diff --git a/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Cmac.java b/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Cmac.java index df5fb9b..54f62b0 100644 --- a/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Cmac.java +++ b/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Cmac.java @@ -4,7 +4,6 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.macs.CMac; import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.util.encoders.Hex; import com.genexus.cryptography.commons.CmacObject; import com.genexus.cryptography.symmetric.SymmetricBlockCipher; @@ -12,20 +11,17 @@ import com.genexus.securityapicommons.config.EncodingUtil; import com.genexus.securityapicommons.utils.SecurityUtils; -public class Cmac extends CmacObject{ +public class Cmac extends CmacObject { - public Cmac() - { + public Cmac() { super(); } - - /********EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ + /******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ @Override public String calculate(String plainText, String key, String algorithm, int macSize) { - if(!isValidAlgorithm(algorithm)) - { + if (!isValidAlgorithm(algorithm)) { this.error.setError("CM001", "Invalid Symmetric block algorithm for CMAC"); return ""; } @@ -33,29 +29,35 @@ public String calculate(String plainText, String key, String algorithm, int macS this.error); SymmetricBlockCipher symCipher = new SymmetricBlockCipher(); BlockCipher blockCipher = symCipher.getCipherEngine(symmetricBlockAlgorithm); - if(symCipher.hasError()) { + if (symCipher.hasError()) { this.error = symCipher.getError(); return ""; } - if(macSize>blockCipher.getBlockSize()*8) - { + if (macSize > blockCipher.getBlockSize() * 8) { this.error.setError("CM002", "The mac length must be less or equal than the algorithm block size."); return ""; } - byte[] byteKey = Hex.decode(key); + byte[] byteKey = SecurityUtils.getHexa(key, "CM003", this.error); + if (this.hasError()) { + return ""; + } EncodingUtil eu = new EncodingUtil(); byte[] byteInput = eu.getBytes(plainText); - + CipherParameters params = new KeyParameter(byteKey); org.bouncycastle.crypto.macs.CMac mac = null; - if(macSize!=0) - { - mac= new CMac(blockCipher,macSize ); - }else { - mac= new CMac(blockCipher); + if (macSize != 0) { + mac = new CMac(blockCipher, macSize); + } else { + mac = new CMac(blockCipher); + } + try { + mac.init(params); + } catch (Exception e) { + this.error.setError("CM004", e.getMessage()); + return ""; } - mac.init(params); byte[] resBytes = new byte[mac.getMacSize()]; mac.update(byteInput, 0, byteInput.length); mac.doFinal(resBytes, 0); @@ -64,7 +66,7 @@ public String calculate(String plainText, String key, String algorithm, int macS return result; } return ""; - + } @Override @@ -73,12 +75,10 @@ public boolean verify(String plainText, String key, String mac, String algorithm return SecurityUtils.compareStrings(res, mac); } - - /********EXTERNAL OBJECT PUBLIC METHODS - END ********/ - + /******** EXTERNAL OBJECT PUBLIC METHODS - END ********/ + /** - * @param digest - * byte array + * @param digest byte array * @return String Hexa respresentation of the byte array digest */ private String toHexaString(byte[] digest) { @@ -99,21 +99,20 @@ private String toHexaString(byte[] digest) { return result.trim(); } - + private boolean isValidAlgorithm(String algorithm) { SymmetricBlockAlgorithm symmetricBlockAlgorithm = SymmetricBlockAlgorithm.getSymmetricBlockAlgorithm(algorithm, this.error); int blockSize = SymmetricBlockAlgorithm.getBlockSize(symmetricBlockAlgorithm, this.error); - if(this.hasError()) { - + if (this.hasError()) { + return false; } - if(blockSize != 64 && blockSize != 128) - { - + if (blockSize != 64 && blockSize != 128) { + return false; } - + return true; } } diff --git a/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Hmac.java b/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Hmac.java index 83e58a2..9d65c3a 100644 --- a/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Hmac.java +++ b/GeneXusCryptography/src/main/java/com/genexus/cryptography/mac/Hmac.java @@ -3,7 +3,6 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.util.encoders.Hex; import com.genexus.cryptography.commons.HmacObject; import com.genexus.cryptography.hash.Hashing; @@ -17,10 +16,13 @@ public Hmac() { super(); } - /********EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ + /******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ @Override public String calculate(String plainText, String password, String algorithm) { - byte[] pass = Hex.decode(password); + byte[] pass = SecurityUtils.getHexa(password, "HS002", this.error); + if (this.hasError()) { + return ""; + } EncodingUtil eu = new EncodingUtil(); byte[] inputBytes = eu.getBytes(plainText); if (this.hasError()) { @@ -33,7 +35,12 @@ public String calculate(String plainText, String password, String algorithm) { } Digest digest = hash.createHash(alg); HMac engine = new HMac(digest); - engine.init(new KeyParameter(pass)); + try { + engine.init(new KeyParameter(pass)); + } catch (Exception e) { + this.error.setError("HS003", e.getMessage()); + return ""; + } byte[] resBytes = new byte[engine.getMacSize()]; engine.update(inputBytes, 0, inputBytes.length); engine.doFinal(resBytes, 0); @@ -51,12 +58,11 @@ public boolean verify(String plainText, String password, String mac, String algo String res = calculate(plainText, password, algorithm); return SecurityUtils.compareStrings(res, mac); } - - /********EXTERNAL OBJECT PUBLIC METHODS - END ********/ + + /******** EXTERNAL OBJECT PUBLIC METHODS - END ********/ /** - * @param digest - * byte array + * @param digest byte array * @return String Hexa respresentation of the byte array digest */ private String toHexaString(byte[] digest) { diff --git a/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricBlockCipher.java b/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricBlockCipher.java index 03eb999..c2c6a31 100644 --- a/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricBlockCipher.java +++ b/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricBlockCipher.java @@ -50,13 +50,11 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; import com.genexus.cryptography.commons.SymmetricBlockCipherObject; import com.genexus.cryptography.symmetric.utils.SymmetricBlockAlgorithm; import com.genexus.cryptography.symmetric.utils.SymmetricBlockMode; import com.genexus.cryptography.symmetric.utils.SymmetricBlockPadding; -import com.genexus.securityapicommons.config.AvailableEncoding; import com.genexus.securityapicommons.config.EncodingUtil; import com.genexus.securityapicommons.utils.SecurityUtils; @@ -76,19 +74,16 @@ public SymmetricBlockCipher() { /******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ /** - * @param symmetricBlockAlgorithm - * String SymmetricBlockAlgorithm enum, symmetric block algorithm - * name - * @param symmetricBlockMode - * String SymmetricBlockModes enum, symmetric block mode name - * @param key - * String Hexa key for the algorithm excecution - * @param macSize - * int macSize in bits for MAC length for AEAD Encryption algorithm - * @param nonce - * String Hexa nonce for MAC length for AEAD Encryption algorithm - * @param plainText - * String UTF-8 plain text to encrypt + * @param symmetricBlockAlgorithm String SymmetricBlockAlgorithm enum, symmetric + * block algorithm name + * @param symmetricBlockMode String SymmetricBlockModes enum, symmetric + * block mode name + * @param key String Hexa key for the algorithm excecution + * @param macSize int macSize in bits for MAC length for AEAD + * Encryption algorithm + * @param nonce String Hexa nonce for MAC length for AEAD + * Encryption algorithm + * @param plainText String UTF-8 plain text to encrypt * @return String Base64 encrypted text with the given algorithm and parameters */ public String doAEADEncrypt(String symmetricBlockAlgorithm, String symmetricBlockMode, String key, int macSize, @@ -105,10 +100,21 @@ public String doAEADEncrypt(String symmetricBlockAlgorithm, String symmetricBloc if (this.error.existsError() && !(this.error.getCode().compareToIgnoreCase("SB016") == 0)) { return ""; } - KeyParameter keyParam = new KeyParameter(Hex.decode(key)); - byte[] nonceBytes = Hex.decode(nonce); + + byte[] nonceBytes = SecurityUtils.getHexa(nonce, "SB024", this.error); + byte[] keyBytes = SecurityUtils.getHexa(key, "SB024", this.error); + if (this.hasError()) { + return ""; + } + + KeyParameter keyParam = new KeyParameter(keyBytes); AEADParameters AEADparams = new AEADParameters(keyParam, macSize, nonceBytes); - bbc.init(true, AEADparams); + try { + bbc.init(true, AEADparams); + } catch (Exception e) { + this.error.setError("SB029", e.getMessage()); + return ""; + } EncodingUtil eu = new EncodingUtil(); byte[] inputBytes = eu.getBytes(plainText); if (eu.getError().existsError()) { @@ -133,19 +139,16 @@ public String doAEADEncrypt(String symmetricBlockAlgorithm, String symmetricBloc } /** - * @param symmetricBlockAlgorithm - * String SymmetricBlockAlgorithm enum, symmetric block algorithm - * name - * @param symmetricBlockMode - * String SymmetricBlockModes enum, symmetric block mode name - * @param key - * String Hexa key for the algorithm excecution - * @param macSize - * int macSize in bits for MAC length for AEAD Encryption algorithm - * @param nonce - * String Hexa nonce for MAC length for AEAD Encryption algorithm - * @param encryptedInput - * String Base64 text to decrypt + * @param symmetricBlockAlgorithm String SymmetricBlockAlgorithm enum, symmetric + * block algorithm name + * @param symmetricBlockMode String SymmetricBlockModes enum, symmetric + * block mode name + * @param key String Hexa key for the algorithm excecution + * @param macSize int macSize in bits for MAC length for AEAD + * Encryption algorithm + * @param nonce String Hexa nonce for MAC length for AEAD + * Encryption algorithm + * @param encryptedInput String Base64 text to decrypt * @return String plain text UTF-8 with the given algorithm and parameters */ public String doAEADDecrypt(String symmetricBlockAlgorithm, String symmetricBlockMode, String key, int macSize, @@ -162,10 +165,20 @@ public String doAEADDecrypt(String symmetricBlockAlgorithm, String symmetricBloc if (this.error.existsError() && !(this.error.getCode().compareToIgnoreCase("SB016") == 0)) { return ""; } - KeyParameter keyParam = new KeyParameter(Hex.decode(key)); - byte[] nonceBytes = Hex.decode(nonce); + byte[] nonceBytes = SecurityUtils.getHexa(nonce, "SB025", this.error); + byte[] keyBytes = SecurityUtils.getHexa(key, "SB025", this.error); + if (this.hasError()) { + return ""; + } + + KeyParameter keyParam = new KeyParameter(keyBytes); AEADParameters AEADparams = new AEADParameters(keyParam, macSize, nonceBytes); - bbc.init(false, AEADparams); + try { + bbc.init(false, AEADparams); + } catch (Exception e) { + this.error.setError("SB030", e.getMessage()); + return ""; + } byte[] out2 = Base64.decode(encryptedInput); byte[] comparisonBytes = new byte[bbc.getOutputSize(out2.length)]; int length = bbc.processBytes(out2, 0, out2.length, comparisonBytes, 0); @@ -187,20 +200,16 @@ public String doAEADDecrypt(String symmetricBlockAlgorithm, String symmetricBloc } /** - * @param symmetricBlockAlgorithm - * String SymmetricBlockAlgorithm enum, symmetric block algorithm - * name - * @param symmetricBlockMode - * String SymmetricBlockModes enum, symmetric block mode name - * @param symmetricBlockPadding - * String SymmetricBlockPadding enum, symmetric block padding name - * @param key - * String Hexa key for the algorithm excecution - * @param IV - * String IV for the algorithm execution, must be the same length as - * the blockSize - * @param plainText - * String UTF-8 plain text to encrypt + * @param symmetricBlockAlgorithm String SymmetricBlockAlgorithm enum, symmetric + * block algorithm name + * @param symmetricBlockMode String SymmetricBlockModes enum, symmetric + * block mode name + * @param symmetricBlockPadding String SymmetricBlockPadding enum, symmetric + * block padding name + * @param key String Hexa key for the algorithm excecution + * @param IV String IV for the algorithm execution, must be + * the same length as the blockSize + * @param plainText String UTF-8 plain text to encrypt * @return String Base64 encrypted text with the given algorithm and parameters */ public String doEncrypt(String symmetricBlockAlgorithm, String symmetricBlockMode, String symmetricBlockPadding, @@ -219,15 +228,29 @@ public String doEncrypt(String symmetricBlockAlgorithm, String symmetricBlockMod if (this.error.existsError() && !(this.error.getCode().compareToIgnoreCase("SB016") == 0)) { return ""; } - byte[] byteIV = Hex.decode(IV); - byte[] byteKey = Hex.decode(key); + byte[] byteIV = SecurityUtils.getHexa(IV, "SB022", this.error); + byte[] byteKey = SecurityUtils.getHexa(key, "SB022", this.error); + if (this.hasError()) { + return ""; + } + KeyParameter keyParam = new KeyParameter(byteKey); if (SymmetricBlockMode.ECB != mode && SymmetricBlockMode.OPENPGPCFB != mode) { ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, byteIV); - bbc.init(true, keyParamWithIV); + try { + bbc.init(true, keyParamWithIV); + } catch (Exception e) { + this.error.setError("SB025", e.getMessage()); + return ""; + } } else { - bbc.init(true, keyParam); + try { + bbc.init(true, keyParam); + } catch (Exception e) { + this.error.setError("SB026", e.getMessage()); + return ""; + } } EncodingUtil eu = new EncodingUtil(); byte[] inputBytes = eu.getBytes(plainText);// plainText.getBytes(); @@ -253,20 +276,16 @@ public String doEncrypt(String symmetricBlockAlgorithm, String symmetricBlockMod } /** - * @param symmetricBlockAlgorithm - * String SymmetricBlockAlgorithm enum, symmetric block algorithm - * name - * @param symmetricBlockMode - * String SymmetricBlockModes enum, symmetric block mode name - * @param symmetricBlockPadding - * String SymmetricBlockPadding enum, symmetric block padding name - * @param key - * String Hexa key for the algorithm excecution - * @param IV - * String IV for the algorithm execution, must be the same length as - * the blockSize - * @param encryptedInput - * String Base64 text to decrypt + * @param symmetricBlockAlgorithm String SymmetricBlockAlgorithm enum, symmetric + * block algorithm name + * @param symmetricBlockMode String SymmetricBlockModes enum, symmetric + * block mode name + * @param symmetricBlockPadding String SymmetricBlockPadding enum, symmetric + * block padding name + * @param key String Hexa key for the algorithm excecution + * @param IV String IV for the algorithm execution, must be + * the same length as the blockSize + * @param encryptedInput String Base64 text to decrypt * @return String plain text UTF-8 with the given algorithm and parameters */ public String doDecrypt(String symmetricBlockAlgorithm, String symmetricBlockMode, String symmetricBlockPadding, @@ -284,14 +303,27 @@ public String doDecrypt(String symmetricBlockAlgorithm, String symmetricBlockMod if (this.error.existsError() && !(this.error.getCode().compareToIgnoreCase("SB016") == 0)) { return ""; } - byte[] bytesKey = Hex.decode(key); - byte[] bytesIV = Hex.decode(IV); + byte[] bytesKey = SecurityUtils.getHexa(key, "SB023", this.error); + byte[] bytesIV = SecurityUtils.getHexa(IV, "SB023", this.error); + if (this.hasError()) { + return ""; + } KeyParameter keyParam = new KeyParameter(bytesKey); if (SymmetricBlockMode.ECB != mode && SymmetricBlockMode.OPENPGPCFB != mode) { ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, bytesIV); - bbc.init(false, keyParamWithIV); + try { + bbc.init(false, keyParamWithIV); + } catch (Exception e) { + this.error.setError("SB027", e.getMessage()); + return ""; + } } else { - bbc.init(false, keyParam); + try { + bbc.init(false, keyParam); + } catch (Exception e) { + this.error.setError("SB028", e.getMessage()); + return ""; + } } byte[] out2 = Base64.decode(encryptedInput); @@ -319,12 +351,9 @@ public String doDecrypt(String symmetricBlockAlgorithm, String symmetricBlockMod * Gets the BufferedBlockCipher loaded with Padding, Mode and Engine to Encrypt * with a Symmetric Block Algorithm * - * @param algorithm - * SymmetricBlockAlgorithm enum, algorithm name - * @param mode - * SymmetricBlockModes enum, mode name - * @param padding - * SymmetricBlockPadding enum, padding name + * @param algorithm SymmetricBlockAlgorithm enum, algorithm name + * @param mode SymmetricBlockModes enum, mode name + * @param padding SymmetricBlockPadding enum, padding name * @return BufferedBlockCipher loaded with Padding, Mode and Engine to Encrypt * with a Symmetric Block Algorithm */ @@ -351,10 +380,8 @@ private BufferedBlockCipher getCipher(SymmetricBlockAlgorithm algorithm, Symmetr } /** - * @param mode - * SymmetricBlockModes enum, mode name - * @param padding - * SymmetricBlockPadding enum, padding name + * @param mode SymmetricBlockModes enum, mode name + * @param padding SymmetricBlockPadding enum, padding name * @return boolean true if it uses CTS */ private boolean usesCTS(SymmetricBlockMode mode, SymmetricBlockPadding padding) { @@ -362,8 +389,7 @@ private boolean usesCTS(SymmetricBlockMode mode, SymmetricBlockPadding padding) } /** - * @param algorithm - * SymmetricBlockAlgorithm enum, algorithm name + * @param algorithm SymmetricBlockAlgorithm enum, algorithm name * @return BlockCipher with the algorithm Engine */ public BlockCipher getCipherEngine(SymmetricBlockAlgorithm algorithm) { @@ -484,8 +510,7 @@ public BlockCipher getCipherEngine(SymmetricBlockAlgorithm algorithm) { } /** - * @param padding - * SymmetricBlockPadding enum, padding name + * @param padding SymmetricBlockPadding enum, padding name * @return BlockCipherPadding with loaded padding type, if padding is WITHCTS * returns null */ @@ -521,10 +546,8 @@ private BlockCipherPadding getPadding(SymmetricBlockPadding padding) { } /** - * @param blockCipher - * BlockCipher engine - * @param mode - * SymmetricBlockModes enum, symmetric block mode name + * @param blockCipher BlockCipher engine + * @param mode SymmetricBlockModes enum, symmetric block mode name * @return AEADBlockCipher loaded with a given BlockCipher */ private AEADBlockCipher getAEADCipherMode(BlockCipher blockCipher, SymmetricBlockMode mode) { @@ -553,10 +576,8 @@ private AEADBlockCipher getAEADCipherMode(BlockCipher blockCipher, SymmetricBloc } /** - * @param blockCipher - * BlockCipher loaded with the algorithm Engine - * @param mode - * SymmetricBlockModes enum, mode name + * @param blockCipher BlockCipher loaded with the algorithm Engine + * @param mode SymmetricBlockModes enum, mode name * @return BlockCipher with mode loaded */ private BlockCipher getCipherMode(BlockCipher blockCipher, SymmetricBlockMode mode) { @@ -604,5 +625,5 @@ private BlockCipher getCipherMode(BlockCipher blockCipher, SymmetricBlockMode mo } return bc; } - + } diff --git a/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricStreamCipher.java b/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricStreamCipher.java index 283a9c1..59f5ac9 100644 --- a/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricStreamCipher.java +++ b/GeneXusCryptography/src/main/java/com/genexus/cryptography/symmetric/SymmetricStreamCipher.java @@ -12,11 +12,11 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; import com.genexus.cryptography.commons.SymmectricStreamCipherObject; import com.genexus.cryptography.symmetric.utils.SymmetricStreamAlgorithm; import com.genexus.securityapicommons.config.EncodingUtil; +import com.genexus.securityapicommons.utils.SecurityUtils; /** * @author sgrampone @@ -34,17 +34,13 @@ public SymmetricStreamCipher() { /******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/ /** - * @param symmetricStreamAlgorithm - * String SymmetrcStreamAlgorithm enum, algorithm name - * @param symmetricBlockMode - * String SymmetricBlockMode enum, mode name - * @param key - * String Hexa key for the algorithm excecution - * @param IV - * String Hexa IV (nonce) for those algorithms that uses, ignored if - * not - * @param plainText - * String UTF-8 plain text to encrypt + * @param symmetricStreamAlgorithm String SymmetrcStreamAlgorithm enum, + * algorithm name + * @param symmetricBlockMode String SymmetricBlockMode enum, mode name + * @param key String Hexa key for the algorithm excecution + * @param IV String Hexa IV (nonce) for those algorithms + * that uses, ignored if not + * @param plainText String UTF-8 plain text to encrypt * @return String Base64 encrypted text with the given algorithm and parameters */ public String doEncrypt(String symmetricStreamAlgorithm, String key, String IV, String plainText) { @@ -61,15 +57,29 @@ public String doEncrypt(String symmetricStreamAlgorithm, String key, String IV, return ""; } - KeyParameter keyParam = new KeyParameter(Hex.decode(key)); + byte[] keyBytes = SecurityUtils.getHexa(key, "SS007", this.error); + byte[] ivBytes = SecurityUtils.getHexa(IV, "SS007", this.error); + if (this.hasError()) { + return ""; + } + KeyParameter keyParam = new KeyParameter(keyBytes); if (SymmetricStreamAlgorithm.usesIV(algorithm, this.error)) { if (!this.error.existsError()) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.decode(IV)); - engine.init(true, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, ivBytes); + try { + engine.init(true, keyParamWithIV); + } catch (Exception e) { + this.error.setError("SS008", e.getMessage()); + return ""; + } } } else { - - engine.init(true, keyParam); + try { + engine.init(true, keyParam); + } catch (Exception e) { + this.error.setError("SS009", e.getLocalizedMessage()); + return ""; + } } EncodingUtil eu = new EncodingUtil(); byte[] input = eu.getBytes(plainText); @@ -90,18 +100,14 @@ public String doEncrypt(String symmetricStreamAlgorithm, String key, String IV, } /** - * @param symmetricStreamAlgorithm - * String SymmetrcStreamAlgorithm enum, algorithm name - * @param symmetricBlockMode - * String SymmetricBlockMode enum, mode name - * @param key - * String Hexa key for the algorithm excecution - * @param IV - * String Hexa IV (nonce) for those algorithms that uses, ignored if - * not - * @param encryptedInput - * String Base64 encrypted text with the given algorithm and - * parameters + * @param symmetricStreamAlgorithm String SymmetrcStreamAlgorithm enum, + * algorithm name + * @param symmetricBlockMode String SymmetricBlockMode enum, mode name + * @param key String Hexa key for the algorithm excecution + * @param IV String Hexa IV (nonce) for those algorithms + * that uses, ignored if not + * @param encryptedInput String Base64 encrypted text with the given + * algorithm and parameters * @return String plain text UTF-8 with the given algorithm and parameters */ public String doDecrypt(String symmetricStreamAlgorithm, String key, String IV, String encryptedInput) { @@ -117,15 +123,30 @@ public String doDecrypt(String symmetricStreamAlgorithm, String key, String IV, if (this.error.existsError()) { return ""; } + byte[] keyBytes = SecurityUtils.getHexa(key, "SS010", this.error); + byte[] ivBytes = SecurityUtils.getHexa(IV, "SS010", this.error); + if (this.hasError()) { + return ""; + } - KeyParameter keyParam = new KeyParameter(Hex.decode(key)); + KeyParameter keyParam = new KeyParameter(keyBytes); if (SymmetricStreamAlgorithm.usesIV(algorithm, this.error)) { if (!this.error.existsError()) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.decode(IV)); - engine.init(false, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, ivBytes); + try { + engine.init(false, keyParamWithIV); + } catch (Exception e) { + this.error.setError("SS011", e.getMessage()); + return ""; + } } } else { - engine.init(false, keyParam); + try { + engine.init(false, keyParam); + } catch (Exception e) { + this.error.setError("SS012", e.getMessage()); + return ""; + } } byte[] input = Base64.decode(encryptedInput); @@ -148,8 +169,7 @@ public String doDecrypt(String symmetricStreamAlgorithm, String key, String IV, /******** EXTERNAL OBJECT PUBLIC METHODS - END ********/ /** - * @param algorithm - * SymmetrcStreamAlgorithm enum, algorithm name + * @param algorithm SymmetrcStreamAlgorithm enum, algorithm name * @return StreamCipher with the algorithm Stream Engine */ private StreamCipher getCipherEngine(SymmetricStreamAlgorithm algorithm) { diff --git a/GeneXusJWT/src/main/java/com/genexus/commons/JWTOptions.java b/GeneXusJWT/src/main/java/com/genexus/commons/JWTOptions.java index 56cd107..fe0247d 100644 --- a/GeneXusJWT/src/main/java/com/genexus/commons/JWTOptions.java +++ b/GeneXusJWT/src/main/java/com/genexus/commons/JWTOptions.java @@ -39,11 +39,11 @@ public void setCertificate(CertificateX509 cert) { } public void setSecret(String value) { - + try { secret = Hex.decode(value); } catch (Exception e) { - this.error.setError("OP001", "Hexadecimal value expected"); + this.error.setError("OP001", e.getMessage()); secret = null; } diff --git a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/CertificateX509.java b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/CertificateX509.java index 10143b9..4cfd4a8 100644 --- a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/CertificateX509.java +++ b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/CertificateX509.java @@ -29,7 +29,6 @@ import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.util.encoders.Base64; -import com.genexus.securityapicommons.config.EncodingUtil; import com.genexus.securityapicommons.utils.SecurityUtils; public class CertificateX509 extends com.genexus.securityapicommons.commons.Certificate { @@ -75,8 +74,8 @@ public boolean loadPKCS12(String path, String alias, String password) { boolean result = false; try { result = loadPublicKeyFromFile(path, alias, password); - } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException e) { - this.error.setError("CE001", "Invalid certificate"); + } catch (Exception e) { + this.error.setError("CE001", e.getMessage()); return false; } if (result) { @@ -137,18 +136,18 @@ public String getPublicKeyHash() { } return aux[0].toUpperCase(); } - + public AsymmetricKeyParameter getPublicKeyParameterForEncryption() { - - if(SecurityUtils.compareStrings(this.getPublicKeyAlgorithm(), "RSA")){ + + if (SecurityUtils.compareStrings(this.getPublicKeyAlgorithm(), "RSA")) { return getRSAKeyParameter(); - }else { - + } else { + this.error.setError("AE009", "Unrecognized encryption algorithm"); return null; } } - + /** * @return AsymmetricKeyParameter with loaded public key for RSA or ECDSA * signature verification @@ -173,17 +172,17 @@ public AsymmetricKeyParameter getPublicKeyParameterForSigning() { return null; } } - + private AsymmetricKeyParameter getRSAKeyParameter() { RSAKeyParameters parms; - try { - parms = (RSAKeyParameters) PublicKeyFactory.createKey(this.subjectPublicKeyInfo); - } catch (IOException e) { - this.error.setError("AE014", "Not RSA key"); - e.printStackTrace(); - return null; - } + try { + parms = (RSAKeyParameters) PublicKeyFactory.createKey(this.subjectPublicKeyInfo); + } catch (IOException e) { + this.error.setError("AE014", "Not RSA key"); + e.printStackTrace(); + return null; + } return parms; } @@ -245,12 +244,9 @@ public RSAPublicKey getRSAPublicKeyJWT() { * stores SubjectPublicKeyInfo Data Type of public key from certificate, * algorithm and digest * - * @param path - * String of the certificate file - * @param alias - * Srting certificate's alias, required if PKCS12 - * @param password - * String certificate's password, required if PKCS12 + * @param path String of the certificate file + * @param alias Srting certificate's alias, required if PKCS12 + * @param password String certificate's password, required if PKCS12 * @return boolean true if loaded correctly * @throws CertificateException * @throws IOException @@ -286,10 +282,8 @@ private boolean loadPublicKeyFromFile(String path, String alias, String password * @param path * * - * @param alias - * Strting certificate's alias - * @param password - * String certificate's password + * @param alias Strting certificate's alias + * @param password String certificate's password * @return boolean true if loaded correctly * @throws IOException * @throws KeyStoreException @@ -322,8 +316,7 @@ private boolean loadPublicKeyFromPKCS12File(String path, String alias, String pa * stores SubjectPublicKeyInfo Data Type from certificate's public key, * asymmetric algorithm and digest * - * @param path - * String .pem certificate path + * @param path String .pem certificate path * @return boolean true if loaded correctly * @throws IOException * @throws CertificateException @@ -364,8 +357,7 @@ private boolean loadPublicKeyFromPEMFile(String path) throws IOException, Certif * stores PublicKeyInfo Data Type from the certificate's public key, asymmetric * algorithm and digest * - * @param path - * String .crt .cer file certificate + * @param path String .crt .cer file certificate * @return boolean true if loaded correctly * @throws IOException * @throws CertificateException @@ -395,8 +387,7 @@ private void inicializeParameters() { /** * Extract public key information and certificate's signing algorithm * - * @param cert - * java Certificate + * @param cert java Certificate */ private void extractPublicInfo() { Certificate cert1 = (Certificate) this.cert; @@ -442,5 +433,4 @@ public String getPublicKeyAlgorithm() { return aux[1].toUpperCase(); } - } diff --git a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/PrivateKeyManager.java b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/PrivateKeyManager.java index a3704a7..20fd601 100644 --- a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/PrivateKeyManager.java +++ b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/keys/PrivateKeyManager.java @@ -59,9 +59,8 @@ public boolean load(String privateKeyPath) { public boolean loadPKCS12(String privateKeyPath, String alias, String password) { try { loadKeyFromFile(privateKeyPath, alias, password); - } catch (UnrecoverableKeyException | CertificateException | NoSuchAlgorithmException | KeyStoreException - | IOException e) { - + } catch (Exception e) { + this.error.setError("PK018", e.getMessage()); return false; } if (this.hasError()) { diff --git a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/SecurityUtils.java b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/SecurityUtils.java index 67fa30c..16e849a 100644 --- a/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/SecurityUtils.java +++ b/SecurityAPICommons/src/main/java/com/genexus/securityapicommons/utils/SecurityUtils.java @@ -8,7 +8,11 @@ import java.io.InputStream; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; +import com.genexus.securityapicommons.commons.Error; +import org.bouncycastle.util.encoders.Hex; + +import com.genexus.securityapicommons.commons.SecurityAPIObject; import com.genexus.securityapicommons.config.EncodingUtil; public class SecurityUtils { @@ -75,4 +79,18 @@ public static final InputStream inputFileToStream(String path) throws IOExceptio final InputStream targetStream = new DataInputStream(new FileInputStream(initialFile)); return targetStream; } + + public static byte[] getHexa(String hex, String code, Error error) + { + byte[] output; + try + { + output = Hex.decode(hex); + }catch(Exception e) + { + error.setError(code, e.getMessage()); + return null; + } + return output; + } }