Coverage Report

Coverage Report - org.kuali.rice.core.impl.encryption.DemonstrationGradeEncryptionServiceImpl

Classes in this File

Line Coverage

Branch Coverage

Complexity

DemonstrationGradeEncryptionServiceImpl

0/77

0/20

3.273

 /*
  * Copyright 2006-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.kuali.rice.core.impl.encryption;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.kuali.rice.core.api.config.property.ConfigContext;
 import org.kuali.rice.core.api.encryption.EncryptionService;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.DESKeySpec;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
 
 /**
  * Implementation of encryption service for demonstration. 
  * 
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DemonstrationGradeEncryptionServiceImpl implements EncryptionService {
     public final static String ALGORITHM = "DES/ECB/PKCS5Padding";
     public final static String HASH_ALGORITHM = "SHA"; 
 
     private final static String CHARSET = "UTF-8";
 
     private transient SecretKey desKey;
 
     private boolean isEnabled = false;
 
     public DemonstrationGradeEncryptionServiceImpl() throws Exception {
         if (desKey != null) {
             throw new RuntimeException("The secret key must be kept secret. Storing it in the Java source code is a really bad idea.");
         }
         String key = ConfigContext.getCurrentContextConfig().getProperty("encryption.key");
         if (!StringUtils.isEmpty(key)) {
             setSecretKey(key);
         }
     }
     
     public boolean isEnabled() {
         return isEnabled;
     }
 
     public String encrypt(Object valueToHide) throws GeneralSecurityException {
             checkEnabled();
             
         if (valueToHide == null) {
             return "";
         }
 
         // Initialize the cipher for encryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.ENCRYPT_MODE, desKey);
 
         try {
             // Our cleartext
             byte[] cleartext = valueToHide.toString().getBytes(CHARSET);
     
             // Encrypt the cleartext
             byte[] ciphertext = cipher.doFinal(cleartext);
     
             return new String(Base64.encodeBase64(ciphertext), CHARSET);
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
 
     }
 
     public String decrypt(String ciphertext) throws GeneralSecurityException {
             checkEnabled();
             
         if (StringUtils.isBlank(ciphertext)) {
             return "";
         }
 
         // Initialize the same cipher for decryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.DECRYPT_MODE, desKey);
 
         try {
             // un-Base64 encode the encrypted data
             byte[] encryptedData = Base64.decodeBase64(ciphertext.getBytes(CHARSET));
 
             // Decrypt the ciphertext
             byte[] cleartext1 = cipher.doFinal(encryptedData);
             return new String(cleartext1, CHARSET);
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
     }
 
     public byte[] encryptBytes(byte[] valueToHide) throws GeneralSecurityException {
             checkEnabled();
             
         if (valueToHide == null) {
             return new byte[0];
         }
 
         // Initialize the cipher for encryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.ENCRYPT_MODE, desKey);
 
         // Our cleartext
         byte[] cleartext = valueToHide;
 
         // Encrypt the cleartext
         byte[] ciphertext = cipher.doFinal(cleartext);
 
         return ciphertext;
     }
 
     public byte[] decryptBytes(byte[] ciphertext) throws GeneralSecurityException {
             checkEnabled();
             
         if (ciphertext == null) {
             return new byte[0];
         }
 
         // Initialize the same cipher for decryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.DECRYPT_MODE, desKey);
 
         // un-Base64 encode the encrypted data
         byte[] encryptedData = ciphertext;
 
         // Decrypt the ciphertext
         byte[] cleartext1 = cipher.doFinal(encryptedData);
         return cleartext1;
     }
     
     /**
      * 
      * This method generates keys. This method is implementation specific and should not be present in any general purpose interface
      * extracted from this class.
      * 
      * @return
      * @throws Exception
      */
     public static String generateEncodedKey() throws Exception {
         KeyGenerator keygen = KeyGenerator.getInstance("DES");
         SecretKey desKey = keygen.generateKey();
 
         // Create the cipher
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init((Cipher.WRAP_MODE), desKey);
         
         SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
         DESKeySpec desSpec = (DESKeySpec) desFactory.getKeySpec(desKey, javax.crypto.spec.DESKeySpec.class);
         byte[] rawDesKey = desSpec.getKey();
 
         return new String(Base64.encodeBase64(rawDesKey));
     }
 
     private SecretKey unwrapEncodedKey(String key) throws Exception {
         KeyGenerator keygen = KeyGenerator.getInstance("DES");
         SecretKey desKey = keygen.generateKey();
 
         // Create the cipher
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init((Cipher.UNWRAP_MODE), desKey);
 
         byte[] bytes = Base64.decodeBase64(key.getBytes());
 
         SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
 
         DESKeySpec keyspec = new DESKeySpec(bytes);
         SecretKey k = desFactory.generateSecret(keyspec);
 
         return k;
 
     }
 
     /**
      * Sets the secretKey attribute value.
      * 
      * @param secretKey The secretKey to set.
      * @throws Exception
      */
     public void setSecretKey(String secretKey) throws Exception {
             if (!StringUtils.isEmpty(secretKey)) {
                     desKey = this.unwrapEncodedKey(secretKey);
                     isEnabled = true;
                     // Create the cipher
                     Cipher cipher = Cipher.getInstance(ALGORITHM);
                     cipher.init((Cipher.WRAP_MODE), desKey);
             }
     }
 
     /** Hash the value by converting to a string, running the hash algorithm, and then base64'ng the results.
      * Returns a blank string if any problems occur or the input value is null or empty.
      * 
      * @see org.kuali.rice.kns.service.EncryptionService#hash(java.lang.Object)
      */
     public String hash(Object valueToHide) throws GeneralSecurityException {
         if ( valueToHide == null || StringUtils.isEmpty( valueToHide.toString() ) ) {
             return "";
         }
         try {
             MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
             return new String( Base64.encodeBase64( md.digest( valueToHide.toString().getBytes( CHARSET ) ) ), CHARSET );
         } catch ( UnsupportedEncodingException ex ) {
             // should never happen
         }
         return "";
     }
     
     /**
      * Performs a check to see if the encryption service is enabled.  If it is not then an
      * IllegalStateException will be thrown.
      */
     protected void checkEnabled() {
             if (!isEnabled()) {
                     throw new IllegalStateException("Illegal use of encryption service.  Ecryption service is disabled, to enable please configure 'encryption.key'.");
             }
     }
 
     
 
 }

1		/*
2		* Copyright 2006-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16
17		package org.kuali.rice.core.impl.encryption;
18
19		import org.apache.commons.codec.binary.Base64;
20		import org.apache.commons.lang.StringUtils;
21		import org.kuali.rice.core.api.config.property.ConfigContext;
22		import org.kuali.rice.core.api.encryption.EncryptionService;
23
24		import javax.crypto.Cipher;
25		import javax.crypto.KeyGenerator;
26		import javax.crypto.SecretKey;
27		import javax.crypto.SecretKeyFactory;
28		import javax.crypto.spec.DESKeySpec;
29		import java.io.UnsupportedEncodingException;
30		import java.security.GeneralSecurityException;
31		import java.security.MessageDigest;
32
33		/**
34		* Implementation of encryption service for demonstration.
35		*
36		* @author Kuali Rice Team (rice.collab@kuali.org)
37		*/
38		public class DemonstrationGradeEncryptionServiceImpl implements EncryptionService {
39		public final static String ALGORITHM = "DES/ECB/PKCS5Padding";
40		public final static String HASH_ALGORITHM = "SHA";
41
42		private final static String CHARSET = "UTF-8";
43
44		private transient SecretKey desKey;
45
46	0	private boolean isEnabled = false;
47
48	0	public DemonstrationGradeEncryptionServiceImpl() throws Exception {
49	0	if (desKey != null) {
50	0	throw new RuntimeException("The secret key must be kept secret. Storing it in the Java source code is a really bad idea.");
51		}
52	0	String key = ConfigContext.getCurrentContextConfig().getProperty("encryption.key");
53	0	if (!StringUtils.isEmpty(key)) {
54	0	setSecretKey(key);
55		}
56	0	}
57
58		public boolean isEnabled() {
59	0	return isEnabled;
60		}
61
62		public String encrypt(Object valueToHide) throws GeneralSecurityException {
63	0	checkEnabled();
64
65	0	if (valueToHide == null) {
66	0	return "";
67		}
68
69		// Initialize the cipher for encryption
70	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
71	0	cipher.init(Cipher.ENCRYPT_MODE, desKey);
72
73		try {
74		// Our cleartext
75	0	byte[] cleartext = valueToHide.toString().getBytes(CHARSET);
76
77		// Encrypt the cleartext
78	0	byte[] ciphertext = cipher.doFinal(cleartext);
79
80	0	return new String(Base64.encodeBase64(ciphertext), CHARSET);
81	0	} catch (Exception e) {
82	0	throw new RuntimeException(e);
83		}
84
85		}
86
87		public String decrypt(String ciphertext) throws GeneralSecurityException {
88	0	checkEnabled();
89
90	0	if (StringUtils.isBlank(ciphertext)) {
91	0	return "";
92		}
93
94		// Initialize the same cipher for decryption
95	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
96	0	cipher.init(Cipher.DECRYPT_MODE, desKey);
97
98		try {
99		// un-Base64 encode the encrypted data
100	0	byte[] encryptedData = Base64.decodeBase64(ciphertext.getBytes(CHARSET));
101
102		// Decrypt the ciphertext
103	0	byte[] cleartext1 = cipher.doFinal(encryptedData);
104	0	return new String(cleartext1, CHARSET);
105	0	} catch (UnsupportedEncodingException e) {
106	0	throw new RuntimeException(e);
107		}
108		}
109
110		public byte[] encryptBytes(byte[] valueToHide) throws GeneralSecurityException {
111	0	checkEnabled();
112
113	0	if (valueToHide == null) {
114	0	return new byte[0];
115		}
116
117		// Initialize the cipher for encryption
118	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
119	0	cipher.init(Cipher.ENCRYPT_MODE, desKey);
120
121		// Our cleartext
122	0	byte[] cleartext = valueToHide;
123
124		// Encrypt the cleartext
125	0	byte[] ciphertext = cipher.doFinal(cleartext);
126
127	0	return ciphertext;
128		}
129
130		public byte[] decryptBytes(byte[] ciphertext) throws GeneralSecurityException {
131	0	checkEnabled();
132
133	0	if (ciphertext == null) {
134	0	return new byte[0];
135		}
136
137		// Initialize the same cipher for decryption
138	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
139	0	cipher.init(Cipher.DECRYPT_MODE, desKey);
140
141		// un-Base64 encode the encrypted data
142	0	byte[] encryptedData = ciphertext;
143
144		// Decrypt the ciphertext
145	0	byte[] cleartext1 = cipher.doFinal(encryptedData);
146	0	return cleartext1;
147		}
148
149		/**
150		*
151		* This method generates keys. This method is implementation specific and should not be present in any general purpose interface
152		* extracted from this class.
153		*
154		* @return
155		* @throws Exception
156		*/
157		public static String generateEncodedKey() throws Exception {
158	0	KeyGenerator keygen = KeyGenerator.getInstance("DES");
159	0	SecretKey desKey = keygen.generateKey();
160
161		// Create the cipher
162	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
163	0	cipher.init((Cipher.WRAP_MODE), desKey);
164
165	0	SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
166	0	DESKeySpec desSpec = (DESKeySpec) desFactory.getKeySpec(desKey, javax.crypto.spec.DESKeySpec.class);
167	0	byte[] rawDesKey = desSpec.getKey();
168
169	0	return new String(Base64.encodeBase64(rawDesKey));
170		}
171
172		private SecretKey unwrapEncodedKey(String key) throws Exception {
173	0	KeyGenerator keygen = KeyGenerator.getInstance("DES");
174	0	SecretKey desKey = keygen.generateKey();
175
176		// Create the cipher
177	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
178	0	cipher.init((Cipher.UNWRAP_MODE), desKey);
179
180	0	byte[] bytes = Base64.decodeBase64(key.getBytes());
181
182	0	SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
183
184	0	DESKeySpec keyspec = new DESKeySpec(bytes);
185	0	SecretKey k = desFactory.generateSecret(keyspec);
186
187	0	return k;
188
189		}
190
191		/**
192		* Sets the secretKey attribute value.
193		*
194		* @param secretKey The secretKey to set.
195		* @throws Exception
196		*/
197		public void setSecretKey(String secretKey) throws Exception {
198	0	if (!StringUtils.isEmpty(secretKey)) {
199	0	desKey = this.unwrapEncodedKey(secretKey);
200	0	isEnabled = true;
201		// Create the cipher
202	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
203	0	cipher.init((Cipher.WRAP_MODE), desKey);
204		}
205	0	}
206
207		/** Hash the value by converting to a string, running the hash algorithm, and then base64'ng the results.
208		* Returns a blank string if any problems occur or the input value is null or empty.
209		*
210		* @see org.kuali.rice.kns.service.EncryptionService#hash(java.lang.Object)
211		*/
212		public String hash(Object valueToHide) throws GeneralSecurityException {
213	0	if ( valueToHide == null \|\| StringUtils.isEmpty( valueToHide.toString() ) ) {
214	0	return "";
215		}
216		try {
217	0	MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
218	0	return new String( Base64.encodeBase64( md.digest( valueToHide.toString().getBytes( CHARSET ) ) ), CHARSET );
219	0	} catch ( UnsupportedEncodingException ex ) {
220		// should never happen
221		}
222	0	return "";
223		}
224
225		/**
226		* Performs a check to see if the encryption service is enabled. If it is not then an
227		* IllegalStateException will be thrown.
228		*/
229		protected void checkEnabled() {
230	0	if (!isEnabled()) {
231	0	throw new IllegalStateException("Illegal use of encryption service. Ecryption service is disabled, to enable please configure 'encryption.key'.");
232		}
233	0	}
234
235
236
237		}