Author: amilaj
Date: Fri Oct 11 17:08:24 2013
New Revision: 1531360
URL: http://svn.apache.org/r1531360
Log:
Modifyin credential store interface to take secret key dat to encrypt
credentials. This is mainly used when ACS is used as a separate component.
Common code
Added:
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/KeyStorePasswordCallback.java
airavata/trunk/modules/commons/utils/src/test/java/org/apache/airavata/common/utils/SecurityUtilTest.java
airavata/trunk/modules/commons/utils/src/test/resources/mykeystore.jks
(with props)
Modified:
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
Added:
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/KeyStorePasswordCallback.java
URL:
http://svn.apache.org/viewvc/airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/KeyStorePasswordCallback.java?rev=1531360&view=auto
==============================================================================
---
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/KeyStorePasswordCallback.java
(added)
+++
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/KeyStorePasswordCallback.java
Fri Oct 11 17:08:24 2013
@@ -0,0 +1,50 @@
+package org.apache.airavata.common.utils;/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+/**
+ * User: AmilaJ ([email protected])
+ * Date: 10/11/13
+ * Time: 11:30 AM
+ */
+
+/**
+ * An interface to get keystore password in a form of a callback.
+ */
+public interface KeyStorePasswordCallback {
+
+ /**
+ * Caller should implement the interface. Should return the password for
+ * the keystore. This should return the keystore password. i.e. password
used to open the keystore.
+ * Instead of the actual file.
+ * @return The password to open the keystore.
+ */
+ char[] getStorePassword();
+
+ /**
+ * Caller should implement the interface. Should return the pass phrase for
+ * the secret key.
+ * Instead of the actual file.
+ * @param keyAlias The alias of the key
+ * @return The pass phrase for the secret key.
+ */
+ char[] getSecretKeyPassPhrase(String keyAlias);
+
+}
Modified:
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java?rev=1531360&r1=1531359&r2=1531360&view=diff
==============================================================================
---
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
(original)
+++
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
Fri Oct 11 17:08:24 2013
@@ -24,9 +24,15 @@ package org.apache.airavata.common.utils
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
/**
* Class which includes security utilities.
@@ -35,6 +41,10 @@ public class SecurityUtil {
public static final String PASSWORD_HASH_METHOD_PLAINTEXT = "PLAINTEXT";
+ public static final String CHARSET_ENCODING = "UTF-8";
+ public static final String ENCRYPTION_ALGORITHM = "AES";
+ public static final String PADDING_MECHANISM = "AES/CBC/PKCS5Padding";
+
private static final Logger logger =
LoggerFactory.getLogger(SecurityUtil.class);
/**
@@ -83,4 +93,92 @@ public class SecurityUtil {
}
}
+
+ public static byte[] encryptString(String keyStorePath, String keyAlias,
+ KeyStorePasswordCallback passwordCallback,
String value)
+ throws GeneralSecurityException, IOException {
+ return encrypt(keyStorePath, keyAlias, passwordCallback,
value.getBytes(CHARSET_ENCODING));
+ }
+
+ public static byte[] encrypt(String keyStorePath, String keyAlias,
+ KeyStorePasswordCallback passwordCallback,
byte[] value)
+ throws GeneralSecurityException, IOException {
+
+ Key secretKey = getSymmetricKey(keyStorePath, keyAlias,
passwordCallback);
+
+ Cipher cipher = Cipher.getInstance(PADDING_MECHANISM);
+ cipher.init(Cipher.ENCRYPT_MODE, secretKey,
+ new IvParameterSpec(new byte[16]));
+ return cipher.doFinal(value);
+ }
+
+ private static Key getSymmetricKey(String keyStorePath, String keyAlias,
+ KeyStorePasswordCallback
passwordCallback)
+ throws CertificateException, NoSuchAlgorithmException,
KeyStoreException, IOException,
+ UnrecoverableKeyException {
+
+ KeyStore ks = SecurityUtil.loadKeyStore(keyStorePath, "jceks",
passwordCallback);
+
+ if (ks == null) {
+ throw new IOException("Unable to load Java keystore " +
keyStorePath);
+ }
+
+ return ks.getKey(keyAlias,
passwordCallback.getSecretKeyPassPhrase(keyAlias));
+
+ }
+
+ public static byte[] decrypt(String keyStorePath, String keyAlias,
+ KeyStorePasswordCallback passwordCallback,
byte[] encrypted)
+ throws GeneralSecurityException, IOException {
+
+ Key secretKey = getSymmetricKey(keyStorePath, keyAlias,
passwordCallback);
+
+ Cipher cipher = Cipher.getInstance(PADDING_MECHANISM);
+ cipher.init(Cipher.DECRYPT_MODE, secretKey,
+ new IvParameterSpec(new byte[16]));
+
+ return cipher.doFinal(encrypted);
+ }
+
+ public static String decryptString(String keyStorePath, String keyAlias,
+ KeyStorePasswordCallback
passwordCallback, byte[] encrypted)
+ throws GeneralSecurityException, IOException {
+
+ byte[] decrypted = decrypt(keyStorePath, keyAlias, passwordCallback,
encrypted);
+ return new String(decrypted, CHARSET_ENCODING);
+ }
+
+ public static KeyStore loadKeyStore(String keyStoreFilePath, String
keyStoreType,
+ KeyStorePasswordCallback
passwordCallback)
+ throws KeyStoreException, IOException, CertificateException,
NoSuchAlgorithmException {
+
+ java.io.FileInputStream fis = null;
+ try {
+ fis = new java.io.FileInputStream(keyStoreFilePath);
+ return loadKeyStore(fis, keyStoreType, passwordCallback);
+ } finally {
+ if (fis != null) {
+ fis.close();
+ }
+ }
+ }
+
+ public static KeyStore loadKeyStore(InputStream inputStream, String
keyStoreType,
+ KeyStorePasswordCallback
passwordCallback)
+ throws KeyStoreException, IOException, CertificateException,
NoSuchAlgorithmException {
+
+ if (keyStoreType == null) {
+ keyStoreType = KeyStore.getDefaultType();
+ }
+
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
+ ks.load(inputStream, passwordCallback.getStorePassword());
+
+ return ks;
+ }
+
+
+
+
+
}
Added:
airavata/trunk/modules/commons/utils/src/test/java/org/apache/airavata/common/utils/SecurityUtilTest.java
URL:
http://svn.apache.org/viewvc/airavata/trunk/modules/commons/utils/src/test/java/org/apache/airavata/common/utils/SecurityUtilTest.java?rev=1531360&view=auto
==============================================================================
---
airavata/trunk/modules/commons/utils/src/test/java/org/apache/airavata/common/utils/SecurityUtilTest.java
(added)
+++
airavata/trunk/modules/commons/utils/src/test/java/org/apache/airavata/common/utils/SecurityUtilTest.java
Fri Oct 11 17:08:24 2013
@@ -0,0 +1,104 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.airavata.common.utils;
+
+import junit.framework.Assert;
+import org.junit.Test;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.security.KeyStore;
+
+/**
+ * User: AmilaJ ([email protected])
+ * Date: 10/11/13
+ * Time: 10:42 AM
+ */
+
+public class SecurityUtilTest {
+ @Test
+ public void testEncryptString() throws Exception {
+
+ URL url =
this.getClass().getClassLoader().getResource("mykeystore.jks");
+
+ assert url != null;
+
+ String stringToEncrypt = "Test string to encrypt";
+ byte[] encrypted = SecurityUtil.encryptString(url.getPath(), "mykey",
new TestKeyStoreCallback(), stringToEncrypt);
+
+ String decrypted = SecurityUtil.decryptString(url.getPath(), "mykey",
new TestKeyStoreCallback(), encrypted);
+ Assert.assertTrue(stringToEncrypt.equals(decrypted));
+
+ }
+
+ @Test
+ public void testEncryptBytes() throws Exception {
+
+ URL url =
this.getClass().getClassLoader().getResource("mykeystore.jks");
+
+ assert url != null;
+
+ String stringToEncrypt = "Test string to encrypt";
+ byte[] encrypted = SecurityUtil.encrypt(url.getPath(), "mykey", new
TestKeyStoreCallback(),
+ stringToEncrypt.getBytes("UTF-8"));
+
+ byte[] decrypted = SecurityUtil.decrypt(url.getPath(), "mykey", new
TestKeyStoreCallback(), encrypted);
+ Assert.assertTrue(stringToEncrypt.equals(new String(decrypted,
"UTF-8")));
+
+ }
+
+ @Test
+ public void testLoadKeyStore() throws Exception{
+ InputStream inputStream =
this.getClass().getClassLoader().getResourceAsStream("mykeystore.jks");
+
+ KeyStore ks = SecurityUtil.loadKeyStore(inputStream, "jceks", new
TestKeyStoreCallback());
+ Assert.assertNotNull(ks);
+
+ }
+
+ @Test
+ public void testLoadKeyStoreFromFile() throws Exception{
+ URL url =
this.getClass().getClassLoader().getResource("mykeystore.jks");
+
+ assert url != null;
+ KeyStore ks = SecurityUtil.loadKeyStore(url.getPath(), "jceks", new
TestKeyStoreCallback());
+ Assert.assertNotNull(ks);
+
+ }
+
+ private class TestKeyStoreCallback implements KeyStorePasswordCallback {
+
+ @Override
+ public char[] getStorePassword() {
+ return "airavata".toCharArray();
+ }
+
+ @Override
+ public char[] getSecretKeyPassPhrase(String keyAlias) {
+ if (keyAlias.equals("mykey")) {
+ return "airavatasecretkey".toCharArray();
+ }
+
+ return null;
+ }
+ }
+}
Added: airavata/trunk/modules/commons/utils/src/test/resources/mykeystore.jks
URL:
http://svn.apache.org/viewvc/airavata/trunk/modules/commons/utils/src/test/resources/mykeystore.jks?rev=1531360&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
airavata/trunk/modules/commons/utils/src/test/resources/mykeystore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
