KeyManagerRaesParameters


1   /*
2    * Copyright 2005-2006 Schlichtherle IT Services
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package de.schlichtherle.crypto.io.raes;
18  
19  import de.schlichtherle.key.AesKeyProvider;
20  import de.schlichtherle.key.KeyProvider;
21  import de.schlichtherle.key.UnknownKeyException;
22  import de.schlichtherle.key.KeyManager;
23  
24  /**
25   * A facade which retrieves {@link RaesParameters} by using the
26   * {@link KeyManager}.
27   * The <code>KeyManager</code> usually prompts the user via a pluggable user
28   * interface.
29   * <p>
30   * According to the current state of RAES, only password based encryption
31   * is supported. The facade pattern allows this class to be changed to
32   * support other encryption and authentication schemes in the future without
33   * requiring to change the client code.
34   * <p>
35   * Implementation note: Of course this class could implement
36   * <code>Type0RaesParameters</code> directly.
37   * But then this interface and all its methods would be public.
38   * However, it is anticipated that with the advent of additional parameter
39   * interfaces for new RAES types, the explicit implementation of interfaces
40   * would limit this classes ability to implement preferences for certain
41   * RAES types.
42   * Now, implementing the <code>RaesParametersAgent</code> interface
43   * allows us to control the search for suitable RAES parameters according
44   * to the <em>user's</em> preferences, whereas any direct implementation
45   * of these interfaces would put us at the mercy of {@link RaesOutputStream}!
46   * 
47   * @author Christian Schlichtherle
48   * @version @version@
49   * @since TrueZIP 6.0
50   */
51  public class KeyManagerRaesParameters implements RaesParametersAgent {
52  
53      private final String   cPath;
54  
55      /**
56       * Constructs a new set of default RAES parameters.
57       *
58       * @param cPath The canonical pathname of the RAES file
59       *        - <code>null</code> is not allowed!
60       */
61      public KeyManagerRaesParameters(String   cPath) {
62          this.cPath = cPath;
63      }
64  
65      public RaesParameters getParameters(Class   type) {
66          return new Type0();
67      }
68  
69      /**
70       * An adapter which presents the KeyManager's <code>KeyProvider</code>
71       * interface as <ocde>Type0RaesParameters</code>.
72       */
73      private class Type0 implements Type0RaesParameters {
74          public char[] getOpenPasswd() throws RaesKeyException {
75              // Don't cache the key manager!
76              final KeyProvider provider = KeyManager.getInstance()
77                      .getKeyProvider(cPath, AesKeyProvider.class);
78              try {
79                  final Object   key = provider.getOpenKey();
80                  if (key instanceof byte[])
81                      return PKCS12BytesToChars((byte[]) key);
82                  else
83                      return (char[]) key;
84              } catch (UnknownKeyException failure) {
85                  throw new RaesKeyException(failure);
86              }
87          }
88  
89          public void invalidOpenPasswd() {
90              // Don't cache the key manager!
91              final KeyProvider provider = KeyManager.getInstance()
92                      .getKeyProvider(cPath, AesKeyProvider.class);
93              provider.invalidOpenKey();
94          }
95  
96          public char[] getCreatePasswd() throws RaesKeyException {
97              // Don't cache the key manager!
98              final KeyProvider provider = KeyManager.getInstance()
99                      .getKeyProvider(cPath, AesKeyProvider.class);
100             try {
101                 final Object   key = provider.getCreateKey();
102                 if (key instanceof byte[])
103                     return PKCS12BytesToChars((byte[]) key);
104                 else
105                     return (char[]) key;
106             } catch (UnknownKeyException failure) {
107                 throw new RaesKeyException(failure);
108             }
109         }
110 
111         public int getKeyStrength() {
112             // Don't cache the key manager!
113             final KeyProvider provider = KeyManager.getInstance()
114                     .getKeyProvider(cPath, AesKeyProvider.class);
115             if (provider instanceof AesKeyProvider) {
116                 return ((AesKeyProvider) provider).getKeyStrength();
117             } else {
118                 return KEY_STRENGTH_256; // default for incompatible key providers.
119             }
120         }
121 
122         public void setKeyStrength(int keyStrength) {
123             // Don't cache the key manager!
124             final KeyProvider provider = KeyManager.getInstance()
125                     .getKeyProvider(cPath, AesKeyProvider.class);
126             if (provider instanceof AesKeyProvider) {
127                 ((AesKeyProvider) provider).setKeyStrength(keyStrength);
128             }
129         }
130     }
131 
132     static {
133         // This check avoids a mapping function.
134         assert Type0RaesParameters.KEY_STRENGTH_128 == AesKeyProvider.KEY_STRENGTH_128;
135         assert Type0RaesParameters.KEY_STRENGTH_192 == AesKeyProvider.KEY_STRENGTH_192;
136         assert Type0RaesParameters.KEY_STRENGTH_256 == AesKeyProvider.KEY_STRENGTH_256;
137     }
138 
139     /**
140      * This is the inverse of the Unicode character to byte conversion
141      * algorithm specified in PKCS12.
142      * It is used to convert the initial 512 bytes of a key file into a
143      * pseudo-Unicode character array which is then used as a password.
144      */
145     private static char[] PKCS12BytesToChars(final byte[] bytes) {
146         // Do not use the following - it would omit a byte order sequence
147         // and cannot decode all characters.
148         // return new String(buf, 0, n, "UTF-16BE").toCharArray();
149 
150         // Decode the characters from UTF-16BE, so that the byte order
151         // is preserved when the char array is later again translated
152         // to a byte array again according to PKCS #12.
153         int len = bytes.length;
154         len >>= 1;
155         char[] chars = new char[len];
156         for (int i = 0, off = 0; i < len; i++)
157             chars[i] = (char) (bytes[off++] << 8 | bytes[off++] & 0xFF); // attention!
158 
159         return chars;
160     }
161 }
162
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags