1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.util; |
18 |
|
|
19 |
|
import java.security.NoSuchAlgorithmException; |
20 |
|
import java.security.spec.InvalidKeySpecException; |
21 |
|
|
22 |
|
import javax.crypto.Cipher; |
23 |
|
import javax.crypto.SecretKey; |
24 |
|
import javax.crypto.SecretKeyFactory; |
25 |
|
import javax.crypto.spec.PBEKeySpec; |
26 |
|
import javax.crypto.spec.PBEParameterSpec; |
27 |
|
|
28 |
|
import org.apache.commons.codec.binary.Base64; |
29 |
|
import org.apache.jetspeed.security.SecurityException; |
30 |
|
|
31 |
|
|
32 |
|
|
33 |
|
|
34 |
|
|
35 |
|
|
36 |
|
|
37 |
|
|
38 |
|
|
39 |
|
public class PBEPasswordTool |
40 |
|
{ |
41 |
|
|
42 |
|
private static final String CIPHER_ALGORITM = "PBEwithMD5andDES"; |
43 |
|
|
44 |
|
private static final int PKCS_5_ITERATIONCOUNT = 1111; |
45 |
|
|
46 |
0 |
private static final byte[] PKCS_5_BASE_SALT = {(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32, (byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03}; |
47 |
|
|
48 |
|
|
49 |
|
private SecretKey pbeKey; |
50 |
|
|
51 |
|
public PBEPasswordTool(String pbePassword) throws InvalidKeySpecException, NoSuchAlgorithmException |
52 |
0 |
{ |
53 |
0 |
pbeKey = SecretKeyFactory.getInstance(CIPHER_ALGORITM).generateSecret(new PBEKeySpec(pbePassword.toCharArray())); |
54 |
0 |
} |
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
public String encode(String userName, String clearTextPassword) throws SecurityException |
61 |
|
{ |
62 |
|
try |
63 |
|
{ |
64 |
|
|
65 |
0 |
PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT); |
66 |
|
|
67 |
0 |
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM); |
68 |
0 |
cipher.init(Cipher.ENCRYPT_MODE,pbeKey,cipherSpec); |
69 |
|
|
70 |
0 |
return new String(Base64.encodeBase64(cipher.doFinal(clearTextPassword.getBytes("UTF-8"))), "UTF-8"); |
71 |
|
} |
72 |
0 |
catch (Exception e) |
73 |
|
{ |
74 |
0 |
throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","encode",e.getMessage()), e); |
75 |
|
} |
76 |
|
} |
77 |
|
|
78 |
|
|
79 |
|
|
80 |
|
|
81 |
|
public String decode(String userName, String encodedPassword) throws SecurityException |
82 |
|
{ |
83 |
|
try |
84 |
|
{ |
85 |
|
|
86 |
0 |
PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT); |
87 |
|
|
88 |
0 |
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM); |
89 |
0 |
cipher.init(Cipher.DECRYPT_MODE,pbeKey,cipherSpec); |
90 |
|
|
91 |
0 |
return new String(cipher.doFinal(Base64.decodeBase64(encodedPassword.getBytes("UTF-8"))), "UTF-8"); |
92 |
|
} |
93 |
0 |
catch (Exception e) |
94 |
|
{ |
95 |
0 |
throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","decode",e.getMessage()), e); |
96 |
|
} |
97 |
|
} |
98 |
|
|
99 |
|
|
100 |
|
|
101 |
|
|
102 |
|
private byte[] createSalt(byte[] secret) |
103 |
|
{ |
104 |
0 |
byte[] salt = new byte[PKCS_5_BASE_SALT.length]; |
105 |
0 |
int i = 0; |
106 |
0 |
for (;i < salt.length && i < secret.length; i++) |
107 |
|
{ |
108 |
0 |
salt[i] = secret[i]; |
109 |
|
} |
110 |
0 |
for (; i < salt.length; i++) |
111 |
|
{ |
112 |
0 |
salt[i] = PKCS_5_BASE_SALT[i]; |
113 |
|
} |
114 |
0 |
return salt; |
115 |
|
} |
116 |
|
|
117 |
|
public static void main(String args[]) throws Exception |
118 |
|
{ |
119 |
0 |
if (args.length != 4 || (!args[0].equals("encode") && !args[0].equals("decode"))) |
120 |
|
{ |
121 |
0 |
System.err.println("Encode/Decode a user password using Password Based Encryption"); |
122 |
0 |
System.err.println("Usage: PBEPasswordTool <encode|decode> <encoding-password> <username> <password>"); |
123 |
0 |
System.err.println(" encode|decode : specify if to encode or decode the provided password"); |
124 |
0 |
System.err.println(" encoding-password: the password to be used for encoding and decoding"); |
125 |
0 |
System.err.println(" username : the name of the user to which the provided password belongs"); |
126 |
0 |
System.err.println(" password : the cleartext password to encode, or the encoded password to decode\n"); |
127 |
|
} |
128 |
0 |
else if (args[0].toLowerCase().equals("encode")) |
129 |
|
{ |
130 |
0 |
System.out.println("Encoded password: "+new PBEPasswordTool(args[1]).encode(args[2],args[3])); |
131 |
|
} |
132 |
|
else |
133 |
|
{ |
134 |
0 |
System.out.println("Decoded password: "+new PBEPasswordTool(args[1]).decode(args[2],args[3])); |
135 |
|
} |
136 |
0 |
} |
137 |
|
} |