Merge branch '3.9' of https://github.com/JumpMind/symmetric-ds.git in…

…to 3.9
JumpMind · Feb 5, 2018 · e6a0ead · e6a0ead
2 parents 1be4a4e + 7cca6fe
commit e6a0ead
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 58 deletions.
diff --git a/symmetric-assemble/common.gradle b/symmetric-assemble/common.gradle
@@ -193,7 +193,7 @@ subprojects { subproject ->
         springVersion = '4.3.13.RELEASE'
         jtdsVersion = '1.2.8'
         voltDbVersion = '6.2'
-        bouncyCastleVersion = '1.58'
+        bouncyCastleVersion = '1.59'
         animalSnifferVersion = '1.10'
         jnaVersion = '4.1.0'
         jettyVersion = project.property('jetty.version')

diff --git a/symmetric-server/src/main/deploy/security/cacerts b/symmetric-server/src/main/deploy/security/cacerts
diff --git a/symmetric-sqlexplorer/README.md b/symmetric-sqlexplorer/README.md
@@ -1,4 +1,5 @@
-#Introduction
+# Introduction
+
 This library provides a sql explorer component that can be used in Vaadin applications.  This component is used by the Metl and SymmetricDS Pro applications.
 
 # Usage
@@ -17,7 +18,7 @@ repositories {
 }
 
 dependencies {
-  compile 'org.jumpmind.vaadin:sqlexplorer-vaadin:1.0.11'
+  compile 'org.jumpmind.symmetric:symmetric-sqlexplorer:3.9.x-SNAPSHOT'
 }
 ```
 

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/BouncyCastleSecurityService.java b/symmetric-util/src/main/java/org/jumpmind/security/BouncyCastleSecurityService.java
@@ -40,7 +40,7 @@ public class BouncyCastleSecurityService extends SecurityService {
 
     public KeyPair generateRSAKeyPair() throws Exception {
         KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-        kpGen.initialize(1024, new SecureRandom());
+        kpGen.initialize(2048, new SecureRandom());
         return kpGen.generateKeyPair();
     }
 

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java
@@ -43,8 +43,15 @@ public class SecurityConstants {
     public static final String PREFIX_ENC = "enc:";
 
     public static final String PREFIX_OBF = "obf:";
+
+    public static final String PASSWORD_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.+!*";
 
-    public static final String ALGORITHM = System.getProperty("sym.secret.key.defalt.algorithm","PBEWithMD5AndDES");
+	public static final String[] CIPHERS = new String[] { "AES/GCM/PKCS5Padding", "AES/GCM/PKCS5Padding",
+			"DESede/ECB/PKCS5Padding", "DES/ECB/PKCS5Padding" };
+
+    public static final String[] KEYSPECS = new String[] { "AES", "AES", "DESede", "DES" };
+
+	public static final int[] BYTESIZES = new int[] { 32, 16, 25, 8 };
 
     public static final int ITERATION_COUNT = 3;
 

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java
@@ -24,18 +24,16 @@
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.security.KeyStore;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.KeySpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.PBEParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.NotImplementedException;
@@ -52,8 +50,6 @@ public class SecurityService implements ISecurityService {
 
     protected SecretKey secretKey;
 
-    protected SecureRandom secRand;
-
     protected SecurityService() {
     }
 
@@ -160,13 +156,9 @@ private String rot13(String text) {
         StringBuilder sb = new StringBuilder();
         for (int i = 0; i < text.length(); i++) {
             char c = text.charAt(i);
-            if (c >= 'a' && c <= 'm') {
-                c += 13;
-            } else if (c >= 'A' && c <= 'M') {
+            if ((c >= 'a' && c <= 'm') || (c >= 'A' && c <= 'M')) {
                 c += 13;
-            } else if (c >= 'n' && c <= 'z') {
-                c -= 13;
-            } else if (c >= 'N' && c <= 'Z') {
+            } else if ((c >= 'n' && c <= 'z') || (c >= 'N' && c <= 'Z')) {
                 c -= 13;
             }
             sb.append(c);
@@ -177,27 +169,27 @@ private String rot13(String text) {
     public Cipher getCipher(int mode) throws Exception {
         if (secretKey == null) {
             secretKey = getSecretKey();
+            log.info("Initialized with {} {}-bit", secretKey.getAlgorithm(), secretKey.getEncoded().length * 8);
         }
         Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
         initializeCipher(cipher, mode);
-        log.debug("Using {} algorithm provided by {}.", cipher.getAlgorithm(), cipher.getProvider()
-                .getName());
+        log.debug("Using {} algorithm {}-bit provided by {}.", cipher.getAlgorithm(), 
+        		secretKey.getEncoded().length * 8, cipher.getProvider().getName());
         return cipher;
     }
 
     protected void initializeCipher(Cipher cipher, int mode) throws Exception {
         AlgorithmParameterSpec paramSpec = Cipher.getMaxAllowedParameterSpec(cipher.getAlgorithm());
 
-        if (paramSpec instanceof PBEParameterSpec
-                || (paramSpec == null && cipher.getAlgorithm().startsWith("PBE"))) {
+        if (paramSpec instanceof PBEParameterSpec || cipher.getAlgorithm().startsWith("PBE")) {
             paramSpec = new PBEParameterSpec(SecurityConstants.SALT,
                     SecurityConstants.ITERATION_COUNT);
             cipher.init(mode, secretKey, paramSpec);
         } else if (paramSpec instanceof IvParameterSpec) {
             paramSpec = new IvParameterSpec(SecurityConstants.SALT);
             cipher.init(mode, secretKey, paramSpec);
         } else {
-            cipher.init(mode, secretKey, (AlgorithmParameterSpec) null);
+            cipher.init(mode, secretKey);
         }
     }
 
@@ -224,54 +216,50 @@ protected SecretKey getSecretKey() throws Exception {
         return entry.getSecretKey();
     }
 
-    private SecureRandom getSecRan() {
-        if (secRand == null) {
-            secRand = new SecureRandom();
-            secRand.setSeed(System.currentTimeMillis());
-        }
-        return secRand;
-    }
-
     public String nextSecureHexString(int len) {
-        if (len <= 0)
+        if (len <= 0) {
             throw new IllegalArgumentException("length must be positive");
-        SecureRandom secRan = getSecRan();
-        MessageDigest alg = null;
-        try {
-            alg = MessageDigest.getInstance("SHA-1");
-        } catch (NoSuchAlgorithmException ex) {
-            return null;
         }
-        alg.reset();
-        int numIter = len / 40 + 1;
-        StringBuffer outBuffer = new StringBuffer();
-        for (int iter = 1; iter < numIter + 1; iter++) {
-            byte randomBytes[] = new byte[40];
-            secRan.nextBytes(randomBytes);
-            alg.update(randomBytes);
-            byte hash[] = alg.digest();
-            for (int i = 0; i < hash.length; i++) {
-                Integer c = new Integer(hash[i]);
-                String hex = Integer.toHexString(c.intValue() + 128);
-                if (hex.length() == 1)
-                    hex = "0" + hex;
-                outBuffer.append(hex);
-            }
 
+        SecureRandom random = new SecureRandom();
+        int maxInt = SecurityConstants.PASSWORD_CHARS.length();
+        char[] password = new char[len];
+
+        for (int i = 0; i < len; i++) {
+            password[i] = SecurityConstants.PASSWORD_CHARS.charAt(random.nextInt(maxInt));
         }
 
-        return outBuffer.toString().substring(0, len);
+        return new String(password);
     }
 
     protected SecretKey getDefaultSecretKey() throws Exception {
-        String keyPassword = nextSecureHexString(8);
-        KeySpec keySpec = new PBEKeySpec(keyPassword.toCharArray(), SecurityConstants.SALT,
-                SecurityConstants.ITERATION_COUNT, 56);
-        SecretKey secretKey = SecretKeyFactory.getInstance(SecurityConstants.ALGORITHM)
-                .generateSecret(keySpec);
+    	for (int i = 0; i < SecurityConstants.CIPHERS.length; i++) {
+            try {
+            	if (SecurityConstants.CIPHERS[i].startsWith("DESede")) {
+					SecretKeyFactory kf = SecretKeyFactory.getInstance(SecurityConstants.KEYSPECS[i]);
+					secretKey = kf.generateSecret(new DESedeKeySpec(getBytes(SecurityConstants.BYTESIZES[i])));            		
+            	} else {
+            		secretKey = new SecretKeySpec(getBytes(SecurityConstants.BYTESIZES[i]), SecurityConstants.KEYSPECS[i]);
+            	}
+                initializeCipher(Cipher.getInstance(SecurityConstants.CIPHERS[i]), Cipher.ENCRYPT_MODE);
+				log.info("Generated secret key using {} {}", SecurityConstants.CIPHERS[i],
+						SecurityConstants.BYTESIZES[i] * 8);
+                break;
+            } catch (Exception e) {
+            	log.debug("Cannot use {} {}-bit because: {}", SecurityConstants.CIPHERS[i],
+            			SecurityConstants.BYTESIZES[i] * 8, e.getMessage());
+            }
+    	} 
         return secretKey;
     }
 
+    protected byte[] getBytes(int byteSize) {
+    	SecureRandom random = new SecureRandom();
+    	byte[] bytes = new byte[byteSize];
+    	random.nextBytes(bytes);
+    	return bytes;    	
+    }
+
     protected void saveKeyStore(KeyStore ks, String password) throws Exception {
         FileOutputStream os = new FileOutputStream(
                 System.getProperty(SecurityConstants.SYSPROP_KEYSTORE));