Repository: wicket Updated Branches: refs/heads/5756-improve-crypt [created] 776c42dc0
WICKET-5756 Allow to use custom ciphers when using SunJceCrypt class Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/776c42dc Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/776c42dc Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/776c42dc Branch: refs/heads/5756-improve-crypt Commit: 776c42dc06ed40c1356859f3c4a81eaafdc4649b Parents: e850af6 Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Tue Nov 11 11:47:56 2014 +0200 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Tue Nov 11 11:47:56 2014 +0200 ---------------------------------------------------------------------- .../crypt/KeyInSessionSunJceCryptFactory.java | 2 +- .../wicket/settings/def/SecuritySettings.java | 17 ++----- .../apache/wicket/util/crypt/AbstractCrypt.java | 8 +-- .../wicket/util/crypt/ClassCryptFactory.java | 15 +++--- .../crypt/CryptFactoryCachingDecorator.java | 10 ++-- .../wicket/util/crypt/NoCryptFactory.java | 10 +--- .../apache/wicket/util/crypt/SunJceCrypt.java | 53 +++++++++++++++++--- .../apache/wicket/util/crypt/TrivialCrypt.java | 11 ---- 8 files changed, 64 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java index d3b137b..b6d25be 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java @@ -36,7 +36,7 @@ import org.apache.wicket.util.crypt.SunJceCrypt; public class KeyInSessionSunJceCryptFactory implements ICryptFactory { /** metadata-key used to store crypto-key in session metadata */ - private static MetaDataKey<String> KEY = new MetaDataKey<String>() + private static final MetaDataKey<String> KEY = new MetaDataKey<String>() { private static final long serialVersionUID = 1L; }; http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java index 3b7f8ad..5e4aa10 100644 --- a/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java +++ b/wicket-core/src/main/java/org/apache/wicket/settings/def/SecuritySettings.java @@ -25,6 +25,7 @@ import org.apache.wicket.authorization.UnauthorizedInstantiationException; import org.apache.wicket.settings.ISecuritySettings; import org.apache.wicket.util.crypt.CachingSunJceCryptFactory; import org.apache.wicket.util.crypt.ICryptFactory; +import org.apache.wicket.util.lang.Args; /** * @author Jonathan Locke @@ -80,9 +81,6 @@ public class SecuritySettings implements ISecuritySettings return authorizationStrategy; } - /** - * @see org.apache.wicket.settings.ISecuritySettings#getCryptFactory() - */ @Override public synchronized ICryptFactory getCryptFactory() { @@ -117,23 +115,14 @@ public class SecuritySettings implements ISecuritySettings @Override public void setAuthorizationStrategy(IAuthorizationStrategy strategy) { - if (strategy == null) - { - throw new IllegalArgumentException("authorization strategy cannot be set to null"); - } + Args.notNull(strategy, "authorization strategy"); authorizationStrategy = strategy; } - /** - * @see org.apache.wicket.settings.ISecuritySettings#setCryptFactory(org.apache.wicket.util.crypt.ICryptFactory) - */ @Override public void setCryptFactory(ICryptFactory cryptFactory) { - if (cryptFactory == null) - { - throw new IllegalArgumentException("cryptFactory cannot be null"); - } + Args.notNull(cryptFactory, "Crypt factory"); this.cryptFactory = cryptFactory; } http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java index 4d2c7e2..e28db30 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java @@ -86,7 +86,9 @@ public abstract class AbstractCrypt implements ICrypt try { byte[] encrypted = encryptStringToByteArray(plainText); - return new String(new Base64(-1, null, true).encode(encrypted), CHARACTER_ENCODING); + Base64 base64 = new Base64(-1, null, true); + byte[] encoded = base64.encode(encrypted); + return new String(encoded, CHARACTER_ENCODING); } catch (GeneralSecurityException e) { @@ -142,7 +144,7 @@ public abstract class AbstractCrypt implements ICrypt * byte array to decrypt * @return the decrypted text */ - private final byte[] decryptByteArray(final byte[] encrypted) + private byte[] decryptByteArray(final byte[] encrypted) { try { @@ -163,7 +165,7 @@ public abstract class AbstractCrypt implements ICrypt * @return the string encrypted * @throws GeneralSecurityException */ - private final byte[] encryptStringToByteArray(final String plainText) + private byte[] encryptStringToByteArray(final String plainText) throws GeneralSecurityException { try http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/ClassCryptFactory.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/ClassCryptFactory.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/ClassCryptFactory.java index a144ecc..b2e260c 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/ClassCryptFactory.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/ClassCryptFactory.java @@ -57,30 +57,27 @@ public class ClassCryptFactory implements ICryptFactory this.encryptionKey = encryptionKey; } - /** - * @see org.apache.wicket.util.crypt.ICryptFactory#newCrypt() - */ @Override public ICrypt newCrypt() { try { ICrypt crypt = (ICrypt)(cryptClass.get()).newInstance(); - log.info("using encryption/decryption object " + crypt); + log.info("using encryption/decryption object {}", crypt); crypt.setKey(encryptionKey); return crypt; } catch (Exception e) { log.warn("************************** WARNING **************************"); - log.warn("As the instantion of encryption/decryption class:"); + log.warn("As the instantiation of encryption/decryption class:"); log.warn("\t" + cryptClass); log.warn("failed, Wicket will fallback on a dummy implementation"); log.warn("\t(" + NoCrypt.class.getName() + ")"); - log.warn("This is not recommended for production systems."); + log.warn("This is NOT recommended for production systems."); log.warn("Please override method org.apache.wicket.Application.newCrypt()"); - log.warn("to provide a custom encryption/decryption implementation"); - log.warn("The cause of the instantion failure: "); + log.warn("to provide a custom encryption/decryption implementation."); + log.warn("The cause of the instantiation failure: "); log.warn("\t" + e.getMessage()); if (log.isDebugEnabled()) { @@ -88,7 +85,7 @@ public class ClassCryptFactory implements ICryptFactory } else { - log.warn("set log level to DEBUG to display the stack trace."); + log.warn("Set log level to DEBUG to display the stack trace."); } log.warn("*************************************************************"); http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/CryptFactoryCachingDecorator.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/CryptFactoryCachingDecorator.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/CryptFactoryCachingDecorator.java index 3a8be90..9fc7142 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/CryptFactoryCachingDecorator.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/CryptFactoryCachingDecorator.java @@ -17,6 +17,8 @@ package org.apache.wicket.util.crypt; +import org.apache.wicket.util.lang.Args; + /** * {@link ICryptFactory} decorator that caches the call to {@link ICryptFactory#newCrypt()} * @@ -35,16 +37,10 @@ public class CryptFactoryCachingDecorator implements ICryptFactory */ public CryptFactoryCachingDecorator(final ICryptFactory delegate) { - if (delegate == null) - { - throw new IllegalArgumentException("delegate cannot be null"); - } + Args.notNull(delegate, "delegate"); this.delegate = delegate; } - /** - * @see org.apache.wicket.util.crypt.ICryptFactory#newCrypt() - */ @Override public final ICrypt newCrypt() { http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCryptFactory.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCryptFactory.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCryptFactory.java index a7baba5..f33efce 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCryptFactory.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCryptFactory.java @@ -26,18 +26,10 @@ public class NoCryptFactory implements ICryptFactory { private static final ICrypt crypt = new NoCrypt(); - /** - * Construct. - */ - public NoCryptFactory() - { - - } - @Override public ICrypt newCrypt() { return crypt; } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java index 2af21f4..45642fb 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java @@ -20,7 +20,9 @@ import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; import javax.crypto.Cipher; import javax.crypto.SecretKey; @@ -28,6 +30,8 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; +import org.apache.wicket.util.lang.Args; + /** * Provide some simple means to encrypt and decrypt strings such as passwords. The whole @@ -44,19 +48,35 @@ public class SunJceCrypt extends AbstractCrypt */ private final static int COUNT = 17; - /** Name of encryption method */ + /** Name of the default encryption method */ private static final String CRYPT_METHOD = "PBEWithMD5AndDES"; /** Salt */ private final static byte[] salt = { (byte)0x15, (byte)0x8c, (byte)0xa3, (byte)0x4a, (byte)0x66, (byte)0x51, (byte)0x2a, (byte)0xbc }; + /** Name of encryption method */ + private final String cryptMethod; + /** * Constructor */ public SunJceCrypt() { - if (Security.getProviders("Cipher." + CRYPT_METHOD).length > 0) + this(CRYPT_METHOD); + } + + /** + * Constructor. + * + * @param cryptMethod + * the name of encryption method + */ + public SunJceCrypt(String cryptMethod) + { + this.cryptMethod = Args.notNull(cryptMethod, "Crypt method"); + + if (Security.getProviders("Cipher." + cryptMethod).length > 0) { return; // we are good to go! } @@ -77,7 +97,7 @@ public class SunJceCrypt extends AbstractCrypt * Crypts the given byte array * * @param input - * byte array to be crypted + * byte array to be encrypted * @param mode * crypt mode * @return the input crypted. Null in case of an error @@ -88,8 +108,8 @@ public class SunJceCrypt extends AbstractCrypt throws GeneralSecurityException { SecretKey key = generateSecretKey(); - PBEParameterSpec spec = new PBEParameterSpec(salt, COUNT); - Cipher ciph = Cipher.getInstance(CRYPT_METHOD); + AlgorithmParameterSpec spec = createParameterSpec(); + Cipher ciph = Cipher.getInstance(cryptMethod); ciph.init(mode, key, spec); return ciph.doFinal(input); } @@ -106,10 +126,27 @@ public class SunJceCrypt extends AbstractCrypt * @throws InvalidKeySpecException * invalid encryption key */ - private final SecretKey generateSecretKey() throws NoSuchAlgorithmException, + private SecretKey generateSecretKey() throws NoSuchAlgorithmException, InvalidKeySpecException { - final PBEKeySpec spec = new PBEKeySpec(getKey().toCharArray()); - return SecretKeyFactory.getInstance(CRYPT_METHOD).generateSecret(spec); + SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(cryptMethod); + KeySpec spec = createKeySpec(); + return keyFactory.generateSecret(spec); + } + + /** + * @return the parameter spec to be used for the configured crypt method + */ + protected AlgorithmParameterSpec createParameterSpec() + { + return new PBEParameterSpec(salt, COUNT); + } + + /** + * @return the key spec to be used for the configured crypt method + */ + protected KeySpec createKeySpec() + { + return new PBEKeySpec(getKey().toCharArray()); } } http://git-wip-us.apache.org/repos/asf/wicket/blob/776c42dc/wicket-util/src/main/java/org/apache/wicket/util/crypt/TrivialCrypt.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/TrivialCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/TrivialCrypt.java index 300fb7c..5aab8e7 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/TrivialCrypt.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/TrivialCrypt.java @@ -25,17 +25,6 @@ import java.security.GeneralSecurityException; */ public class TrivialCrypt extends AbstractCrypt { - /** - * Constructor - */ - public TrivialCrypt() - { - super(); - } - - /** - * @see org.apache.wicket.util.crypt.AbstractCrypt#crypt(byte[], int) - */ @Override protected byte[] crypt(final byte[] input, final int mode) throws GeneralSecurityException {
