/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(CHARSET), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(CHARSET), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
public static String encode64(byte[] secret, String cipherAlgorithm, SecretKey cipherKey, PBEParameterSpec cipherSpec) throws Exception { byte[] encoding = encode(secret, cipherAlgorithm, cipherKey, cipherSpec); String b64 = Base64Utils.tob64(encoding); return b64; }
public static String decode64(String secret, String cipherAlgorithm, SecretKey cipherKey, PBEParameterSpec cipherSpec) throws Exception { byte[] encoding = Base64Utils.fromb64(secret); byte[] decode = decode(encoding, cipherAlgorithm, cipherKey, cipherSpec); return new String(decode, "UTF-8"); }
private String decode(String maskedString, String salt, int iterationCount) throws Exception { String pbeAlgo = "PBEwithMD5andDES"; if (maskedString.startsWith(PASS_MASK_PREFIX)) { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); maskedString = maskedString.substring(PASS_MASK_PREFIX.length()); String decodedValue = PBEUtils.decode64(maskedString, pbeAlgo, cipherKey, cipherSpec); maskedString = decodedValue; } return maskedString; }
public static String encode64(byte[] secret, String cipherAlgorithm, SecretKey cipherKey, PBEParameterSpec cipherSpec) throws Exception { byte[] encoding = encode(secret, cipherAlgorithm, cipherKey, cipherSpec); String b64 = Base64Utils.tob64(encoding); return b64; }
public static String decode64(String secret, String cipherAlgorithm, SecretKey cipherKey, PBEParameterSpec cipherSpec) throws Exception { byte [] encoding; try { encoding = Base64Utils.fromb64(secret); } catch (IllegalArgumentException e) { // fallback when original string is was created with faulty version of Base64 encoding = Base64Utils.fromb64("0" + secret); PicketBoxLogger.LOGGER.wrongBase64StringUsed("0" + secret); } byte[] decode = decode(encoding, cipherAlgorithm, cipherKey, cipherSpec); return new String(decode, "UTF-8"); }
/** * Given a masked password {@link String}, decode it * @param maskedString a password string that is masked * @param salt Salt * @param iterationCount Iteration Count * @return Decoded String * @throws Exception */ public static String decode(String maskedString, String salt, int iterationCount) throws Exception { String PASS_MASK_PREFIX = "MASK-"; String pbeAlgo = "PBEwithMD5andDES"; if (maskedString.startsWith(PASS_MASK_PREFIX)) { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); maskedString = maskedString.substring(PASS_MASK_PREFIX.length()); String decodedValue = PBEUtils.decode64(maskedString, pbeAlgo, cipherKey, cipherSpec); maskedString = decodedValue; } return maskedString; } }
/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(StandardCharsets.UTF_8), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(StandardCharsets.UTF_8), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
public static void main(String[] args) throws Exception { if( args.length != 4 ) { System.err.println(PicketBoxMessages.MESSAGES.pbeUtilsMessage()); } byte[] salt = args[0].substring(0, 8).getBytes(); int count = Integer.parseInt(args[1]); char[] password = args[2].toCharArray(); byte[] passwordToEncode = args[3].getBytes("UTF-8"); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, count); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES"); SecretKey cipherKey = factory.generateSecret(keySpec); String encodedPassword = encode64(passwordToEncode, "PBEwithMD5andDES", cipherKey, cipherSpec); System.err.println("Encoded password: "+encodedPassword); } }
public static void main(String[] args) throws Exception { if( args.length != 4 ) { System.err.println( "Ecrypt a password using the JaasSecurityDomain password" +"Usage: PBEUtils salt count domain-password password" +"salt : the Salt attribute from the JaasSecurityDomain" +"count : the IterationCount attribute from the JaasSecurityDomain" +"domain-password : the plaintext password that maps to the KeyStorePass" +" attribute from the JaasSecurityDomain" +"password : the plaintext password that should be encrypted with the" +" JaasSecurityDomain password" ); } byte[] salt = args[0].substring(0, 8).getBytes(); int count = Integer.parseInt(args[1]); char[] password = args[2].toCharArray(); byte[] passwordToEncode = args[3].getBytes("UTF-8"); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, count); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES"); SecretKey cipherKey = factory.generateSecret(keySpec); String encodedPassword = encode64(passwordToEncode, "PBEwithMD5andDES", cipherKey, cipherSpec); System.err.println("Encoded password: "+encodedPassword); } }