Java Code Examples for javax.crypto.SecretKey#destroy()

The following examples show how to use javax.crypto.SecretKey#destroy() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ModelEncryptionSupport.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                             String encodedToken,
                                             String encodedSecretKey,
                                             KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    ServerAccessToken serverAccessToken = decryptAccessToken(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return serverAccessToken;
}
 
Example 2
Source File: AbstractJweEncryption.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
    try {
        SecretKey createCekSecretKey = createCekSecretKey(state);
        byte[] encryptedBytes = CryptoUtils.encryptBytes(content, createCekSecretKey, state.keyProps);

        // Here we're finished with the SecretKey we created, so we can destroy it
        try {
            createCekSecretKey.destroy();
        } catch (DestroyFailedException e) {
            // ignore
        }
        return encryptedBytes;
    } catch (SecurityException ex) {
        LOG.fine(ex.getMessage());
        if (ex.getCause() instanceof NoSuchAlgorithmException) {
            LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
            throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
        }
        throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
    }
}
 
Example 3
Source File: AbstractContentEncryptionAlgorithm.java    From cxf with Apache License 2.0 6 votes vote down vote up
public byte[] getContentEncryptionKey(JweHeaders headers) {
    byte[] theCek = null;
    if (cek == null) {
        String algoJava = getAlgorithm().getJavaName();
        SecretKey secretKey = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava),
                      getContentEncryptionKeySize(headers));
        theCek = secretKey.getEncoded();
        if (generateCekOnce) {
            synchronized (this) {
                cek = theCek;
            }
        }
        // Clean the key after we're done with it
        try {
            secretKey.destroy();
        } catch (DestroyFailedException e) {
            // ignore
        }
    } else {
        theCek = cek;
    }
    return theCek;
}
 
Example 4
Source File: ModelEncryptionSupport.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
                                              String encodedToken,
                                              String encodedSecretKey,
                                              KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    ServerAuthorizationCodeGrant authzCodeGrant = decryptCodeGrant(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return authzCodeGrant;
}
 
Example 5
Source File: ModelEncryptionSupport.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
                                              String encodedToken,
                                              String encodedSecretKey,
                                              KeyProperties props) throws SecurityException {
    SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
    RefreshToken refreshToken = decryptRefreshToken(provider, encodedToken, key, props);

    // Clean the secret key from memory when we're done
    try {
        key.destroy();
    } catch (DestroyFailedException ex) {
        // ignore
    }

    return refreshToken;
}
 
Example 6
Source File: KeyProtector.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 7
Source File: KeyProtector.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 8
Source File: KeyProtector.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 9
Source File: KeyProtector.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                           "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 10
Source File: KeyProtector.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 11
Source File: AbstractJweDecryption.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
    KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
    keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
    AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
    keyProperties.setAlgoSpec(spec);
    boolean compressionSupported =
        JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
    keyProperties.setCompressionSupported(compressionSupported);
    byte[] actualCek = getActualCek(cek,
                           jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
    byte[] bytes =
        CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);

    // Here we're finished with the SecretKey we created, so we can destroy it
    try {
        secretKey.destroy();
    } catch (DestroyFailedException e) {
        // ignore
    }
    Arrays.fill(cek, (byte) 0);
    if (actualCek != cek) {
        Arrays.fill(actualCek, (byte) 0);
    }

    return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
 
Example 12
Source File: KeyProtector.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Protects the given cleartext private key, using the password provided at
 * construction time.
 */
byte[] protect(PrivateKey key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    PBEWithMD5AndTripleDESCipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        // encrypt private key
        cipher = new PBEWithMD5AndTripleDESCipher();
        cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    } finally {
        pbeKeySpec.clearPassword();
        if (sKey != null) sKey.destroy();
    }
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    Arrays.fill(plain, (byte)0x00);

    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams =
        AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);

    AlgorithmId encrAlg = new AlgorithmId
        (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
 
Example 13
Source File: KeyProtector.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 14
Source File: KeyProtector.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example 15
Source File: KeyProtector.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 *
 * @param maxLength Maximum possible length of so.
 *                  If bigger, must be illegal.
 */
Key unseal(SealedObject so, int maxLength)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher, maxLength);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 16
Source File: KeyProtector.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
Key recover(EncryptedPrivateKeyInfo encrInfo)
    throws UnrecoverableKeyException, NoSuchAlgorithmException
{
    byte[] plain = null;
    SecretKey sKey = null;
    try {
        String encrAlg = encrInfo.getAlgorithm().getOID().toString();
        if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
            && !encrAlg.equals(KEY_PROTECTOR_OID)) {
            throw new UnrecoverableKeyException("Unsupported encryption "
                                                + "algorithm");
        }

        if (encrAlg.equals(KEY_PROTECTOR_OID)) {
            // JDK 1.2 style recovery
            plain = recover(encrInfo.getEncryptedData());
        } else {
            byte[] encodedParams =
                encrInfo.getAlgorithm().getEncodedParams();

            // parse the PBE parameters into the corresponding spec
            AlgorithmParameters pbeParams =
                AlgorithmParameters.getInstance("PBE");
            pbeParams.init(encodedParams);
            PBEParameterSpec pbeSpec =
                    pbeParams.getParameterSpec(PBEParameterSpec.class);
            if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
                throw new IOException("PBE iteration count too large");
            }

            // create PBE key from password
            PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
            sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
            pbeKeySpec.clearPassword();

            // decrypt private key
            PBEWithMD5AndTripleDESCipher cipher;
            cipher = new PBEWithMD5AndTripleDESCipher();
            cipher.engineInit(Cipher.DECRYPT_MODE, sKey, pbeSpec, null);
            plain=cipher.engineDoFinal(encrInfo.getEncryptedData(), 0,
                                       encrInfo.getEncryptedData().length);
        }

        // determine the private-key algorithm, and parse private key
        // using the appropriate key factory
        String oidName = new AlgorithmId
            (new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
        KeyFactory kFac = KeyFactory.getInstance(oidName);
        return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (plain != null) Arrays.fill(plain, (byte) 0x00);
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 17
Source File: KeyProtector.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 18
Source File: KeyProtector.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec,
                "PBEWithMD5AndTripleDES", false);
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 19
Source File: KeyProtector.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}
 
Example 20
Source File: KeyProtector.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Unseals the sealed key.
 *
 * @param maxLength Maximum possible length of so.
 *                  If bigger, must be illegal.
 */
Key unseal(SealedObject so, int maxLength)
    throws NoSuchAlgorithmException, UnrecoverableKeyException {
    SecretKey sKey = null;
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEParameterSpec pbeSpec;
        try {
            pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
        } catch (InvalidParameterSpecException ipse) {
            throw new IOException("Invalid PBE algorithm parameters");
        }
        if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
            throw new IOException("PBE iteration count too large");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, sKey, params);
        return soForKeyProtector.getKey(cipher, maxLength);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    } finally {
        if (sKey != null) {
            try {
                sKey.destroy();
            } catch (DestroyFailedException e) {
                //shouldn't happen
            }
        }
    }
}