Ejemplo n.º 1
0
  private static void runTest(boolean isUnlimited) throws Exception {
    System.out.println("Testing " + (isUnlimited ? "un" : "") + "limited policy...");

    String algo = "Blowfish";
    int keyLength = Cipher.getMaxAllowedKeyLength(algo);
    AlgorithmParameterSpec spec = Cipher.getMaxAllowedParameterSpec(algo);
    if (isUnlimited) {
      if ((keyLength != Integer.MAX_VALUE) || (spec != null)) {
        throw new Exception("Check for " + algo + " failed under unlimited policy");
      }
    } else {
      if ((keyLength != 128) || (spec != null)) {
        throw new Exception("Check for " + algo + " failed under default policy");
      }
    }
    algo = "RC5";
    keyLength = Cipher.getMaxAllowedKeyLength(algo);
    RC5ParameterSpec rc5param = (RC5ParameterSpec) Cipher.getMaxAllowedParameterSpec(algo);
    if (isUnlimited) {
      if ((keyLength != Integer.MAX_VALUE) || (rc5param != null)) {
        throw new Exception("Check for " + algo + " failed under unlimited policy");
      }
    } else {
      if ((keyLength != 128)
          || (rc5param.getRounds() != 12)
          || (rc5param.getVersion() != Integer.MAX_VALUE)
          || (rc5param.getWordSize() != Integer.MAX_VALUE)) {
        throw new Exception("Check for " + algo + " failed under default policy");
      }
    }
    System.out.println("All tests passed");
  }
Ejemplo n.º 2
0
 // Evaluate an unlimited strength algorithm to determine if we support the capability we have on
 // the system
 static {
   try {
     isUnlimitedStrengthCryptographyEnabled =
         (Cipher.getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH);
   } catch (NoSuchAlgorithmException e) {
     // if there are issues with this, we default back to the value established
     isUnlimitedStrengthCryptographyEnabled = false;
   }
 }
Ejemplo n.º 3
0
 private static void crashIfJCEMissing() throws NoSuchAlgorithmException, Exception {
   int size = Cipher.getMaxAllowedKeyLength("AES");
   Integer expected = Integer.MAX_VALUE;
   if (size < expected) {
     String msg =
         "Max key size is "
             + size
             + ", but expected "
             + expected
             + ". Unfortunately, you have a security policy that limits your encryption "
             + "strength. Please either use OpenJDK or allow yourself to use strong crypto\n"
             + "by installing the according JCE files:\n"
             + "http://stackoverflow.com/questions/6481627/java-security-illegal-key-size-or-default-parameters";
     throw new Exception(msg);
   }
 }
Ejemplo n.º 4
0
  public static synchronized void init() {
    if (!initialized) {
      logger.log(Level.INFO, "Initializing crypto settings and security provider ...");

      // Bouncy Castle
      if (Security.getProvider(PROVIDER) == null) {
        Security.addProvider(new BouncyCastleProvider());
      }

      // Unlimited strength
      try {
        unlimitedStrengthEnabled = Cipher.getMaxAllowedKeyLength("AES") > 128;
      } catch (Exception e) {
        unlimitedStrengthEnabled = false;
      }

      initialized = true;
    }
  }
Ejemplo n.º 5
0
  public static void main(String[] args) throws Exception {
    try {
      Set<String> algorithms = Security.getAlgorithms("Cipher");
      for (String algorithm : algorithms) {
        int max;
        max = Cipher.getMaxAllowedKeyLength(algorithm);
        System.out.printf("%-22s: %dbit%n", algorithm, max);
      }
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    }

    String originalPassword = "******";
    System.out.println("Original password: "******"Encrypted password: "******"Decrypted password: " + decryptedPassword);
  }
Ejemplo n.º 6
0
  public void afterPropertiesSet() throws Exception {
    // Check preconditions: Maximum key length
    try {
      if (Cipher.getMaxAllowedKeyLength("AES") < Integer.MAX_VALUE) {
        String tutorialUrl =
            "http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml";
        //				throw new CryptoException(
        //				    "Your system has a restriction on the encryption algorithm key length. Please
        // remove this restriction. For more info, see "
        //				        + tutorialUrl);
      }
    } catch (NoSuchAlgorithmException e) {
      throw new CryptoException("No AES provider is installed on your system ?!", e);
    }

    activeProvider =
        new DefaultCryptoProvider(
            cryptoProperties.getSimpleKeystore(),
            cryptoProperties.getSimplePassword(),
            cryptoProperties.getCreateKeystoreFileIfNotExist());
  }
Ejemplo n.º 7
0
 @Test
 public void verifyUnlimitedJcePolicy() throws NoSuchAlgorithmException {
   assertTrue(Cipher.getMaxAllowedKeyLength("AES") >= 256);
 }
Ejemplo n.º 8
0
 @Test
 public void checkUnlimitedStrength() throws NoSuchAlgorithmException {
   log.info("Max allowed key length is {} bits for AES", Cipher.getMaxAllowedKeyLength("AES"));
   assertFalse(
       "Unlimited cryptographic strength unavailable", Cipher.getMaxAllowedKeyLength("AES") < 256);
 }
Ejemplo n.º 9
0
  public static void contributeApplicationDefaults(
      MappedConfiguration<String, String> configuration) {
    // Contributions to ApplicationDefaults will override any contributions to
    // FactoryDefaults (with the same key). Here we're restricting the supported
    // locales to just "en" (English). As you add localised message catalogs and other assets,
    // you can extend this list of locales (it's a comma separated series of locale names;
    // the first locale name is the default when there's no reasonable match).

    // The factory default is true but during the early stages of an application
    // overriding to false is a good idea. In addition, this is often overridden
    // on the command line as -Dtapestry.production-mode=false

    if (!isProduction) {
      configuration.add(SymbolConstants.PRODUCTION_MODE, "false");
      configuration.add(SymbolConstants.COMPONENT_RENDER_TRACING_ENABLED, "false");
      configuration.add(SymbolConstants.COMPACT_JSON, "false");
      configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "false");
      configuration.add(SymbolConstants.MINIFICATION_ENABLED, "false");
    } else {
      // LINK_PATH_PERMISSIONS[0][0] = null;
      configuration.add(SymbolConstants.PRODUCTION_MODE, "true");
      configuration.add(SymbolConstants.COMPONENT_RENDER_TRACING_ENABLED, "false");
      configuration.add(SymbolConstants.COMPACT_JSON, "true");
      configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
      configuration.add(SymbolConstants.MINIFICATION_ENABLED, "true");
    }
    // todo check
    // http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/HMAC-Passphrase-Could-Be-Much-More-Useful-Correct-Me-If-I-m-Wrong-td5724606.html
    configuration.add(SymbolConstants.HMAC_PASSPHRASE, RandomStringUtils.randomAscii(10));

    configuration.add(SymbolConstants.JAVASCRIPT_INFRASTRUCTURE_PROVIDER, "jquery");
    configuration.add(SymbolConstants.SESSION_LOCKING_ENABLED, "true");
    configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en,fr");
    // configuration.add(SymbolConstants.DEFAULT_STYLESHEET, "context:styles/empty.css");

    // The application version number is incorporated into URLs for some
    // assets. Web browsers will cache assets because of the far future expires
    // header. If existing assets are changed, the version number should also
    // change, to force the browser to download new versions.
    configuration.add(SymbolConstants.APPLICATION_VERSION, "1.0");
    configuration.add(SymbolConstants.START_PAGE_NAME, "SEC");
    configuration.add(SymbolConstants.SECURE_ENABLED, "true");

    configuration.add(SymbolConstants.HOSTPORT, "8080");
    configuration.add(SymbolConstants.HOSTPORT_SECURE, "8443");

    // Tynamo's tapestry-security module configuration
    configuration.add(SecuritySymbols.LOGIN_URL, URL_LOGIN);
    configuration.add(SecuritySymbols.SUCCESS_URL, URL_SUCCESS);
    configuration.add(SecuritySymbols.UNAUTHORIZED_URL, URL_UNAUTHORIZED);

    configuration.add(SymbolConstants.TAPESTRY_VERSION, "false");

    // Check JCE Unlimited StrengthJurisdictionPolicyFilesInstalled
    try {
      if (Cipher.getMaxAllowedKeyLength("AES") < 2147483647) {
        LOG.error(
            "### JCE Unlimited Strength Jurisdiction Policy Files is NOT Installed.\n"
                + "http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html");
      }
    } catch (NoSuchAlgorithmException e) {
      LOG.error(
          "### JCA JSSE JCE API not found. - http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html");
    }
  }