Java > Open Source Codes > org > objectweb > proactive > ext > security > crypto > Session


1 /*
2 * ################################################################
3 *
4 * ProActive: The Java(TM) library for Parallel, Distributed,
5 * Concurrent computing with Security and Mobility
6 *
7 * Copyright (C) 1997-2002 INRIA/University of Nice-Sophia Antipolis
8 * Contact: proactive-support@inria.fr
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
23 * USA
24 *
25 * Initial developer(s): The ProActive Team
26 * http://www.inria.fr/oasis/ProActive/contacts.html
27 * Contributor(s):
28 *
29 * ################################################################
30 */
31 package org.objectweb.proactive.ext.security.crypto;
32
33 import java.io.IOException ;
34 import java.io.Serializable ;
35 import java.security.PublicKey ;
36 import java.security.SecureRandom ;
37 import java.security.cert.CertificateEncodingException ;
38 import java.security.cert.X509Certificate ;
39
40 import javax.crypto.Cipher;
41 import javax.crypto.Mac;
42 import javax.crypto.SecretKey;
43 import javax.crypto.spec.IvParameterSpec;
44
45 import org.objectweb.proactive.core.body.UniversalBody;
46 import org.objectweb.proactive.ext.security.Communication;
47 import org.objectweb.proactive.ext.security.Policy;
48 import org.objectweb.proactive.ext.security.ProActiveSecurity;
49
50
51 public class Session implements Serializable {
52     // the session identifiant
53 public long sessionID;
54
55     // The clients authentication and signing certificate.
56 public X509Certificate distantOACertificate;
57
58     // The clients public key for encryption and decryption.
59 public PublicKey distantOAPublicKey;
60
61     // The distant body
62 public UniversalBody distantBody;
63
64     // Client Side Cipher.
65 public transient Cipher cl_cipher;
66
67     // Server Cipher.
68 public transient Cipher se_cipher;
69
70     // the communication policy
71 private Communication communication;
72
73     // RSA Cipher.
74 public transient Cipher rsa_eng;
75
76     // Client side MAC
77 public transient Mac cl_mac;
78
79     // Server side MAC
80 public transient Mac se_mac;
81     public byte[] cl_sec_key;
82     public byte[] se_sec_key;
83     public byte[] cl_mac_enc;
84     public byte[] se_mac_enc;
85     public transient IvParameterSpec se_iv;
86     public transient IvParameterSpec cl_iv;
87
88     // Server Random
89 public byte[] se_rand;
90
91     // Client Random
92 public byte[] cl_rand;
93
94     // public byte[] cl_mac_mig;
95 // public byte[] se_mac_mig;
96 public SecretKey se_hmac_key;
97     public SecretKey se_aes_key;
98     public SecretKey cl_hmac_key;
99     public SecretKey cl_aes_key;
100
101     // public boolean cipher = false;
102 // public byte[] iv;
103 public transient SecureRandom sec_rand;
104
105     public Session() {
106     }
107
108     public Session(long sessionID, Communication policy) throws Exception {
109         this.communication = policy;
110
111         se_rand = new byte[32]; // Server Random
112 cl_rand = new byte[32]; // Client Random
113 sec_rand = new SecureRandom ();
114         cl_cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
115         se_cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); // Server Cipher.
116 rsa_eng = Cipher.getInstance("RSA/None/OAEPPadding", "BC"); // RSA Cipher.
117 cl_mac = Mac.getInstance("HMACSHA1", "BC"); // Client side MAC
118 se_mac = Mac.getInstance("HMACSHA1", "BC"); // Server side MAC
119 this.sessionID = sessionID;
120         distantOACertificate = null; // The clients public key for encryption and decryption.
121 distantOAPublicKey = null; // The clients authentication and signing certificate.
122 }
123
124     public boolean isID(long ID) {
125         if (ID == this.sessionID) {
126             return true;
127         }
128
129         return false;
130     }
131
132     public X509Certificate get_otherPublicCertificate(long id) {
133         if (this.sessionID == id) {
134             return distantOACertificate;
135         }
136
137         return null;
138     }
139
140     public long getSessionID() {
141         return sessionID;
142     }
143
144     public void setDistantOACertificate(X509Certificate distantBodyCertificate) {
145         distantOACertificate = distantBodyCertificate;
146     }
147
148     public X509Certificate getDistantOACertificate() {
149         return distantOACertificate;
150     }
151
152     public PublicKey getDistantOAPublicKey() {
153         return distantOAPublicKey;
154     }
155
156     public void setDistantOAPublicKey(PublicKey distantOAPublicKey) {
157         this.distantOAPublicKey = distantOAPublicKey;
158     }
159
160     public byte[][] writePDU(byte[] in) throws Exception {
161         byte[] mac = null;
162         if (communication.isIntegrityEnabled()) {
163             cl_mac.update(in); // Update plain text into MAC
164 }
165
166         if (communication.isConfidentialityEnabled()) {
167             try {
168                 in = cl_cipher.doFinal(in); // Encrypt data for recipient.
169 } catch (Exception bex) {
170                 bex.printStackTrace();
171                 throw (new IOException ("PDU failed to encrypt " +
172                     bex.getMessage()));
173             }
174         }
175
176         if (communication.isIntegrityEnabled()) {
177             mac = cl_mac.doFinal();
178         }
179
180         //
181 // Load mac with previous MAC value.
182 // This forces each exchange into a chain
183 // so that if any of the blocks are replayed out
184 // of sequence the replayed blocks will fail.
185 //
186 // cl_mac.update(mac);
187 return new byte[][] { in, mac };
188     }
189
190     public static boolean isEqual(byte[] a, byte[] b) {
191         if ((a == null) || (b == null)) {
192             return (false);
193         }
194
195         if (a.length != b.length) {
196             return (false);
197         }
198
199         for (int t = 0; t < a.length; t++) {
200             if (a[t] != b[t]) {
201                 return (false);
202             }
203         }
204
205         return (true);
206     }
207
208     public byte[] readPDU(byte[] in, byte[] mac) throws Exception {
209         // in is the encrypted data
210 // mac is the mac
211 if (communication.isConfidentialityEnabled()) {
212             try {
213                 in = se_cipher.doFinal(in);
214             } catch (Exception ex) {
215                 System.out.println("PDU Mac code decryption failed ");
216                 throw new IOException ("PDU failed to decrypt " +
217                     ex.getMessage());
218             }
219         }
220         if (communication.isIntegrityEnabled()) {
221             se_mac.update(in); // MAC is taken on plain text.
222
223             byte[] m = null;
224             m = se_mac.doFinal();
225
226             if (!isEqual(m, mac)) {
227                 System.out.println("PDU Mac code failed ");
228                 throw new IOException ("PDU Mac code failed ");
229             }
230         }
231
232         //
233 // Load mac with previous MAC value.
234 // This forces each exchange into a chain
235 // so that if any of the blocks are replayed out
236 // of sequence the replayed blocks will fail.
237 //
238 // se_mac.update(m);
239 return (in);
240     }
241
242     // implements Serializable
243 private void writeObject(java.io.ObjectOutputStream out)
244         throws IOException {
245         out.defaultWriteObject();
246         if (se_iv != null) {
247             out.write(se_iv.getIV());
248         } else {
249             out.write(new byte[16]);
250         }
251         if (cl_iv != null) {
252             out.write(cl_iv.getIV());
253         } else {
254             out.write(new byte[16]);
255         }
256
257         byte[] cert = new byte[0];
258         try {
259             if (distantOACertificate != null) {
260                 cert = distantOACertificate.getEncoded();
261             }
262         } catch (CertificateEncodingException e) {
263             e.printStackTrace();
264         }
265         out.writeInt(cert.length);
266         out.write(cert);
267     }
268
269     private void readObject(java.io.ObjectInputStream in)
270         throws IOException , ClassNotFoundException {
271         in.defaultReadObject();
272
273         //if (cipher) {
274 byte[] temp = new byte[16];
275         in.read(temp);
276
277         se_iv = new IvParameterSpec(temp);
278
279         in.read(temp);
280         cl_iv = new IvParameterSpec(temp);
281         sec_rand = new SecureRandom ();
282
283         // Provider myProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
284 // Security.addProvider(myProvider);
285 int i = in.readInt();
286         byte[] certEncoded = new byte[i];
287         in.read(certEncoded);
288
289         distantOACertificate = ProActiveSecurity.decodeCertificate(certEncoded);
290
291         try {
292             cl_cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
293             se_cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); // Server Cipher.
294 rsa_eng = Cipher.getInstance("RSA/None/OAEPPadding", "BC"); // RSA Cipher.
295 sec_rand = new SecureRandom ();
296             cl_mac = Mac.getInstance("HMACSHA1", "BC"); // Client side MAC
297 se_mac = Mac.getInstance("HMACSHA1", "BC"); // Server side MAC
298
299             if ((se_iv != null) && (se_aes_key != null)) {
300                 se_cipher.init(Cipher.DECRYPT_MODE, (SecretKey) se_aes_key,
301                     se_iv);
302             }
303
304             // cl_cipher.init (Cipher.ENCRYPT_MODE, (SecretKey)new SecretKeySpec(aes_key.getEncoded(),"AES"), new IvParameterSpec(iv));
305 if ((cl_iv != null) && (cl_aes_key != null)) {
306                 cl_cipher.init(Cipher.ENCRYPT_MODE, cl_aes_key, cl_iv, sec_rand);
307             }
308
309             // cl_cipher.init(Cipher.ENCRYPT_MODE, aes_key, sec_rand);
310 // se_cipher.init(Cipher.DECRYPT_MODE, aes_key, sec_rand);
311 //se_mac.init((SecretKey)new SecretKeySpec(hmac_key.getEncoded(), "AES"));
312 // cl_mac.init((SecretKey)new SecretKeySpec(hmac_key.getEncoded(), "AES"));
313 // cl_mac.update(cl_mac_mig);
314 // se_mac.update(se_mac_mig);
315 // cl_mac.init(hmac_key);
316 // se_mac.init(hmac_key);
317 // System.out.println("Session readobject se_mac : " + se_mac);
318 // System.out.println("Session readobject se_hmac_key : " + se_hmac_key);
319 if ((se_mac != null) && (se_hmac_key != null)) {
320                 se_mac.init(se_hmac_key);
321             }
322             if ((cl_mac != null) && (se_hmac_key != null)) {
323                 cl_mac.init(cl_hmac_key);
324             }
325         } catch (Exception e) {
326             e.printStackTrace();
327         }
328
329         // }
330 }
331
332     private String displayByte(byte[] tab) {
333         String s = "";
334
335         for (int i = 0; i < tab.length; i++) {
336             s += tab[i];
337         }
338
339         return s;
340     }
341
342     public String toString() {
343         return "ID : " + sessionID + "\n" + "cl_rand : " +
344         displayByte(cl_rand) + "\n" + "se_rand : " + displayByte(se_rand);
345     }
346
347     /**
348      * Method setPolicy.
349      * @param resultPolicy
350      */
351     public void setPolicy(Policy resultPolicy) {
352     }
353 }
354

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags