/** Does the actual work for decrypting - if version does not match current cipher then tries the previous cipher */ protected Message decryptMessage(Cipher cipher, Message msg) throws Exception { EncryptHeader hdr=msg.getHeader(this.id); if(!Arrays.equals(hdr.version(), sym_version)) { cipher=key_map.get(new AsciiString(hdr.version())); if(cipher == null) { handleUnknownVersion(hdr.version); return null; } log.trace("%s: decrypting msg from %s using previous cipher version", local_addr, msg.src()); return _decrypt(cipher, msg); } return _decrypt(cipher, msg); }
/** Initialises the ciphers for both encryption and decryption using the generated or supplied secret key */ protected void initSymCiphers(String algorithm, Key secret) throws Exception { if(secret == null) return; BlockingQueue<Cipher> encoding_ciphers=new ArrayBlockingQueue<>(cipher_pool_size); BlockingQueue<Cipher> decoding_ciphers=new ArrayBlockingQueue<>(cipher_pool_size); for(int i=0; i < cipher_pool_size; i++ ) { encoding_ciphers.offer(createCipher(Cipher.ENCRYPT_MODE, secret, algorithm)); decoding_ciphers.offer(createCipher(Cipher.DECRYPT_MODE, secret, algorithm)); } // set the version MessageDigest digest=MessageDigest.getInstance("MD5"); byte[] sym_version=digest.digest(secret.getEncoded()); this.encoding_ciphers = encoding_ciphers; this.decoding_ciphers = decoding_ciphers; this.sym_version = sym_version; }
protected Object handleEncryptedMessage(Message msg, byte[] version) throws Exception { if(!Arrays.equals(sym_version, version)) { // only check if msg needs to be queued if versions differ versionMismatch(msg); return null; } // try and decrypt the message - we need to copy msg as we modify its // buffer (http://jira.jboss.com/jira/browse/JGRP-538) Message tmpMsg=decryptMessage(null, msg.copy()); // need to copy for possible xmits if(tmpMsg != null) return up_prot.up(tmpMsg); log.warn("%s: unrecognized cipher; discarding message from %s", local_addr, msg.src()); return null; }
protected Object handleUpMessage(Message msg) throws Exception { EncryptHeader hdr=msg.getHeader(this.id); if(hdr == null) { log.error("%s: received message without encrypt header from %s; dropping it", local_addr, msg.src()); return null; } switch(hdr.type()) { case EncryptHeader.ENCRYPT: return handleEncryptedMessage(msg, hdr.version); default: return handleUpEvent(msg,hdr); } }
protected void encryptAndSend(Message msg) throws Exception { EncryptHeader hdr=new EncryptHeader(EncryptHeader.ENCRYPT, symVersion()); // copy neeeded because same message (object) may be retransmitted -> prevent double encryption Message msgEncrypted=msg.copy(false).putHeader(this.id, hdr); if(msg.getLength() > 0) msgEncrypted.setBuffer(code(msg.getRawBuffer(),msg.getOffset(),msg.getLength(),false)); else { // length is 0 byte[] payload=msg.getRawBuffer(); if(payload != null) // we don't encrypt empty buffers (https://issues.jboss.org/browse/JGRP-2153) msgEncrypted.setBuffer(payload, msg.getOffset(), msg.getLength()); } down_prot.down(msgEncrypted); }
public Object down(Message msg) { try { if(secret_key == null) { log.trace("%s: discarded %s message to %s as secret key is null, hdrs: %s", local_addr, msg.dest() == null? "mcast" : "unicast", msg.dest(), msg.printHeaders()); secretKeyNotAvailable(); return null; } encryptAndSend(msg); } catch(Exception e) { log.warn("%s: unable to send message down", local_addr, e); } return null; }
public Object down(Message msg) { GMS.GmsHeader hdr=msg.getHeader(GMS_ID); if(skip(hdr) || bypass(msg, false)) return down_prot.down(msg); return super.down(msg); }
public Object up(Message msg) { try { return handleUpMessage(msg); } catch(Exception e) { log.warn("%s: exception occurred decrypting message", local_addr, e); } return null; }
protected Message _decrypt(final Cipher cipher, Message msg) throws Exception { if(msg.getLength() == 0) return msg; byte[] decrypted_msg; if(cipher == null) decrypted_msg=code(msg.getRawBuffer(), msg.getOffset(), msg.getLength(), true); else try { decrypted_msg=cipher.doFinal(msg.getRawBuffer(), msg.getOffset(), msg.getLength()); } catch(BadPaddingException | IllegalBlockSizeException e) { // if any exception is thrown, this cipher object may need to be reset before it can be used again. cipher.init(Cipher.DECRYPT_MODE, secret_key); throw e; } return msg.setBuffer(decrypted_msg); }
protected Object handleUpMessage(Message msg) throws Exception { EncryptHeader hdr=msg.getHeader(this.id); if(hdr == null) { log.error("%s: received message without encrypt header from %s; dropping it", local_addr, msg.src()); return null; } switch(hdr.type()) { case EncryptHeader.ENCRYPT: return handleEncryptedMessage(msg, hdr.version); default: return handleUpEvent(msg,hdr); } }
protected void encryptAndSend(Message msg) throws Exception { EncryptHeader hdr=new EncryptHeader(EncryptHeader.ENCRYPT, symVersion()); // copy neeeded because same message (object) may be retransmitted -> prevent double encryption Message msgEncrypted=msg.copy(false).putHeader(this.id, hdr); if(msg.getLength() > 0) msgEncrypted.setBuffer(code(msg.getRawBuffer(),msg.getOffset(),msg.getLength(),false)); else { // length is 0 byte[] payload=msg.getRawBuffer(); if(payload != null) // we don't encrypt empty buffers (https://issues.jboss.org/browse/JGRP-2153) msgEncrypted.setBuffer(payload, msg.getOffset(), msg.getLength()); } down_prot.down(msgEncrypted); }
public Object down(Message msg) { try { if(secret_key == null) { log.trace("%s: discarded %s message to %s as secret key is null, hdrs: %s", local_addr, msg.dest() == null? "mcast" : "unicast", msg.dest(), msg.printHeaders()); secretKeyNotAvailable(); return null; } encryptAndSend(msg); } catch(Exception e) { log.warn("%s: unable to send message down", local_addr, e); } return null; }
public Object down(Message msg) { GMS.GmsHeader hdr=msg.getHeader(GMS_ID); if(skip(hdr) || bypass(msg, false)) return down_prot.down(msg); return super.down(msg); }
public Object up(Message msg) { try { return handleUpMessage(msg); } catch(Exception e) { log.warn("%s: exception occurred decrypting message", local_addr, e); } return null; }
protected Message _decrypt(final Cipher cipher, Message msg) throws Exception { if(msg.getLength() == 0) return msg; byte[] decrypted_msg; if(cipher == null) decrypted_msg=code(msg.getRawBuffer(), msg.getOffset(), msg.getLength(), true); else decrypted_msg=cipher.doFinal(msg.getRawBuffer(), msg.getOffset(), msg.getLength()); return msg.setBuffer(decrypted_msg); }
protected Object handleEncryptedMessage(Message msg, byte[] version) throws Exception { if(!Arrays.equals(sym_version, version)) { // only check if msg needs to be queued if versions differ versionMismatch(msg); return null; } // try and decrypt the message - we need to copy msg as we modify its // buffer (http://jira.jboss.com/jira/browse/JGRP-538) Message tmpMsg=decryptMessage(null, msg.copy()); // need to copy for possible xmits if(tmpMsg != null) return up_prot.up(tmpMsg); log.warn("%s: unrecognized cipher; discarding message from %s", local_addr, msg.src()); return null; }
/** Does the actual work for decrypting - if version does not match current cipher then tries the previous cipher */ protected Message decryptMessage(Cipher cipher, Message msg) throws Exception { EncryptHeader hdr=msg.getHeader(this.id); if(!Arrays.equals(hdr.version(), sym_version)) { cipher=key_map.get(new AsciiString(hdr.version())); if(cipher == null) { handleUnknownVersion(hdr.version); return null; } log.trace("%s: decrypting msg from %s using previous cipher version", local_addr, msg.src()); return _decrypt(cipher, msg); } return _decrypt(cipher, msg); }
/** Initialises the ciphers for both encryption and decryption using the generated or supplied secret key */ protected synchronized void initSymCiphers(String algorithm, Key secret) throws Exception { if(secret == null) return; encoding_ciphers.clear(); decoding_ciphers.clear(); for(int i=0; i < cipher_pool_size; i++ ) { encoding_ciphers.offer(createCipher(Cipher.ENCRYPT_MODE, secret, algorithm)); decoding_ciphers.offer(createCipher(Cipher.DECRYPT_MODE, secret, algorithm)); }; // set the version MessageDigest digest=MessageDigest.getInstance("MD5"); digest.reset(); digest.update(secret.getEncoded()); byte[] tmp=digest.digest(); sym_version=Arrays.copyOf(tmp, tmp.length); }