Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
34 changed files
with
871 additions
and
971 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
eee-2.1.0 | ||
eee-3.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
148 changes: 148 additions & 0 deletions
148
clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCrypto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
package com.eucalyptus.auth.crypto; | ||
|
||
import java.security.GeneralSecurityException; | ||
import java.security.InvalidAlgorithmParameterException; | ||
import java.security.InvalidKeyException; | ||
import java.security.Key; | ||
import java.security.MessageDigest; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.NoSuchProviderException; | ||
import java.security.Security; | ||
import java.util.Arrays; | ||
|
||
import javax.crypto.BadPaddingException; | ||
import javax.crypto.Cipher; | ||
import javax.crypto.IllegalBlockSizeException; | ||
import javax.crypto.NoSuchPaddingException; | ||
import javax.crypto.SecretKey; | ||
import javax.crypto.spec.IvParameterSpec; | ||
import javax.crypto.spec.SecretKeySpec; | ||
|
||
import org.apache.commons.codec.binary.Base64; | ||
import org.bouncycastle.util.encoders.UrlBase64; | ||
import org.bouncycastle.jce.provider.BouncyCastleProvider; | ||
|
||
import com.eucalyptus.component.auth.AbstractKeyStore; | ||
import com.eucalyptus.component.auth.EucaKeyStore; | ||
|
||
public class StringCrypto { | ||
|
||
private final String ALIAS = "eucalyptus"; // TODO: don't hardcode these? | ||
private final String PASSWORD = "eucalyptus"; | ||
|
||
private static AbstractKeyStore keystore; | ||
private final String symmetricFormat = "DESede/CBC/PKCS5Padding"; | ||
private String asymmetricFormat = "RSA/ECB/PKCS1Padding"; | ||
private String provider = "BC"; | ||
|
||
public static byte [] cat (byte[] bs, byte[] bs2) { | ||
byte [] result = Arrays.copyOf (bs, bs.length + bs2.length); | ||
System.arraycopy(bs2, 0, result, bs.length, bs2.length); | ||
return result; | ||
} | ||
|
||
public StringCrypto () { } | ||
|
||
public StringCrypto (String format, String provider) | ||
{ | ||
this.asymmetricFormat = format; | ||
this.provider = provider; | ||
Security.addProvider( new BouncyCastleProvider( ) ); | ||
if (Security.getProvider (this.provider) == null) | ||
throw new RuntimeException("cannot find security provider " + this.provider); | ||
keystore = EucaKeyStore.getInstance(); | ||
if (keystore==null || !keystore.containsEntry("eucalyptus")) | ||
throw new RuntimeException ("cannot load keystore or find the key"); | ||
} | ||
|
||
public byte[] encrypt (String password) | ||
throws GeneralSecurityException | ||
{ | ||
Key pk = keystore.getCertificate(ALIAS).getPublicKey(); | ||
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider); | ||
cipher.init(Cipher.ENCRYPT_MODE, pk); | ||
byte [] passwordEncrypted = cipher.doFinal(password.getBytes()); | ||
return UrlBase64.encode(passwordEncrypted); | ||
//return cat (VMwareBrokerProperties.ENCRYPTION_FORMAT.getBytes(), UrlBase64.encode(passwordEncrypted)); // prepend format | ||
} | ||
|
||
public String decrypt (String passwordEncoded) | ||
throws GeneralSecurityException | ||
{ | ||
//String withoutPrefix = passwordEncoded.substring(VMwareBrokerProperties.ENCRYPTION_FORMAT.length(), passwordEncoded.length()); | ||
byte[] passwordEncrypted = UrlBase64.decode(passwordEncoded); | ||
Key pk = keystore.getKey(ALIAS, PASSWORD); | ||
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider); | ||
cipher.init(Cipher.DECRYPT_MODE, pk); | ||
return new String(cipher.doFinal(passwordEncrypted)); | ||
} | ||
|
||
/** | ||
* Decrypt base64 encoded password generated by openssl. | ||
* @param passwordEncrypted in base64 | ||
* @return | ||
* @throws GeneralSecurityException | ||
*/ | ||
public String decryptOpenssl(String passwordEncoded) throws GeneralSecurityException { | ||
// Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly. | ||
// We have to use the Base64 from Commons codec library. | ||
byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes()); | ||
Key pk = keystore.getKey(ALIAS, PASSWORD); | ||
Cipher cipher = Cipher.getInstance(this.asymmetricFormat, this.provider); | ||
cipher.init(Cipher.DECRYPT_MODE, pk); | ||
return new String(cipher.doFinal(passwordEncrypted)); | ||
} | ||
|
||
/** | ||
* Decrypt base64 encoded password generated by openssl. | ||
* @param format encryption format | ||
* @param passwordEncrypted in base64 | ||
* @return | ||
* @throws GeneralSecurityException | ||
*/ | ||
public String decryptOpenssl(String format, String passwordEncoded) throws GeneralSecurityException { | ||
// Somehow, UrlBase64 in BC can not decode openssl generated base64 string correctly. | ||
// We have to use the Base64 from Commons codec library. | ||
byte[] passwordEncrypted = Base64.decodeBase64(passwordEncoded.getBytes()); | ||
Key pk = keystore.getKey(ALIAS, PASSWORD); | ||
Cipher cipher = Cipher.getInstance(format, this.provider); | ||
cipher.init(Cipher.DECRYPT_MODE, pk); | ||
return new String(cipher.doFinal(passwordEncrypted)); | ||
} | ||
|
||
private byte[] makeKey (String secret) throws NoSuchAlgorithmException | ||
{ | ||
// TODO: not sure about all this hanky-panky (this is from stackoverflow.com) | ||
final MessageDigest md = MessageDigest.getInstance("md5"); | ||
final byte[] digestOfPassword = md.digest(secret.getBytes()); | ||
final byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); | ||
for (int j = 0, k = 16; j < 8;) | ||
{ | ||
keyBytes[k++] = keyBytes[j++]; | ||
} | ||
return keyBytes; | ||
} | ||
|
||
public byte[] encrypt (String string, String secret) | ||
throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException | ||
{ | ||
final byte[] keyBytes = makeKey(secret); | ||
final SecretKey key = new SecretKeySpec(keyBytes, "DESede"); | ||
final IvParameterSpec iv = new IvParameterSpec(new byte[8]); | ||
final Cipher cipher = Cipher.getInstance(this.symmetricFormat); | ||
cipher.init(Cipher.ENCRYPT_MODE, key, iv); | ||
final byte[] stringEncrypted = cipher.doFinal(string.getBytes()); | ||
return UrlBase64.encode(stringEncrypted); | ||
} | ||
|
||
public String decrypt (byte[] stringEncoded, String secret) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException | ||
{ | ||
final byte[] keyBytes = makeKey(secret); | ||
byte[] stringEncrypted = UrlBase64.decode(stringEncoded); | ||
final SecretKey key = new SecretKeySpec(keyBytes, "DESede"); | ||
final IvParameterSpec iv = new IvParameterSpec(new byte[8]); | ||
final Cipher cipher = Cipher.getInstance(this.symmetricFormat); | ||
cipher.init(Cipher.DECRYPT_MODE, key, iv); | ||
return new String(cipher.doFinal(stringEncrypted)); | ||
} | ||
} |
37 changes: 37 additions & 0 deletions
37
clc/modules/authentication/src/main/java/com/eucalyptus/auth/crypto/StringCryptoTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package com.eucalyptus.auth.crypto; | ||
|
||
import java.io.ByteArrayOutputStream; | ||
import java.io.FileInputStream; | ||
import org.apache.commons.codec.binary.Base64; | ||
import org.bouncycastle.util.encoders.UrlBase64; | ||
|
||
public class StringCryptoTest { | ||
|
||
/** | ||
* @param args | ||
*/ | ||
public static void main( String[] args ) throws Exception { | ||
// TODO Auto-generated method stub | ||
StringCrypto sc = new StringCrypto( "RSA/ECB/PKCS1Padding", "BC" ); | ||
System.out.println( sc.decryptOpenssl( "N8MFkU9cbxKHvtD9Xq0JaAu2X65d90J1lD6wJ5UkcdX4LyUZv/sBtaa0HlXZlW64YoAzn02P+312GTTsGiUlBzbK8o5LbY8DHyOqH/thv3JhvLVLpQRTLBH+YnGzBwqybUnwGTz4dNxkKu52vA/FvGC7UNC/PHzxjN07CwZ1riJPoYB6vSyH41dVYbs+oLSm2FMXx+mLxKVYq4NoewSPiwn0fZHTITm6nvWi5IV2cNF+K+Ibgx9/QUanKHRjAmmvEHVIGQoXu72POkTjdNu+tqqNFN7jF3dD0/CuXVeSYx/auOHhQ6zTnDJdqPHWd2H9CQQU+nfHtsR3VG91vE73yA==" ) ); | ||
} | ||
|
||
private static void printDec( byte[] ba ) { | ||
for ( byte b : ba ) { | ||
System.out.print( b + " " ); | ||
} | ||
System.out.print( '\n' ); | ||
} | ||
|
||
private static byte[] readfile( String filename ) throws Exception { | ||
FileInputStream fis = new FileInputStream( filename ); | ||
ByteArrayOutputStream baos = new ByteArrayOutputStream( ); | ||
byte[] block = new byte[512]; | ||
int n; | ||
while ( ( n = fis.read( block ) ) > 0 ) { | ||
baos.write( block, 0, n ); | ||
} | ||
return baos.toByteArray( ); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.