KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > oracle > toplink > essentials > internal > security > JCEEncryptor


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the "License"). You may not use this file except
5  * in compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * glassfish/bootstrap/legal/CDDLv1.0.txt or
9  * https://glassfish.dev.java.net/public/CDDLv1.0.html.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * HEADER in each file and include the License file at
15  * glassfish/bootstrap/legal/CDDLv1.0.txt. If applicable,
16  * add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your
18  * own identifying information: Portions Copyright [yyyy]
19  * [name of copyright owner]
20  */
21 // Copyright (c) 1998, 2005, Oracle. All rights reserved.
22 package oracle.toplink.essentials.internal.security;
23
24 import java.io.IOException JavaDoc;
25 import java.io.ObjectInputStream JavaDoc;
26 import java.io.ObjectOutputStream JavaDoc;
27 import java.io.ByteArrayInputStream JavaDoc;
28 import java.io.ByteArrayOutputStream JavaDoc;
29 import javax.crypto.Cipher;
30 import javax.crypto.SecretKey;
31 import javax.crypto.spec.DESKeySpec;
32 import javax.crypto.SecretKeyFactory;
33 import javax.crypto.CipherInputStream;
34 import javax.crypto.CipherOutputStream;
35 import oracle.toplink.essentials.internal.helper.Helper;
36 import oracle.toplink.essentials.exceptions.ValidationException;
37 import oracle.toplink.essentials.exceptions.ConversionException;
38
39 /**
40  * TopLink reference implementation for password encryption.
41  *
42  * @author Guy Pelletier
43  */
44 public class JCEEncryptor implements Securable {
45     private Cipher m_cipher;
46     private final String JavaDoc m_algorithm = "DES";
47     private final String JavaDoc m_padding = "DES/ECB/PKCS5Padding";
48
49     public JCEEncryptor() throws Exception JavaDoc {
50
51         /*
52          * We want to force the initialization of the cipher here. This is a fix
53          * for bug #2696486.
54          * JDev with JDK 1.3 in some cases will allow a JCE object to be created
55          * when it shouldn't. That is, JDev includes an incompletely configured JCE
56          * library for JDK 1.3, meaning JCE will not run properly in the VM. So, JDev
57          * allows you to create a JCEEncryptor object, but eventually throw's
58          * errors when trying to make JCE library calls from encryptPassword.
59          *
60          * Confusing??? Well, don't move this code before talking to Guy first!
61          */
62         m_cipher = Cipher.getInstance(m_padding);
63     }
64
65     /**
66      * Encrypts a string. Will throw a validation exception.
67      */
68     public synchronized String JavaDoc encryptPassword(String JavaDoc password) {
69         try {
70             m_cipher.init(Cipher.ENCRYPT_MODE, Synergizer.getMultitasker(m_algorithm));
71
72             ByteArrayOutputStream JavaDoc baos = new ByteArrayOutputStream JavaDoc();
73             CipherOutputStream cos = new CipherOutputStream(baos, m_cipher);
74             ObjectOutputStream JavaDoc oos = new ObjectOutputStream JavaDoc(cos);
75
76             oos.writeObject(password);
77             oos.flush();
78             oos.close();
79
80             return Helper.buildHexStringFromBytes(baos.toByteArray());
81         } catch (Exception JavaDoc e) {
82             throw ValidationException.errorEncryptingPassword(e);
83         }
84     }
85
86     /**
87      * Decrypts a string. Will throw a validation exception.
88      * Handles backwards compatability for older encrypted strings.
89      */
90     public synchronized String JavaDoc decryptPassword(String JavaDoc encryptedPswd) {
91         String JavaDoc password = "";
92
93         try {
94             m_cipher.init(Cipher.DECRYPT_MODE, Synergizer.getMultitasker(m_algorithm));
95
96             byte[] bytePassword = Helper.buildBytesFromHexString(encryptedPswd);
97
98             ByteArrayInputStream JavaDoc bais = new ByteArrayInputStream JavaDoc(bytePassword);
99             CipherInputStream cis = new CipherInputStream(bais, m_cipher);
100             ObjectInputStream JavaDoc ois = new ObjectInputStream JavaDoc(cis);
101
102             password = (String JavaDoc)ois.readObject();
103             ois.close();
104         } catch (IOException JavaDoc e) {
105             // JCE 1.2.2 couldn't decrypt it, assume clear text
106 password = encryptedPswd;
107         } catch (ArrayIndexOutOfBoundsException JavaDoc e) {
108             // JCE 1.2.1 couldn't decrypt it, assume clear text
109 password = encryptedPswd;
110         } catch (ConversionException e) {
111             // Never prepared (buildBytesFromHexString failed), assume clear text
112 password = encryptedPswd;
113         } catch (Exception JavaDoc e) {
114             throw ValidationException.errorDecryptingPassword(e);
115         }
116
117         return password;
118     }
119
120     private static class Synergizer {
121         private static String JavaDoc multitasker = "E60B80C7AEC78038";
122
123         static public SecretKey getMultitasker(String JavaDoc algorithm) throws Exception JavaDoc {
124             SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
125             return skf.generateSecret(new DESKeySpec(Helper.buildBytesFromHexString(multitasker)));
126         }
127     }
128 }
129
Popular Tags