Coverage Report

Coverage Report - org.kuali.rice.core.impl.encryption.DemonstrationGradeEncryptionServiceImpl

Classes in this File

Line Coverage

Branch Coverage

Complexity

DemonstrationGradeEncryptionServiceImpl

0/77

0/20

3.273

 /**
  * Copyright 2005-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.core.impl.encryption;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.kuali.rice.core.api.config.property.ConfigContext;
 import org.kuali.rice.core.api.encryption.EncryptionService;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.DESKeySpec;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
 
 /**
  * Implementation of encryption service for demonstration. 
  * 
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class DemonstrationGradeEncryptionServiceImpl implements EncryptionService {
     public final static String ALGORITHM = "DES/ECB/PKCS5Padding";
     public final static String HASH_ALGORITHM = "SHA"; 
 
     private final static String CHARSET = "UTF-8";
 
     private transient SecretKey desKey;
 
     private boolean isEnabled = false;
 
     public DemonstrationGradeEncryptionServiceImpl() throws Exception {
         if (desKey != null) {
             throw new RuntimeException("The secret key must be kept secret. Storing it in the Java source code is a really bad idea.");
         }
         String key = ConfigContext.getCurrentContextConfig().getProperty("encryption.key");
         if (!StringUtils.isEmpty(key)) {
             setSecretKey(key);
         }
     }
     
     public boolean isEnabled() {
         return isEnabled;
     }
 
     public String encrypt(Object valueToHide) throws GeneralSecurityException {
             checkEnabled();
             
         if (valueToHide == null) {
             return "";
         }
 
         // Initialize the cipher for encryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.ENCRYPT_MODE, desKey);
 
         try {
             // Our cleartext
             byte[] cleartext = valueToHide.toString().getBytes(CHARSET);
     
             // Encrypt the cleartext
             byte[] ciphertext = cipher.doFinal(cleartext);
     
             return new String(Base64.encodeBase64(ciphertext), CHARSET);
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
 
     }
 
     public String decrypt(String ciphertext) throws GeneralSecurityException {
             checkEnabled();
             
         if (StringUtils.isBlank(ciphertext)) {
             return "";
         }
 
         // Initialize the same cipher for decryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.DECRYPT_MODE, desKey);
 
         try {
             // un-Base64 encode the encrypted data
             byte[] encryptedData = Base64.decodeBase64(ciphertext.getBytes(CHARSET));
 
             // Decrypt the ciphertext
             byte[] cleartext1 = cipher.doFinal(encryptedData);
             return new String(cleartext1, CHARSET);
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
     }
 
     public byte[] encryptBytes(byte[] valueToHide) throws GeneralSecurityException {
             checkEnabled();
             
         if (valueToHide == null) {
             return new byte[0];
         }
 
         // Initialize the cipher for encryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.ENCRYPT_MODE, desKey);
 
         // Our cleartext
         byte[] cleartext = valueToHide;
 
         // Encrypt the cleartext
         byte[] ciphertext = cipher.doFinal(cleartext);
 
         return ciphertext;
     }
 
     public byte[] decryptBytes(byte[] ciphertext) throws GeneralSecurityException {
             checkEnabled();
             
         if (ciphertext == null) {
             return new byte[0];
         }
 
         // Initialize the same cipher for decryption
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init(Cipher.DECRYPT_MODE, desKey);
 
         // un-Base64 encode the encrypted data
         byte[] encryptedData = ciphertext;
 
         // Decrypt the ciphertext
         byte[] cleartext1 = cipher.doFinal(encryptedData);
         return cleartext1;
     }
     
     /**
      * 
      * This method generates keys. This method is implementation specific and should not be present in any general purpose interface
      * extracted from this class.
      * 
      * @return
      * @throws Exception
      */
     public static String generateEncodedKey() throws Exception {
         KeyGenerator keygen = KeyGenerator.getInstance("DES");
         SecretKey desKey = keygen.generateKey();
 
         // Create the cipher
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init((Cipher.WRAP_MODE), desKey);
         
         SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
         DESKeySpec desSpec = (DESKeySpec) desFactory.getKeySpec(desKey, javax.crypto.spec.DESKeySpec.class);
         byte[] rawDesKey = desSpec.getKey();
 
         return new String(Base64.encodeBase64(rawDesKey));
     }
 
     private SecretKey unwrapEncodedKey(String key) throws Exception {
         KeyGenerator keygen = KeyGenerator.getInstance("DES");
         SecretKey desKey = keygen.generateKey();
 
         // Create the cipher
         Cipher cipher = Cipher.getInstance(ALGORITHM);
         cipher.init((Cipher.UNWRAP_MODE), desKey);
 
         byte[] bytes = Base64.decodeBase64(key.getBytes());
 
         SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
 
         DESKeySpec keyspec = new DESKeySpec(bytes);
         SecretKey k = desFactory.generateSecret(keyspec);
 
         return k;
 
     }
 
     /**
      * Sets the secretKey attribute value.
      * 
      * @param secretKey The secretKey to set.
      * @throws Exception
      */
     public void setSecretKey(String secretKey) throws Exception {
             if (!StringUtils.isEmpty(secretKey)) {
                     desKey = this.unwrapEncodedKey(secretKey);
                     isEnabled = true;
                     // Create the cipher
                     Cipher cipher = Cipher.getInstance(ALGORITHM);
                     cipher.init((Cipher.WRAP_MODE), desKey);
             }
     }
 
     /** Hash the value by converting to a string, running the hash algorithm, and then base64'ng the results.
      * Returns a blank string if any problems occur or the input value is null or empty.
      * 
      * @see org.kuali.rice.krad.service.EncryptionService#hash(java.lang.Object)
      */
     public String hash(Object valueToHide) throws GeneralSecurityException {
         if ( valueToHide == null || StringUtils.isEmpty( valueToHide.toString() ) ) {
             return "";
         }
         try {
             MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
             return new String( Base64.encodeBase64( md.digest( valueToHide.toString().getBytes( CHARSET ) ) ), CHARSET );
         } catch ( UnsupportedEncodingException ex ) {
             // should never happen
         }
         return "";
     }
     
     /**
      * Performs a check to see if the encryption service is enabled.  If it is not then an
      * IllegalStateException will be thrown.
      */
     protected void checkEnabled() {
             if (!isEnabled()) {
                     throw new IllegalStateException("Illegal use of encryption service.  Ecryption service is disabled, to enable please configure 'encryption.key'.");
             }
     }
 
     
 
 }

1		/**
2		* Copyright 2005-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.core.impl.encryption;
17
18		import org.apache.commons.codec.binary.Base64;
19		import org.apache.commons.lang.StringUtils;
20		import org.kuali.rice.core.api.config.property.ConfigContext;
21		import org.kuali.rice.core.api.encryption.EncryptionService;
22
23		import javax.crypto.Cipher;
24		import javax.crypto.KeyGenerator;
25		import javax.crypto.SecretKey;
26		import javax.crypto.SecretKeyFactory;
27		import javax.crypto.spec.DESKeySpec;
28		import java.io.UnsupportedEncodingException;
29		import java.security.GeneralSecurityException;
30		import java.security.MessageDigest;
31
32		/**
33		* Implementation of encryption service for demonstration.
34		*
35		* @author Kuali Rice Team (rice.collab@kuali.org)
36		*/
37		public class DemonstrationGradeEncryptionServiceImpl implements EncryptionService {
38		public final static String ALGORITHM = "DES/ECB/PKCS5Padding";
39		public final static String HASH_ALGORITHM = "SHA";
40
41		private final static String CHARSET = "UTF-8";
42
43		private transient SecretKey desKey;
44
45	0	private boolean isEnabled = false;
46
47	0	public DemonstrationGradeEncryptionServiceImpl() throws Exception {
48	0	if (desKey != null) {
49	0	throw new RuntimeException("The secret key must be kept secret. Storing it in the Java source code is a really bad idea.");
50		}
51	0	String key = ConfigContext.getCurrentContextConfig().getProperty("encryption.key");
52	0	if (!StringUtils.isEmpty(key)) {
53	0	setSecretKey(key);
54		}
55	0	}
56
57		public boolean isEnabled() {
58	0	return isEnabled;
59		}
60
61		public String encrypt(Object valueToHide) throws GeneralSecurityException {
62	0	checkEnabled();
63
64	0	if (valueToHide == null) {
65	0	return "";
66		}
67
68		// Initialize the cipher for encryption
69	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
70	0	cipher.init(Cipher.ENCRYPT_MODE, desKey);
71
72		try {
73		// Our cleartext
74	0	byte[] cleartext = valueToHide.toString().getBytes(CHARSET);
75
76		// Encrypt the cleartext
77	0	byte[] ciphertext = cipher.doFinal(cleartext);
78
79	0	return new String(Base64.encodeBase64(ciphertext), CHARSET);
80	0	} catch (Exception e) {
81	0	throw new RuntimeException(e);
82		}
83
84		}
85
86		public String decrypt(String ciphertext) throws GeneralSecurityException {
87	0	checkEnabled();
88
89	0	if (StringUtils.isBlank(ciphertext)) {
90	0	return "";
91		}
92
93		// Initialize the same cipher for decryption
94	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
95	0	cipher.init(Cipher.DECRYPT_MODE, desKey);
96
97		try {
98		// un-Base64 encode the encrypted data
99	0	byte[] encryptedData = Base64.decodeBase64(ciphertext.getBytes(CHARSET));
100
101		// Decrypt the ciphertext
102	0	byte[] cleartext1 = cipher.doFinal(encryptedData);
103	0	return new String(cleartext1, CHARSET);
104	0	} catch (UnsupportedEncodingException e) {
105	0	throw new RuntimeException(e);
106		}
107		}
108
109		public byte[] encryptBytes(byte[] valueToHide) throws GeneralSecurityException {
110	0	checkEnabled();
111
112	0	if (valueToHide == null) {
113	0	return new byte[0];
114		}
115
116		// Initialize the cipher for encryption
117	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
118	0	cipher.init(Cipher.ENCRYPT_MODE, desKey);
119
120		// Our cleartext
121	0	byte[] cleartext = valueToHide;
122
123		// Encrypt the cleartext
124	0	byte[] ciphertext = cipher.doFinal(cleartext);
125
126	0	return ciphertext;
127		}
128
129		public byte[] decryptBytes(byte[] ciphertext) throws GeneralSecurityException {
130	0	checkEnabled();
131
132	0	if (ciphertext == null) {
133	0	return new byte[0];
134		}
135
136		// Initialize the same cipher for decryption
137	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
138	0	cipher.init(Cipher.DECRYPT_MODE, desKey);
139
140		// un-Base64 encode the encrypted data
141	0	byte[] encryptedData = ciphertext;
142
143		// Decrypt the ciphertext
144	0	byte[] cleartext1 = cipher.doFinal(encryptedData);
145	0	return cleartext1;
146		}
147
148		/**
149		*
150		* This method generates keys. This method is implementation specific and should not be present in any general purpose interface
151		* extracted from this class.
152		*
153		* @return
154		* @throws Exception
155		*/
156		public static String generateEncodedKey() throws Exception {
157	0	KeyGenerator keygen = KeyGenerator.getInstance("DES");
158	0	SecretKey desKey = keygen.generateKey();
159
160		// Create the cipher
161	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
162	0	cipher.init((Cipher.WRAP_MODE), desKey);
163
164	0	SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
165	0	DESKeySpec desSpec = (DESKeySpec) desFactory.getKeySpec(desKey, javax.crypto.spec.DESKeySpec.class);
166	0	byte[] rawDesKey = desSpec.getKey();
167
168	0	return new String(Base64.encodeBase64(rawDesKey));
169		}
170
171		private SecretKey unwrapEncodedKey(String key) throws Exception {
172	0	KeyGenerator keygen = KeyGenerator.getInstance("DES");
173	0	SecretKey desKey = keygen.generateKey();
174
175		// Create the cipher
176	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
177	0	cipher.init((Cipher.UNWRAP_MODE), desKey);
178
179	0	byte[] bytes = Base64.decodeBase64(key.getBytes());
180
181	0	SecretKeyFactory desFactory = SecretKeyFactory.getInstance("DES");
182
183	0	DESKeySpec keyspec = new DESKeySpec(bytes);
184	0	SecretKey k = desFactory.generateSecret(keyspec);
185
186	0	return k;
187
188		}
189
190		/**
191		* Sets the secretKey attribute value.
192		*
193		* @param secretKey The secretKey to set.
194		* @throws Exception
195		*/
196		public void setSecretKey(String secretKey) throws Exception {
197	0	if (!StringUtils.isEmpty(secretKey)) {
198	0	desKey = this.unwrapEncodedKey(secretKey);
199	0	isEnabled = true;
200		// Create the cipher
201	0	Cipher cipher = Cipher.getInstance(ALGORITHM);
202	0	cipher.init((Cipher.WRAP_MODE), desKey);
203		}
204	0	}
205
206		/** Hash the value by converting to a string, running the hash algorithm, and then base64'ng the results.
207		* Returns a blank string if any problems occur or the input value is null or empty.
208		*
209		* @see org.kuali.rice.krad.service.EncryptionService#hash(java.lang.Object)
210		*/
211		public String hash(Object valueToHide) throws GeneralSecurityException {
212	0	if ( valueToHide == null \|\| StringUtils.isEmpty( valueToHide.toString() ) ) {
213	0	return "";
214		}
215		try {
216	0	MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
217	0	return new String( Base64.encodeBase64( md.digest( valueToHide.toString().getBytes( CHARSET ) ) ), CHARSET );
218	0	} catch ( UnsupportedEncodingException ex ) {
219		// should never happen
220		}
221	0	return "";
222		}
223
224		/**
225		* Performs a check to see if the encryption service is enabled. If it is not then an
226		* IllegalStateException will be thrown.
227		*/
228		protected void checkEnabled() {
229	0	if (!isEnabled()) {
230	0	throw new IllegalStateException("Illegal use of encryption service. Ecryption service is disabled, to enable please configure 'encryption.key'.");
231		}
232	0	}
233
234
235
236		}