/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.util; import java.security.spec.KeySpec; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; public class SessionEncrytionUtil { static SecretKey secret = null; static { try { String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey(); if (key != null) { SecretKeyFactory factory; factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128); SecretKey tmp = factory.generateSecret(spec); secret = new SecretKeySpec(tmp.getEncoded(), "AES"); } else { Logger.warn("MOASession encryption is deaktivated."); } } catch (Exception e) { Logger.warn("MOASession encryption can not be inizialized.", e); } } public static byte[] encrypt(byte[] data) throws BuildException { Cipher cipher; if (secret != null) { try { cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); cipher.init(Cipher.ENCRYPT_MODE, secret); Logger.debug("Encrypt MOASession"); return cipher.doFinal(data); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); throw new BuildException("MOASession is not encrypted", new Object[]{}, e); } } else return data; } public static byte[] decrypt(byte[] data) throws BuildException { Cipher cipher; if (secret != null) { try { cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); cipher.init(Cipher.DECRYPT_MODE, secret); Logger.debug("Decrypt MOASession"); return cipher.doFinal(data); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); throw new BuildException("MOASession is not decrypted", new Object[]{}, e); } } else return data; } }