private static BufferedBlockCipher func_75892_a(boolean p_75892_0_, Key p_75892_1_) {
   BufferedBlockCipher bufferedblockcipher =
       new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 8));
   bufferedblockcipher.init(
       p_75892_0_,
       new ParametersWithIV(
           new KeyParameter(p_75892_1_.getEncoded()), p_75892_1_.getEncoded(), 0, 16));
   return bufferedblockcipher;
 }
  public boolean shareAESkey() {
    try {
      Envelope message = null, e = null;

      // Generate AES key
      KeyGenerator keyGen = KeyGenerator.getInstance("AES");
      AESkey = keyGen.generateKey();
      keyGen = KeyGenerator.getInstance("HmacSHA1");
      HMACkey = keyGen.generateKey();
      byte[] keyBytes = AESkey.getEncoded();
      byte[] hashBytes = HMACkey.getEncoded();
      System.out.println("AES key generated");
      System.out.println("HMAC key generated");
      System.out.println("Begin Encryption...");
      // Encrypt message  w/ provided public key
      Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

      cipher.init(Cipher.ENCRYPT_MODE, pubKey);
      byte[] cipherBytes = cipher.doFinal(keyBytes);
      byte[] cipherBytes1 = cipher.doFinal(hashBytes);
      System.out.println("Encryption Complete");

      message = new Envelope("SKEY");
      message.addObject(cipherBytes); // Add AESkey to message
      message.addObject(cipherBytes1);
      message.addObject(nonce);
      nonce++;

      byte[] messageBytes = Envelope.toByteArray(message);

      output.writeObject(messageBytes);

      byte[] inCipherBytes = (byte[]) input.readObject();

      // Decrypt response
      cipher = Cipher.getInstance("AES");
      cipher.init(Cipher.DECRYPT_MODE, AESkey);
      byte[] responseBytes = cipher.doFinal(inCipherBytes);

      Envelope response = Envelope.getEnvelopefromBytes(responseBytes);

      // If server indicates success, return the member list
      if (response.getMessage().equals("OK")
          && (Integer) response.getObjContents().get(0) == nonce) {
        return true;
      } else {
        return false;
      }
    } catch (Exception e) {
      System.err.println("Error: " + e.getMessage());
      e.printStackTrace(System.err);
      return false;
    }
  }
示例#3
0
 protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
     throws InvalidKeySpecException {
   try {
     // convert key to one of our keys
     // this also verifies that the key is a valid RSA key and ensures
     // that the encoding is X.509/PKCS#8 for public/private keys
     key = engineTranslateKey(key);
   } catch (InvalidKeyException e) {
     throw new InvalidKeySpecException(e);
   }
   if (key instanceof RSAPublicKey) {
     RSAPublicKey rsaKey = (RSAPublicKey) key;
     if (rsaPublicKeySpecClass.isAssignableFrom(keySpec)) {
       return keySpec.cast(new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent()));
     } else if (x509KeySpecClass.isAssignableFrom(keySpec)) {
       return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
     } else {
       throw new InvalidKeySpecException(
           "KeySpec must be RSAPublicKeySpec or " + "X509EncodedKeySpec for RSA public keys");
     }
   } else if (key instanceof RSAPrivateKey) {
     if (pkcs8KeySpecClass.isAssignableFrom(keySpec)) {
       return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
     } else if (rsaPrivateCrtKeySpecClass.isAssignableFrom(keySpec)) {
       if (key instanceof RSAPrivateCrtKey) {
         RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey) key;
         return keySpec.cast(
             new RSAPrivateCrtKeySpec(
                 crtKey.getModulus(),
                 crtKey.getPublicExponent(),
                 crtKey.getPrivateExponent(),
                 crtKey.getPrimeP(),
                 crtKey.getPrimeQ(),
                 crtKey.getPrimeExponentP(),
                 crtKey.getPrimeExponentQ(),
                 crtKey.getCrtCoefficient()));
       } else {
         throw new InvalidKeySpecException("RSAPrivateCrtKeySpec can only be used with CRT keys");
       }
     } else if (rsaPrivateKeySpecClass.isAssignableFrom(keySpec)) {
       RSAPrivateKey rsaKey = (RSAPrivateKey) key;
       return keySpec.cast(
           new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent()));
     } else {
       throw new InvalidKeySpecException(
           "KeySpec must be RSAPrivate(Crt)KeySpec or "
               + "PKCS8EncodedKeySpec for RSA private keys");
     }
   } else {
     // should not occur, caught in engineTranslateKey()
     throw new InvalidKeySpecException("Neither public nor private key");
   }
 }
示例#4
0
 /**
  * Returns the key size of the given key object.
  *
  * @param key the key object.
  * @return the key size of the given key object.
  * @exception InvalidKeyException if <code>key</code> is invalid.
  */
 protected int engineGetKeySize(Key key) throws InvalidKeyException {
   byte[] encoded = key.getEncoded();
   if (encoded.length != 8) {
     throw new InvalidKeyException("Invalid key length: " + encoded.length + " bytes");
   }
   return 56;
 }
示例#5
0
  /**
   * Initializes the Mac with the given secret key and algorithm parameters.
   *
   * @param key the secret key.
   * @param params the algorithm parameters.
   * @exception InvalidKeyException if the given key is inappropriate for initializing this MAC.
   * @exception InvalidAlgorithmParameterException if the given algorithm parameters are
   *     inappropriate for this MAC.
   */
  void init(Key key, AlgorithmParameterSpec params)
      throws InvalidKeyException, InvalidAlgorithmParameterException {

    if (params != null) {
      throw new InvalidAlgorithmParameterException("SslMac does not use parameters");
    }

    if (!(key instanceof SecretKey)) {
      throw new InvalidKeyException("Secret key expected");
    }

    secret = key.getEncoded();
    if (secret == null || secret.length == 0) {
      throw new InvalidKeyException("Missing key data");
    }

    reset();
  }
示例#6
0
  /**
   * Assigns the given key to the given alias, protecting it with the given password.
   *
   * <p>If the given key is of type <code>java.security.PrivateKey</code>, it must be accompanied by
   * a certificate chain certifying the corresponding public key.
   *
   * <p>If the given alias already exists, the keystore information associated with it is overridden
   * by the given key (and possibly certificate chain).
   *
   * @param alias the alias name
   * @param key the key to be associated with the alias
   * @param password the password to protect the key
   * @param chain the certificate chain for the corresponding public key (only required if the given
   *     key is of type <code>java.security.PrivateKey</code>).
   * @exception KeyStoreException if the given key cannot be protected, or this operation fails for
   *     some other reason
   */
  public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
      throws KeyStoreException {
    permissionCheck();

    synchronized (entries) {
      try {
        KeyEntry entry = new KeyEntry();
        entry.date = new Date();

        if (key instanceof PrivateKey) {
          if ((key.getFormat().equals("PKCS#8")) || (key.getFormat().equals("PKCS8"))) {
            entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
            entry.password = password.clone();
          } else {
            throw new KeyStoreException("Private key is not encoded as PKCS#8");
          }
        } else {
          throw new KeyStoreException("Key is not a PrivateKey");
        }

        // clone the chain
        if (chain != null) {
          if ((chain.length > 1) && !validateChain(chain)) {
            throw new KeyStoreException("Certificate chain does not validate");
          }

          entry.chain = chain.clone();
          entry.chainRefs = new long[entry.chain.length];
        }

        String lowerAlias = alias.toLowerCase();
        if (entries.get(lowerAlias) != null) {
          deletedEntries.put(lowerAlias, entries.get(lowerAlias));
        }

        entries.put(lowerAlias, entry);
        addedEntries.put(lowerAlias, entry);
      } catch (Exception nsae) {
        KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
        ke.initCause(nsae);
        throw ke;
      }
    }
  }
示例#7
0
 // see JCE spec
 protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
   String keyAlg = key.getAlgorithm();
   P11Key sKey = null;
   try {
     // The conversion may fail, e.g. trying to wrap an AES key on
     // a token that does not support AES, or when the key size is
     // not within the range supported by the token.
     sKey = P11SecretKeyFactory.convertKey(token, key, keyAlg);
   } catch (InvalidKeyException ike) {
     byte[] toBeWrappedKey = key.getEncoded();
     if (toBeWrappedKey == null) {
       throw new InvalidKeyException("wrap() failed, no encoding available", ike);
     }
     // Directly encrypt the key encoding when key conversion failed
     implInit(Cipher.ENCRYPT_MODE, p11Key);
     implUpdate(toBeWrappedKey, 0, toBeWrappedKey.length);
     try {
       return doFinal();
     } catch (BadPaddingException bpe) {
       // should not occur
       throw new InvalidKeyException("wrap() failed", bpe);
     } finally {
       // Restore original mode
       implInit(Cipher.WRAP_MODE, p11Key);
     }
   }
   Session s = null;
   try {
     s = token.getOpSession();
     return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, sKey.keyID);
   } catch (PKCS11Exception e) {
     throw new InvalidKeyException("wrap() failed", e);
   } finally {
     token.releaseSession(s);
   }
 }
示例#8
0
  void implInit(
      int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random, CipherSpi cipherImpl)
      throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars = null;
    salt = null;
    iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
      javax.crypto.interfaces.PBEKey pbeKey = (javax.crypto.interfaces.PBEKey) key;
      passwdChars = pbeKey.getPassword();
      salt = pbeKey.getSalt(); // maybe null if unspecified
      iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
      byte[] passwdBytes = key.getEncoded();
      if ((passwdBytes == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
        throw new InvalidKeyException("Missing password");
      }
      passwdChars = new char[passwdBytes.length];
      for (int i = 0; i < passwdChars.length; i++) {
        passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
      }
    } else {
      throw new InvalidKeyException("SecretKey of PBE type required");
    }

    if (((opmode == Cipher.DECRYPT_MODE) || (opmode == Cipher.UNWRAP_MODE))
        && ((params == null) && ((salt == null) || (iCount == 0)))) {
      throw new InvalidAlgorithmParameterException("Parameters missing");
    }

    if (params == null) {
      // generate default for salt and iteration count if necessary
      if (salt == null) {
        salt = new byte[DEFAULT_SALT_LENGTH];
        if (random != null) {
          random.nextBytes(salt);
        } else {
          SunJCE.getRandom().nextBytes(salt);
        }
      }
      if (iCount == 0) iCount = DEFAULT_COUNT;
    } else if (!(params instanceof PBEParameterSpec)) {
      throw new InvalidAlgorithmParameterException("PBEParameterSpec type required");
    } else {
      PBEParameterSpec pbeParams = (PBEParameterSpec) params;
      // make sure the parameter values are consistent
      if (salt != null) {
        if (!Arrays.equals(salt, pbeParams.getSalt())) {
          throw new InvalidAlgorithmParameterException(
              "Inconsistent value of salt between key and params");
        }
      } else {
        salt = pbeParams.getSalt();
      }
      if (iCount != 0) {
        if (iCount != pbeParams.getIterationCount()) {
          throw new InvalidAlgorithmParameterException(
              "Different iteration count between key and params");
        }
      } else {
        iCount = pbeParams.getIterationCount();
      }
    }
    // salt is recommended to be ideally as long as the output
    // of the hash function. However, it may be too strict to
    // force this; so instead, we'll just require the minimum
    // salt length to be 8-byte which is what PKCS#5 recommends
    // and openssl does.
    if (salt.length < 8) {
      throw new InvalidAlgorithmParameterException("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
      throw new InvalidAlgorithmParameterException("IterationCount must be a positive number");
    }
    byte[] derivedKey = derive(passwdChars, salt, iCount, keySize, CIPHER_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);

    if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
      ((ARCFOURCipher) cipherImpl).engineInit(opmode, cipherKey, random);

    } else {
      byte[] derivedIv = derive(passwdChars, salt, iCount, 8, CIPHER_IV);
      IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);

      // initialize the underlying cipher
      cipher.init(opmode, cipherKey, ivSpec, random);
    }
  }
示例#9
0
  @Override
  public void run() {

    ChukasaModel chukasaModel = chukasaModelManagementComponent.get(adaptiveBitrateStreaming);
    String streamPath = chukasaModel.getStreamPath();
    String tempEncPath = chukasaModel.getTempEncPath();
    int tsPacketLength = chukasaModel.getHlsConfiguration().getMpeg2TsPacketLength();

    int seqTsEnc = 0; // getSeqTsEnc();
    seqTsEnc = chukasaModel.getSeqTsEnc();
    if (chukasaModel.getChukasaSettings().getStreamingType() == StreamingType.OKKAKE) {
      seqTsEnc = chukasaModel.getSeqTsOkkake() - 1;
    }
    if (chukasaModel.isFlagLastTs()) {
      seqTsEnc = chukasaModel.getSeqTsLast();
    }

    Key sKey;
    Cipher c;
    FileOutputStream keyOut;
    FileWriter ivOut;
    FileInputStream fis;
    BufferedInputStream bis;
    FileOutputStream fos;
    CipherOutputStream cos;

    try {
      Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

      sKey = makeKey(128); // Key length is 128bit
      c = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");

      c.init(Cipher.ENCRYPT_MODE, sKey);

      // Set Key File Name at random
      String keyPre = RandomStringUtils.randomAlphabetic(10);
      keyOut = new FileOutputStream(streamPath + FILE_SEPARATOR + keyPre + seqTsEnc + ".key");

      chukasaModel.getKeyArrayList().add(keyPre);
      chukasaModel = chukasaModelManagementComponent.update(adaptiveBitrateStreaming, chukasaModel);

      byte[] keyOutByte = sKey.getEncoded();
      keyOut.write(keyOutByte);
      keyOut.close();

      byte[] iv = c.getIV();

      String ivHex = "";
      for (int i = 0; i < iv.length; i++) {
        String ivHexTmp = String.format("%02x", iv[i]).toUpperCase();
        ivHex = ivHex + ivHexTmp;
      }

      String ivPre = RandomStringUtils.randomAlphabetic(10);
      ivOut = new FileWriter(streamPath + FILE_SEPARATOR + ivPre + seqTsEnc + ".iv");
      ivOut.write(ivHex);
      ivOut.close();

      chukasaModel.getIvArrayList().add(ivHex);
      chukasaModel = chukasaModelManagementComponent.update(adaptiveBitrateStreaming, chukasaModel);

      fis =
          new FileInputStream(
              tempEncPath
                  + FILE_SEPARATOR
                  + chukasaModel.getChukasaConfiguration().getStreamFileNamePrefix()
                  + seqTsEnc
                  + chukasaModel.getHlsConfiguration().getStreamExtension());
      bis = new BufferedInputStream(fis);
      fos =
          new FileOutputStream(
              streamPath
                  + FILE_SEPARATOR
                  + chukasaModel.getChukasaConfiguration().getStreamFileNamePrefix()
                  + seqTsEnc
                  + chukasaModel.getHlsConfiguration().getStreamExtension());
      cos = new CipherOutputStream(fos, c);
      if (chukasaModel.getChukasaSettings().getStreamingType() == StreamingType.OKKAKE) {
        // TODO:
        fis =
            new FileInputStream(
                tempEncPath
                    + FILE_SEPARATOR
                    + "fileSequenceEncoded"
                    + seqTsEnc
                    + chukasaModel.getHlsConfiguration().getStreamExtension());
        bis = new BufferedInputStream(fis);
        fos =
            new FileOutputStream(
                streamPath
                    + FILE_SEPARATOR
                    + chukasaModel.getChukasaConfiguration().getStreamFileNamePrefix()
                    + seqTsEnc
                    + chukasaModel.getHlsConfiguration().getStreamExtension());
        cos = new CipherOutputStream(fos, c);
      }

      byte[] buf = new byte[tsPacketLength];

      int ch;
      while ((ch = bis.read(buf)) != -1) {
        cos.write(buf, 0, ch);
      }
      cos.close();
      fos.close();
      bis.close();
      fis.close();

    } catch (InvalidKeyException e) {
      e.printStackTrace();
    } catch (NoSuchPaddingException e) {
      e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (NoSuchProviderException e) {
      e.printStackTrace();
    } catch (FileNotFoundException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }
  }