aboutsummaryrefslogtreecommitdiffstats
path: root/cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java
diff options
context:
space:
mode:
Diffstat (limited to 'cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java')
-rw-r--r--cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java219
1 files changed, 219 insertions, 0 deletions
diff --git a/cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java b/cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java
new file mode 100644
index 0000000..3da0f42
--- /dev/null
+++ b/cdf/src/cdf-prop-value/cdf-util/src/main/java/org/onap/dcae/cdf/util/config/EncryptedConfiguration.java
@@ -0,0 +1,219 @@
+/*
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this code except in compliance
+ with the License. You may obtain a copy of the License
+ at http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+*/
+package org.onap.dcae.cdf.util.config;
+
+import java.util.logging.*;
+// import java.lang.ref.*;
+import org.onap.dcae.cdf.util.common.*;
+import gnu.getopt.Getopt;
+import java.security.*;
+import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Class to manage encrypted configuration values.
+ */
+
+public class EncryptedConfiguration {
+ /**
+ * Our secret key
+ */
+ private String encryptionKey;
+
+ /**
+ * Where to log when things go wrong
+ */
+ private Logger logger;
+
+ public EncryptedConfiguration(String key, Logger logger) {
+ encryptionKey = key.trim();
+ this.logger = logger;
+ }
+
+ /**
+ * Retrieve an encrypted string from the given configuration.
+ * The name will have ".x" appended to it.
+ * Decoded from hex, it will be "method:hexsalt:hexvalue".
+ * The format of the value will be in hex.
+ * Method will be "r" to begin with, for "rc4".
+ */
+ public String getString(Configuration config, String name, String deflt, boolean complain) throws Exception {
+ return getString(config, name, deflt, complain, encryptionKey);
+ }
+
+ /**
+ * Retrieve an encrypted string from the given configuration.
+ * The name will have ".x" appended to it.
+ * Decoded from hex, it will be "method:hexsalt:hexvalue".
+ * The format of the value will be in hex.
+ * Method will be "r" to begin with, for "rc4".
+ */
+ public String getString(Configuration config, String name, String deflt, boolean complain, String key) throws Exception {
+ String str = config.getString(name + ".x", null, complain);
+ if (str == null) {
+ return deflt;
+ }
+ return decrypt(str, key);
+ }
+
+ /**
+ * Decrypt a string in 'method:hexsalt:hexvalue' format.
+ */
+ public static String decrypt(String triple, String key) throws Exception {
+ String[] strParts = triple.trim().split(":");
+ if (strParts.length != 3) throw new Exception("Encrypted value must look like 'x:y:z'");
+ return decrypt(strParts[0], Convert.stringFromHex(strParts[1]), key, Convert.bytesFromHex(strParts[2]));
+ }
+
+ /**
+ * Decrypt a string 'method:hexsalt:hexvalue' format.
+ */
+ public static String decrypt(String method, String salt, String key, byte[] bvalue) throws Exception {
+ /* if (false) {
+ System.out.println("method length=" + method.length()); System.out.println(AsHex.asHex(method));
+ System.out.println("salt length=" + salt.length()); System.out.println(AsHex.asHex(salt));
+ System.out.println("key length=" + key.length()); System.out.println(AsHex.asHex(key));
+ System.out.println("bvalue length=" + bvalue.length); System.out.println(AsHex.asHex(bvalue));
+ } */
+ byte[] secretKey = runDigest(salt + "." + key);
+
+ SecretKeySpec skeySpec = new SecretKeySpec(secretKey, method);
+
+ Cipher cipher = Cipher.getInstance(method); // "AES"
+ cipher.init(Cipher.DECRYPT_MODE, skeySpec);
+
+ byte[] decrypted = cipher.doFinal(bvalue);
+ return new String(decrypted);
+ }
+
+ /**
+ * Encrypt a string using the given method, salt and key.
+ */
+ public static byte[] encrypt(String method, String salt, String key, String value) throws Exception {
+ byte[] bvalue = value.getBytes();
+ byte[] secretKey = runDigest(salt + "." + key);
+
+ SecretKeySpec skeySpec = new SecretKeySpec(secretKey, method);
+
+ Cipher cipher = Cipher.getInstance(method); // "AES"
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+
+ byte[] encrypted = cipher.doFinal(bvalue);
+ return encrypted;
+ }
+
+ /**
+ * Prepare a secret key by running a digest on it.
+ */
+ private static byte[] runDigest(String text) throws Exception {
+ MessageDigest md = MessageDigest.getInstance("MD5");
+ md.reset();
+ md.update(text.getBytes(), 0, text.length());
+ return md.digest();
+ }
+
+ /**
+ * Encrypt a string using the given method, salt and key, and return it as a hex-formated triple.
+ */
+ public static String encryptToTriple(String method, String salt, String key, String value) throws Exception {
+ StringBuilder sb = new StringBuilder(method);
+ sb.append(':').append(Convert.toHexString(salt))
+ .append(':').append(Convert.toHexString(encrypt(method, salt, key, value)));
+ return sb.toString();
+ }
+
+ /**
+ * Create a value that can be used as a salt.
+ */
+ public static String generateSalt() {
+ return Long.toString(System.currentTimeMillis() % 1000) + Pid.getPidStr();
+ }
+
+ public static void usage() {
+ usage(null);
+ }
+
+ public static void usage(String msg) {
+ if (msg != null) System.out.println(msg);
+ System.out.println("Usage: java EncryptedConfiguration -D triple -k key\n" +
+ "java EncryptedConfiguration -d string -m method [-s salt | -S] -k key\n" +
+ "java EncryptedConfiguration -e string -m method [-s salt | -S] -k key\n" +
+ "-D\tdecrypt x:y:z triple\n" +
+ "-d\tdecrypt string (in hex)\n" +
+ "-e\tencrypt string\n" +
+ "-S\tgenerate a salt\n"
+ );
+ System.exit(1);
+ }
+
+ public static void main(String args[]) throws Exception {
+ Getopt g = new Getopt( "EncryptedConfiguration", args, "s:Sk:m:e:d:D:?" );
+
+ int c, verbosity = 0;
+ String salt = null, key = null, method = null, encStr = null, decStr = null, triple = null;
+ boolean genSalt = false;
+
+ while ((c = g.getopt()) != -1) {
+ switch (c) {
+ case 's': salt = g.getOptarg(); break;
+ case 'S': genSalt = true; break;
+ case 'k': key = g.getOptarg(); break;
+ case 'm': method = g.getOptarg(); break;
+ case 'e': encStr = g.getOptarg(); break;
+ case 'd': decStr = g.getOptarg(); break;
+ case 'D': triple = g.getOptarg(); break;
+ case '?': usage(); break;
+ }
+ }
+
+ if (triple == null) {
+ if ((salt == null) && !genSalt) usage("one of -s or -S must be specified");
+ if ((salt != null) && genSalt) usage("only one of -s or -S must be specified");
+ if (key == null) usage("-k must be specified");
+ if (method == null) usage("-m must be specified");
+ if ((encStr == null) && (decStr == null)) usage("one of -d or -e must be specified");
+ if ((encStr != null) && (decStr != null)) usage("only one of -d or -e may be specified");
+ if (genSalt) salt = generateSalt();
+ if (encStr != null)
+ System.out.println(encryptToTriple(method, salt, key, encStr));
+ if (decStr != null)
+ System.out.println(decrypt(method, salt, key, Convert.bytesFromHex(decStr)));
+ } else {
+ if (key == null) usage("-k not specified");
+ System.out.println(decrypt(triple, key));
+ }
+
+ // http://forums.sun.com/thread.jspa?threadID=5290983
+ // try {
+ // String message = "Strong Versus Unlimited Strength Cryptography";
+ // SecretKeySpec skeySpec = new SecretKeySpec("0123456789ABCDEF".getBytes(), "AES"); //AES-128
+
+ // Cipher cipher = Cipher.getInstance("AES"); // "AES/ECB/NoPadding"
+ // cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+
+ // byte[] encrypted = cipher.doFinal(message.getBytes());
+ // System.out.println("encrypted string: " + encrypted); //storing into MySQL DB
+ // System.out.println("in hex: '" + Convert.toHexString(encrypted) + "'");
+
+ // cipher.init(Cipher.DECRYPT_MODE, skeySpec);
+ // byte[] original = cipher.doFinal(encrypted);
+ // String originalString = new String(original);
+ // System.out.println("Original string: " + originalString);
+ // } catch (Exception e) {
+ // System.err.println("Exception caught: " + e.toString());
+ // }
+ }
+}