kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java - directory-kerby - Git at Google

 /**
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.kerby.kerberos.kerb.common;

 import org.apache.kerby.asn1.type.Asn1Encodeable;
 import org.apache.kerby.asn1.type.Asn1Type;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
 import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
 import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;

 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;

 public class EncryptionUtil {

     /**
      * an order preserved map containing cipher names to the corresponding algorithm
      * names in the descending order of strength
      */
     private static final Map<String, String> CIPHER_ALGO_MAP = new LinkedHashMap<String, String>();

     static {
         CIPHER_ALGO_MAP.put("rc4", "ArcFourHmac");
         CIPHER_ALGO_MAP.put("arcfour", "ArcFourHmac");
         CIPHER_ALGO_MAP.put("aes256", "AES256");
         CIPHER_ALGO_MAP.put("aes128", "AES128");
         CIPHER_ALGO_MAP.put("des3", "DESede");
         CIPHER_ALGO_MAP.put("des", "DES");
     }

     public static String getAlgoNameFromEncType(EncryptionType encType) {

         String cipherName = encType.getName().toLowerCase();

         for (Map.Entry<String, String> entry : CIPHER_ALGO_MAP.entrySet()) {
             if (cipherName.startsWith(entry.getKey())) {
                 return entry.getValue();
             }
         }

         throw new IllegalArgumentException("Unknown algorithm name for the encryption type "
                 + encType);
     }

     /**
      * Order a list of EncryptionType in a decreasing strength order
      *
      * @param etypes The ETypes to order
      * @return A list of ordered ETypes. The strongest is on the left.
      */
     public static List<EncryptionType> orderEtypesByStrength(List<EncryptionType> etypes) {
         List<EncryptionType> ordered = new ArrayList<>(etypes.size());

         for (String algo : CIPHER_ALGO_MAP.values()) {
             for (EncryptionType encType : etypes) {
                 String foundAlgo = getAlgoNameFromEncType(encType);

                 if (algo.equals(foundAlgo)) {
                     ordered.add(encType);
                 }
             }
         }

         return ordered;
     }

     public static List<EncryptionKey> generateKeys(
             List<EncryptionType> encryptionTypes) throws KrbException {
         List<EncryptionKey> results =
                 new ArrayList<EncryptionKey>(encryptionTypes.size());
         for (EncryptionType eType : encryptionTypes) {
             EncryptionKey encKey = EncryptionHandler.random2Key(eType);
             encKey.setKvno(1);
             results.add(encKey);
         }

         return results;
     }

     public static List<EncryptionKey> generateKeys(
             String principal, String passwd,
             List<EncryptionType> encryptionTypes) throws KrbException {
         List<EncryptionKey> results = new ArrayList<>(encryptionTypes.size());
         for (EncryptionType eType : encryptionTypes) {
             EncryptionKey encKey = EncryptionHandler.string2Key(
                 principal, passwd, eType);
             encKey.setKvno(1);
             results.add(encKey);
         }

         return results;
     }

     public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
                                                        List<EncryptionType> configuredTypes) {
         for (EncryptionType encryptionType : configuredTypes) {
             if (requestedTypes.contains(encryptionType)) {
                 return encryptionType;
             }
         }

         return null;
     }

     public static EncryptedData seal(Asn1Encodeable asn1Type,
                                      EncryptionKey key, KeyUsage usage) throws KrbException {
         byte[] encoded = KrbCodec.encode(asn1Type);
         EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
         return encrypted;
     }

     public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
                                           KeyUsage usage, Class<T> krbType) throws KrbException {
         byte[] encoded = EncryptionHandler.decrypt(encrypted, key, usage);
         return KrbCodec.decode(encoded, krbType);
     }

     public static byte[] encrypt(EncryptionKey key,
           byte[] plaintext, KeyUsage usage) throws KrbException {
         EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
         byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
         return cipherData;
     }

     public static byte[] decrypt(EncryptionKey key,
            byte[] cipherData, KeyUsage usage) throws KrbException {
         EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
         byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
         return plainData;
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.kerby.kerberos.kerb.common;

	import org.apache.kerby.asn1.type.Asn1Encodeable;
	import org.apache.kerby.asn1.type.Asn1Type;
	import org.apache.kerby.kerberos.kerb.KrbCodec;
	import org.apache.kerby.kerberos.kerb.KrbException;
	import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
	import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
	import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
	import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
	import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
	import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;

	import java.util.ArrayList;
	import java.util.LinkedHashMap;
	import java.util.List;
	import java.util.Map;

	public class EncryptionUtil {

	/**
	* an order preserved map containing cipher names to the corresponding algorithm
	* names in the descending order of strength
	*/
	private static final Map<String, String> CIPHER_ALGO_MAP = new LinkedHashMap<String, String>();

	static {
	CIPHER_ALGO_MAP.put("rc4", "ArcFourHmac");
	CIPHER_ALGO_MAP.put("arcfour", "ArcFourHmac");
	CIPHER_ALGO_MAP.put("aes256", "AES256");
	CIPHER_ALGO_MAP.put("aes128", "AES128");
	CIPHER_ALGO_MAP.put("des3", "DESede");
	CIPHER_ALGO_MAP.put("des", "DES");
	}

	public static String getAlgoNameFromEncType(EncryptionType encType) {

	String cipherName = encType.getName().toLowerCase();

	for (Map.Entry<String, String> entry : CIPHER_ALGO_MAP.entrySet()) {
	if (cipherName.startsWith(entry.getKey())) {
	return entry.getValue();
	}
	}

	throw new IllegalArgumentException("Unknown algorithm name for the encryption type "
	+ encType);
	}

	/**
	* Order a list of EncryptionType in a decreasing strength order
	*
	* @param etypes The ETypes to order
	* @return A list of ordered ETypes. The strongest is on the left.
	*/
	public static List<EncryptionType> orderEtypesByStrength(List<EncryptionType> etypes) {
	List<EncryptionType> ordered = new ArrayList<>(etypes.size());

	for (String algo : CIPHER_ALGO_MAP.values()) {
	for (EncryptionType encType : etypes) {
	String foundAlgo = getAlgoNameFromEncType(encType);

	if (algo.equals(foundAlgo)) {
	ordered.add(encType);
	}
	}
	}

	return ordered;
	}

	public static List<EncryptionKey> generateKeys(
	List<EncryptionType> encryptionTypes) throws KrbException {
	List<EncryptionKey> results =
	new ArrayList<EncryptionKey>(encryptionTypes.size());
	for (EncryptionType eType : encryptionTypes) {
	EncryptionKey encKey = EncryptionHandler.random2Key(eType);
	encKey.setKvno(1);
	results.add(encKey);
	}

	return results;
	}

	public static List<EncryptionKey> generateKeys(
	String principal, String passwd,
	List<EncryptionType> encryptionTypes) throws KrbException {
	List<EncryptionKey> results = new ArrayList<>(encryptionTypes.size());
	for (EncryptionType eType : encryptionTypes) {
	EncryptionKey encKey = EncryptionHandler.string2Key(
	principal, passwd, eType);
	encKey.setKvno(1);
	results.add(encKey);
	}

	return results;
	}

	public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
	List<EncryptionType> configuredTypes) {
	for (EncryptionType encryptionType : configuredTypes) {
	if (requestedTypes.contains(encryptionType)) {
	return encryptionType;
	}
	}

	return null;
	}

	public static EncryptedData seal(Asn1Encodeable asn1Type,
	EncryptionKey key, KeyUsage usage) throws KrbException {
	byte[] encoded = KrbCodec.encode(asn1Type);
	EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
	return encrypted;
	}

	public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
	KeyUsage usage, Class<T> krbType) throws KrbException {
	byte[] encoded = EncryptionHandler.decrypt(encrypted, key, usage);
	return KrbCodec.decode(encoded, krbType);
	}

	public static byte[] encrypt(EncryptionKey key,
	byte[] plaintext, KeyUsage usage) throws KrbException {
	EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
	byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
	return cipherData;
	}

	public static byte[] decrypt(EncryptionKey key,
	byte[] cipherData, KeyUsage usage) throws KrbException {
	EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
	byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
	return plainData;
	}
	}