KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcorporate > expresso > core > security > weakencryption > StringEncryption


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */

64
65 package com.jcorporate.expresso.core.security.weakencryption;
66
67 import com.jcorporate.expresso.core.misc.ByteArrayCounter;
68 import com.jcorporate.expresso.core.security.AbstractStringEncryption;
69 import com.jcorporate.expresso.kernel.exception.ChainedException;
70
71
72 /**
73  * This class provides basic string encryption. It'll provide the services of
74  * password whitening and automatic selection of encryption.
75  * <p/>
76  * Known Vulnerabilities. The actual whitened password remains in memory for
77  * performance sake. An attacker may find the actual password by looking at swap
78  * files looking for Base64 encoded strings. (Not too hard to grep out) but it requires
79  * an attacker to gain access to the swap partition of the server. Do not use this
80  * class for a personal encryption program.
81  *
82  * @author Michael Rimov
83  */

84 public class StringEncryption
85         extends AbstractStringEncryption {
86     static final private String JavaDoc thisClass = "com.jcorporate.expresso.core.security.weakencryption.RandomNumber";
87     static protected ByteArrayCounter ivCounter = new ByteArrayCounter(8);
88
89     /**
90      * @throws ChainedException
91      */

92     public StringEncryption()
93             throws ChainedException {
94         super();
95     } /* StringEncryption() */
96
97     /**
98      * Same as decryptString, but only deals in byte arrays. This method must be
99      * implemented by descendants of this class.
100      *
101      * @param inputData[]
102      * @return
103      */

104     public byte[] decrypt(byte[] inputData)
105             throws ChainedException, IllegalArgumentException JavaDoc {
106         if (inputData.length < 8) {
107
108             /* It wasn't encrypted */
109             return inputData;
110
111             //throw new IllegalArgumentException(myName
112
// + ":inputData must be at least of length 8");
113
}
114
115         byte[] ivData = new byte[8];
116         byte[] rawData = new byte[inputData.length - 8];
117
118         //NOW XOR "decrypt" everything
119
int pwCounter = 0;
120         byte[] passKey = this.getPreparedPassKey();
121
122         for (int i = 0; i < inputData.length; i++) {
123             inputData[i] ^= passKey[pwCounter];
124             pwCounter++;
125
126             if (pwCounter == passKey.length) {
127                 pwCounter = 0;
128             }
129         }
130         //Build the final result
131
for (int i = 0; i < inputData.length; i++) {
132             if (i < 8) {
133                 ivData[i] = inputData[i];
134             } else {
135                 rawData[i - 8] = inputData[i];
136             }
137         }
138
139         return rawData;
140     } /* decrypt(byte) */
141
142
143     /**
144      * Same as encryptString, but only deals in byte arrays. This must be implemented
145      * by the descendants of this class.
146      *
147      * @param inputData[]
148      * @return
149      */

150     public byte[] encrypt(byte[] inputData)
151             throws ChainedException, IllegalArgumentException JavaDoc {
152         final String JavaDoc myName = thisClass + ".encrypt(byte)";
153
154         if (inputData.length == 0) {
155             throw new IllegalArgumentException JavaDoc(myName +
156                     ":inputData must not be zero length");
157         }
158
159         ivCounter.increment();
160
161         byte[] ivData = ivCounter.getBytes();
162         int arrayLength = 8 + inputData.length;
163         byte[] finalData = new byte[arrayLength];
164
165         //Assemble the final byte array by concatentating the
166
//intput vector and the algorithm outputs.
167
for (int i = 0; i < arrayLength; i++) {
168             if (i < 8) {
169                 finalData[i] = ivData[i];
170             } else {
171                 finalData[i] = inputData[i - 8];
172             }
173         }
174
175         //NOW XOR encryption everything
176
int pwCounter = 0;
177         byte[] passKey = this.getPreparedPassKey();
178
179         for (int i = 0; i < finalData.length; i++) {
180             finalData[i] ^= passKey[pwCounter];
181             pwCounter++;
182
183             if (pwCounter == passKey.length) {
184                 pwCounter = 0;
185             }
186         }
187
188         return finalData;
189     } /* encrypt(byte) */
190
191
192 } /* StringEncryption */
193
194 /* StringEncryption */
195
Popular Tags