1 files changed, 157 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
new file mode 100644
index 000000000..f246c55e1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -0,0 +1,157 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.util;
+
+import iaik.security.cipher.PBEKey;
+import iaik.security.spec.PBEKeyAndParameterSpec;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public abstract class AbstractEncrytionUtil {
+	protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	protected static final String KEYNAME = "AES";
+
+	private SecretKey secret = null;
+	
+	public AbstractEncrytionUtil() throws DatabaseEncryptionException {
+		initialize(getKey(), getSalt());
+	}
+	
+	protected abstract String getSalt();
+	protected abstract String getKey();
+
+	protected void initialize(String key, String salt) throws DatabaseEncryptionException {
+		try {
+			if (MiscUtil.isNotEmpty(key)) {			
+				if (MiscUtil.isEmpty(salt))
+					salt = "TestSalt";
+			
+				PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray());
+				SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK");
+				PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec);
+							
+				SecureRandom random = new SecureRandom();
+				KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK");
+				
+				PBEKeyAndParameterSpec parameterSpec =
+						   new PBEKeyAndParameterSpec(pbeKey.getEncoded(),
+								   					  salt.getBytes(),
+						                              2000,
+						                              16);
+					
+				pbkdf2.init(parameterSpec, random);
+				SecretKey derivedKey = pbkdf2.generateKey();
+				
+				SecretKeySpec spec = new SecretKeySpec(derivedKey.getEncoded(), KEYNAME);
+				SecretKeyFactory kf = SecretKeyFactory.getInstance(KEYNAME, "IAIK");
+				secret = kf.generateSecret(spec);
+				
+			} else {
+				Logger.error("Database encryption can not initialized. No key found!");
+				
+			}
+						
+		} catch (NoSuchAlgorithmException e) {
+			Logger.error("Database encryption can not initialized", e);
+			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+
+		} catch (NoSuchProviderException e) {
+			Logger.error("Database encryption can not initialized", e);
+			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+			
+		} catch (InvalidKeySpecException e) {
+			Logger.error("Database encryption can not initialized", e);
+			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+			
+		} catch (InvalidAlgorithmParameterException e) {
+			Logger.error("Database encryption can not initialized", e);
+			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+			
+		}		
+	}
+	
+	public EncryptedData encrypt(byte[] data) throws BuildException {
+		Cipher cipher;
+		
+		if (secret != null) {
+			try {
+				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
+			    cipher.init(Cipher.ENCRYPT_MODE, secret);
+				
+			    Logger.debug("Encrypt MOASession");
+			    
+			    byte[] encdata = cipher.doFinal(data);
+			    byte[] iv = cipher.getIV();
+			    
+			    return new EncryptedData(encdata, iv);
+			    
+			} catch (Exception e) {
+				Logger.warn("MOASession is not encrypted",e);
+				throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
+			}
+		} else
+			return new EncryptedData(data, null);
+	}
+	
+	public byte[] decrypt(EncryptedData data) throws BuildException {
+		Cipher cipher;
+		
+		if (secret != null) {
+			try {
+				IvParameterSpec iv = new IvParameterSpec(data.getIv());
+				
+				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
+			    cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+				
+			    Logger.debug("Decrypt MOASession");
+			    return cipher.doFinal(data.getEncData());
+			    
+			} catch (Exception e) {
+				Logger.warn("MOASession is not decrypted",e);
+				throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
+			}
+		} else
+		return data.getEncData();
+	}
+	
+}