/*
* Encrypt private key using Password-based encryption (PBE)
* as defined in PKCS#5.
*
* NOTE: Currently pbeWithSHAAnd3-KeyTripleDES-CBC algorithmID is
* used to derive the key and IV.
*
* @return encrypted private key encoded as EncryptedPrivateKeyInfo
*/
private byte[] encryptPrivateKey(byte[] data, char[] password)
throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
byte[] key = null;
try {
// create AlgorithmParameters
AlgorithmParameters algParams = getAlgorithmParameters("PBEWithSHA1AndDESede");
// Use JCE
SecretKey skey = getPBEKey(password);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
byte[] encryptedKey = cipher.doFinal(data);
// wrap encrypted private key in EncryptedPrivateKeyInfo
// as defined in PKCS#8
AlgorithmId algid = new AlgorithmId(pbeWithSHAAnd3KeyTripleDESCBC_OID, algParams);
EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(algid, encryptedKey);
key = encrInfo.getEncoded();
} catch (Exception e) {
UnrecoverableKeyException uke =
new UnrecoverableKeyException("Encrypt Private Key failed: " + e.getMessage());
uke.initCause(e);
throw uke;
}
return key;
}
public static byte[] decode(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2) {
SecretKeySpec localSecretKeySpec = new SecretKeySpec(paramArrayOfByte2, "AES");
try {
Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
localCipher.init(Cipher.DECRYPT_MODE, localSecretKeySpec);
byte[] arrayOfByte = localCipher.doFinal(paramArrayOfByte1);
return arrayOfByte;
} catch (Exception localException) {
localException.printStackTrace();
}
return null;
}
private long addCertificateToKeychain(String alias, Certificate cert) {
byte[] certblob = null;
long returnValue = 0;
try {
certblob = cert.getEncoded();
returnValue = _addItemToKeychain(alias, true, certblob, null);
} catch (Exception e) {
e.printStackTrace();
}
return returnValue;
}
/*
* Generate PBE key
*/
private SecretKey getPBEKey(char[] password) throws IOException {
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
} catch (Exception e) {
IOException ioe = new IOException("getSecretKey failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return skey;
}
/*
* Generate PBE Algorithm Parameters
*/
private AlgorithmParameters getAlgorithmParameters(String algorithm) throws IOException {
AlgorithmParameters algParams = null;
// create PBE parameters from salt and iteration count
PBEParameterSpec paramSpec = new PBEParameterSpec(getSalt(), iterationCount);
try {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(paramSpec);
} catch (Exception e) {
IOException ioe = new IOException("getAlgorithmParameters failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return algParams;
}
// decrypts string
public String decrypt(String toDecrypt) {
try {
// see the above comment for rant, replacing Encoder with Decoder... kthxbye
// note: "above comment" no longer exists
byte[] decoded = Base64.decode(toDecrypt);
// decrypt
byte[] bytes = decryptionCipher.doFinal(decoded);
return new String(bytes, "ASCII");
} catch (Exception e) {
System.out.println("Decryption Error: " + e);
e.printStackTrace();
}
return null;
}
public static byte[] decode64(byte[] paramArrayOfByte) {
SecretKeySpec localSecretKeySpec = new SecretKeySpec(BaseSecretKey, "AES");
try {
// byte[] arrayOfByte1 = Base64.decodeBase64(paramArrayOfByte);
byte[] arrayOfByte1 = Base64.decode(paramArrayOfByte, Base64.DEFAULT);
Cipher localCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
localCipher.init(Cipher.DECRYPT_MODE, localSecretKeySpec);
byte[] arrayOfByte2 = localCipher.doFinal(arrayOfByte1);
return arrayOfByte2;
} catch (Exception localException) {
localException.printStackTrace();
}
return null;
}
/**
* 对字符串加密
*
* @param source String 要加密的字符串
* @return byte[] 已加密的字节
*/
public byte[] encrypt(String source) {
try {
// Encode the string into bytes using utf-8
// byte[] utf8 = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Encrypt
byte[] enc = ecipher.doFinal(source.getBytes());
// Encode bytes to base64 to get a string
// return new sun.misc.BASE64Encoder().encode(enc);
return enc;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public void run() {
try {
BufferedReader br =
new BufferedReader(new InputStreamReader(new FileInputStream(file), charset));
if (outputFile != null) {
bw =
new BufferedWriter(new OutputStreamWriter(new FileOutputStream(outputFile), charset));
}
String line;
while ((line = br.readLine()) != null) {
filePosition += line.length() + 2;
line = line.trim();
if (!line.startsWith("#")) {
String[] sides = split(line);
if ((sides != null) && !sides[0].equals("key")) {
if (searchPHI) {
// Search the decrypted PHI for the searchText
sides[0] = decrypt(sides[0]);
if (sides[0].indexOf(searchText) != -1) {
output(sides[0] + " = " + sides[1] + "\n");
}
} else {
// Search the trial ID for the searchText
if (sides[1].indexOf(searchText) != -1) {
sides[0] = decrypt(sides[0]);
output(sides[0] + " = " + sides[1] + "\n");
}
}
}
}
}
br.close();
if (bw != null) {
bw.flush();
bw.close();
}
} catch (Exception e) {
append("\n\n" + e.getClass().getName() + ": " + e.getMessage() + "\n");
}
append("\nDone.\n");
setMessage("Ready...");
}
/*
* parse Algorithm Parameters
*/
private AlgorithmParameters parseAlgParameters(DerInputStream in) throws IOException {
AlgorithmParameters algParams = null;
try {
DerValue params;
if (in.available() == 0) {
params = null;
} else {
params = in.getDerValue();
if (params.tag == DerValue.tag_Null) {
params = null;
}
}
if (params != null) {
algParams = AlgorithmParameters.getInstance("PBE");
algParams.init(params.toByteArray());
}
} catch (Exception e) {
IOException ioe = new IOException("parseAlgParameters failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return algParams;
}
public EncryDes() {
try {
// Create the key,"hshundsun2008"为随即初始化密文
String passPhrase = "hshundsun2008";
/* 生成秘钥 */
KeySpec keySpec = new DESKeySpec(passPhrase.getBytes());
SecretKey key = SecretKeyFactory.getInstance("DES").generateSecret(keySpec);
// SecretKeySpec key = new
// SecretKeySpec(passPhrase.getBytes(),"DES");
/* 初始化加解密实例 */
ecipher = Cipher.getInstance(key.getAlgorithm());
dcipher = Cipher.getInstance(key.getAlgorithm());
// Prepare the parameter to the ciphers
// AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt,
// iterationCount);
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch (Exception e) {
e.printStackTrace();
}
}
/*
* The previous caller failed for some reason, report back the
* Exception. We won't worry about Error's.
*
* Locked by SSLEngine.this.
*/
void checkThrown() throws SSLException {
synchronized (thrownLock) {
if (thrown != null) {
String msg = thrown.getMessage();
if (msg == null) {
msg = "Delegated task threw Exception/Error";
}
/*
* See what the underlying type of exception is. We should
* throw the same thing. Chain thrown to the new exception.
*/
Exception e = thrown;
thrown = null;
if (e instanceof RuntimeException) {
throw (RuntimeException) new RuntimeException(msg).initCause(e);
} else if (e instanceof SSLHandshakeException) {
throw (SSLHandshakeException) new SSLHandshakeException(msg).initCause(e);
} else if (e instanceof SSLKeyException) {
throw (SSLKeyException) new SSLKeyException(msg).initCause(e);
} else if (e instanceof SSLPeerUnverifiedException) {
throw (SSLPeerUnverifiedException) new SSLPeerUnverifiedException(msg).initCause(e);
} else if (e instanceof SSLProtocolException) {
throw (SSLProtocolException) new SSLProtocolException(msg).initCause(e);
} else {
/*
* If it's SSLException or any other Exception,
* we'll wrap it in an SSLException.
*/
throw (SSLException) new SSLException(msg).initCause(e);
}
}
}
}
/**
* Returns the key associated with the given alias, using the given password to recover it.
*
* @param alias the alias name
* @param password the password for recovering the key. This password is used internally as the
* key is exported in a PKCS12 format.
* @return the requested key, or null if the given alias does not exist or does not identify a
* <i>key entry</i>.
* @exception NoSuchAlgorithmException if the algorithm for recovering the key cannot be found
* @exception UnrecoverableKeyException if the key cannot be recovered (e.g., the given password
* is wrong).
*/
public Key engineGetKey(String alias, char[] password)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
permissionCheck();
// An empty password is rejected by MacOS API, no private key data
// is exported. If no password is passed (as is the case when
// this implementation is used as browser keystore in various
// deployment scenarios like Webstart, JFX and applets), create
// a dummy password so MacOS API is happy.
if (password == null || password.length == 0) {
// Must not be a char array with only a 0, as this is an empty
// string.
if (random == null) {
random = new SecureRandom();
}
password = Long.toString(random.nextLong()).toCharArray();
}
Object entry = entries.get(alias.toLowerCase());
if (entry == null || !(entry instanceof KeyEntry)) {
return null;
}
// This call gives us a PKCS12 bag, with the key inside it.
byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry) entry).keyRef, password);
if (exportedKeyInfo == null) {
return null;
}
PrivateKey returnValue = null;
try {
byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
byte[] encryptedKey;
AlgorithmParameters algParams;
ObjectIdentifier algOid;
try {
// get the encrypted private key
EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
encryptedKey = encrInfo.getEncryptedData();
// parse Algorithm parameters
DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
DerInputStream in = val.toDerInputStream();
algOid = in.getOID();
algParams = parseAlgParameters(in);
} catch (IOException ioe) {
UnrecoverableKeyException uke =
new UnrecoverableKeyException(
"Private key not stored as " + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
uke.initCause(ioe);
throw uke;
}
// Use JCE to decrypt the data using the supplied password.
SecretKey skey = getPBEKey(password);
Cipher cipher = Cipher.getInstance(algOid.toString());
cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
// Parse the key algorithm and then use a JCA key factory to create the private key.
DerValue val = new DerValue(decryptedPrivateKey);
DerInputStream in = val.toDerInputStream();
// Ignore this -- version should be 0.
int i = in.getInteger();
// Get the Algorithm ID next
DerValue[] value = in.getSequence(2);
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String algName = algId.getName();
// Get a key factory for this algorithm. It's likely to be 'RSA'.
KeyFactory kfac = KeyFactory.getInstance(algName);
returnValue = kfac.generatePrivate(kspec);
} catch (Exception e) {
UnrecoverableKeyException uke =
new UnrecoverableKeyException("Get Key failed: " + e.getMessage());
uke.initCause(e);
throw uke;
}
return returnValue;
}
