public String generatePassword(Node node) { return securityService.nextSecureHexString(30); }
public static ISecurityService create() { return create(SecurityServiceType.CLIENT, null); }
protected SecretKey getDefaultSecretKey() throws Exception { String keyPassword = nextSecureHexString(8); KeySpec keySpec = new PBEKeySpec(keyPassword.toCharArray(), SecurityConstants.SALT, SecurityConstants.ITERATION_COUNT, 56); SecretKey secretKey = SecretKeyFactory.getInstance(SecurityConstants.ALGORITHM) .generateSecret(keySpec); return secretKey; }
@Override public void installDefaultSslCert(String host) { synchronized (BouncyCastleSecurityService.class) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); try { KeyStore keyStore = getKeyStore(getKeyStorePassword()); KeyStore.ProtectionParameter param = new KeyStore.PasswordProtection( getKeyStorePassword().toCharArray()); String alias = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY); Entry entry = keyStore.getEntry(alias, param); if (entry == null) { KeyPair pair = generateRSAKeyPair(); X509Certificate cert = generateV1Certificate(host, pair); X509Certificate[] serverChain = new X509Certificate[] { cert }; keyStore.setEntry(alias, new KeyStore.PrivateKeyEntry(pair.getPrivate(), serverChain), param); saveKeyStore(keyStore, getKeyStorePassword()); } } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } } }
protected SecretKey getSecretKey() throws Exception { String password = getKeyStorePassword(); KeyStore.ProtectionParameter param = new KeyStore.PasswordProtection(password.toCharArray()); KeyStore ks = getKeyStore(password); KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) ks.getEntry( SecurityConstants.ALIAS_SYM_SECRET_KEY, param); if (entry == null) { log.debug("Generating secret key"); entry = new KeyStore.SecretKeyEntry(getDefaultSecretKey()); ks.setEntry(SecurityConstants.ALIAS_SYM_SECRET_KEY, entry, param); saveKeyStore(ks, password); } else { log.debug("Retrieving secret key"); } return entry.getSecretKey(); }
public String encrypt(String plainText) { try { checkThatKeystoreFileExists(); byte[] bytes = plainText.getBytes(SecurityConstants.CHARSET); byte[] enc = getCipher(Cipher.ENCRYPT_MODE).doFinal(bytes); return new String(Base64.encodeBase64(enc), SecurityConstants.CHARSET); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } }
protected Cipher getCipher(int mode) throws Exception { if (secretKey == null) { secretKey = getSecretKey(); } Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm()); initializeCipher(cipher, mode); log.debug("Using {} algorithm provided by {}.", cipher.getAlgorithm(), cipher.getProvider() .getName()); return cipher; }
public static ISecurityService create(SecurityServiceType serviceType, TypedProperties properties) { try { if (properties == null) { properties = new TypedProperties(System.getProperties()); } String className = properties.get(SecurityConstants.CLASS_NAME_SECURITY_SERVICE, serviceType == SecurityServiceType.SERVER ? "org.jumpmind.security.BouncyCastleSecurityService" : SecurityService.class.getName()); ISecurityService securityService = (ISecurityService) Class.forName(className).newInstance(); securityService.init(); return securityService; } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } }
public String nextSecureHexString(int len) { if (len <= 0) throw new IllegalArgumentException("length must be positive"); SecureRandom secRan = getSecRan(); MessageDigest alg = null; try { alg = MessageDigest.getInstance("SHA-1"); } catch (NoSuchAlgorithmException ex) { return null; } alg.reset(); int numIter = len / 40 + 1; StringBuffer outBuffer = new StringBuffer(); for (int iter = 1; iter < numIter + 1; iter++) { byte randomBytes[] = new byte[40]; secRan.nextBytes(randomBytes); alg.update(randomBytes); byte hash[] = alg.digest(); for (int i = 0; i < hash.length; i++) { Integer c = new Integer(hash[i]); String hex = Integer.toHexString(c.intValue() + 128); if (hex.length() == 1) hex = "0" + hex; outBuffer.append(hex); } } return outBuffer.toString().substring(0, len); }
String user = properties.get(BasicDataSourcePropertyConstants.DB_POOL_USER, ""); if (user != null && user.startsWith(SecurityConstants.PREFIX_ENC)) { user = securityService.decrypt(user.substring(SecurityConstants.PREFIX_ENC.length())); password = securityService.decrypt(password.substring(SecurityConstants.PREFIX_ENC .length()));
public static ResettableBasicDataSource create(TypedProperties properties) { return create(properties, SecurityServiceFactory.create(SecurityServiceType.CLIENT, properties)); }
public String decrypt(String encText) { try { checkThatKeystoreFileExists(); byte[] dec = Base64.decodeBase64(encText.getBytes()); byte[] bytes = getCipher(Cipher.DECRYPT_MODE).doFinal(dec); return new String(bytes, SecurityConstants.CHARSET); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } }
protected void init() { this.propertiesFactory = createTypedPropertiesFactory(); this.securityService = SecurityServiceFactory.create(getSecurityServiceType(), propertiesFactory.reload()); TypedProperties properties = this.propertiesFactory.reload(); this.platform = createDatabasePlatform(properties);