
                javax.crypto.spec.DESKeySpec desKey = new javax.crypto.spec.DESKeySpec(secKey_);
                if (secretKeyFactory_ == null) {
                    secretKeyFactory_ = javax.crypto.SecretKeyFactory.getInstance("DES", providerName);
                }
                key = secretKeyFactory_.generateSecret(desKey);
            }

            //We use DES in CBC mode because this is the mode used in PROTOCOL. The
            //encryption mode has to be consistent for encryption and decryption.
            //CBC mode requires an initialization vector(IV) parameter. In CBC mode
            //we need to initialize the Cipher object with an IV, which can be supplied
            // using the javax.crypto.spec.IvParameterSpec class.
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding", providerName);

            //generate a IVParameterSpec object and use it to initiate the
            //Cipher object.
            javax.crypto.spec.IvParameterSpec ivParam = new javax.crypto.spec.IvParameterSpec(token_);

            //initiate the Cipher using encryption mode, encryption key and the
            //IV parameter.
            cipher.init(javax.crypto.Cipher.DECRYPT_MODE, key, ivParam);

            //Execute the final phase of encryption
            plainText = cipher.doFinal(cipherText);
        } catch (java.security.NoSuchProviderException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.NoSuchProviderException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.NoSuchAlgorithmException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.NoSuchAlgorithmException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.InvalidKeyException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidKeyException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.NoSuchPaddingException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.NoSuchPaddingException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.BadPaddingException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.BadPaddingException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.InvalidAlgorithmParameterException e) {
            throw new SqlException(agent_.logWriter_, e, "java.security.InvalidAlgorithmParameterException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (javax.crypto.IllegalBlockSizeException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.IllegalBlockSizeException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        } catch (java.security.spec.InvalidKeySpecException e) {
            throw new SqlException(agent_.logWriter_, e, "javax.crypto.IllegalBlockSizeException is caught "
                    + "when encrypting data '" + e.getMessage() + "'");
        }
        return plainText;
    }

    public void setInitVector(byte[] initVector) {
        token_ = initVector;
    }

    public void setSecKey(byte[] secKey) {
        secKey_ = secKey;
    }

    public void resetSecurityKeys() {
        token_ = null;
        secKey_ = null;
    }

}