/**
* Decrypts the encapsulated credentials
*
* @see org.ow2.proactive.authentication.crypto.KeyPairUtil#decrypt(String, String, String,
* byte[])
* @param privKey the private key
* @return the credential data containing the clear data:login, password and key
* @throws KeyException decryption failure, malformed data
*/
public CredData decrypt(PrivateKey privKey) throws KeyException {
byte[] data = null;
byte[] aesClear = null;
// recover clear AES key using the private key
try {
aesClear = KeyPairUtil.decrypt(this.algorithm, privKey, this.cipher, this.aes);
} catch (KeyException e) {
throw new KeyException("Could not decrypt symmetric key", e);
}
// recover clear credentials using the AES key
try {
data = KeyUtil.decrypt(new SecretKeySpec(aesClear, AES_ALGO), AES_CIPHER, this.data);
} catch (KeyException e) {
throw new KeyException("Could not decrypt data", e);
}
// deserialize clear credentials and obtain login & password
try {
return (CredData) ByteToObjectConverter.ObjectStream.convert(data);
} catch (Exception e) {
throw new KeyException(e.getMessage());
}
}
@Test
public void encrypt_decrypt() throws Exception {
KeyPair keyPair = KeyPairUtil.generateKeyPair("RSA", 1024);
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
HybridEncryptedData encryptedData = HybridEncryptionUtil.encryptString("hello", publicKey);
String decryptedData = HybridEncryptionUtil.decryptString(encryptedData, privateKey);
assertEquals("hello", decryptedData);
}
/**
* Creates new encrypted credentials
*
* <p>Encrypts the message '<code>login</code>:<code>password</code>' using the public key <code>
* pubKey</code> and <code>cipher</code> and store it in a new Credentials object.
*
* @see KeyPairUtil#encrypt(String, String, String, byte[])
* @param login the login to encrypt
* @param password the corresponding password to encrypt
* @param pubKey public key used for encryption
* @param cipher cipher parameters: combination of transformations
* @return the Credentials object containing the encrypted data
* @throws KeyException key generation or encryption failed
*/
@Deprecated
public static Credentials createCredentials(
String login, String password, byte[] datakey, PublicKey pubKey, String cipher)
throws KeyException {
CredData cc = new CredData();
cc.setLogin(CredData.parseLogin(login));
cc.setDomain(CredData.parseDomain(login));
cc.setPassword(password);
cc.setKey(datakey);
// serialize clear credentials to byte array
byte[] clearCred = null;
try {
clearCred = ObjectToByteConverter.ObjectStream.convert(cc);
} catch (IOException e1) {
throw new KeyException(e1.getMessage());
}
int size = -1;
if (pubKey instanceof java.security.interfaces.RSAPublicKey) {
size = ((RSAPublicKey) pubKey).getModulus().bitLength();
} else if (pubKey instanceof java.security.interfaces.DSAPublicKey) {
size = ((DSAPublicKey) pubKey).getParams().getP().bitLength();
} else if (pubKey instanceof javax.crypto.interfaces.DHPublicKey) {
size = ((DHPublicKey) pubKey).getParams().getP().bitLength();
}
// generate symmetric key
SecretKey aesKey = KeyUtil.generateKey(AES_ALGO, AES_KEYSIZE);
byte[] encData = null;
byte[] encAes = null;
// encrypt AES key with public RSA key
try {
encAes = KeyPairUtil.encrypt(pubKey, size, cipher, aesKey.getEncoded());
} catch (KeyException e) {
throw new KeyException("Symmetric key encryption failed", e);
}
// encrypt clear credentials with AES key
try {
encData = KeyUtil.encrypt(aesKey, AES_CIPHER, clearCred);
} catch (KeyException e) {
throw new KeyException("Message encryption failed", e);
}
Credentials cred = new Credentials(pubKey.getAlgorithm(), size, cipher, encAes, encData);
return cred;
}
