001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.util;
018
019 import java.io.ByteArrayOutputStream;
020 import java.io.ObjectOutputStream;
021 import java.io.Serializable;
022 import java.io.ObjectInputStream;
023 import java.io.ByteArrayInputStream;
024 import javax.crypto.spec.SecretKeySpec;
025 import javax.crypto.Cipher;
026 import javax.crypto.SealedObject;
027 import org.apache.geronimo.util.encoders.Base64;
028 import org.apache.commons.logging.Log;
029 import org.apache.commons.logging.LogFactory;
030
031 /**
032 * This class protects some value BY ENCRYPTING WITH A KNOWN KEY. That is
033 * to say, it's only safe against anyone who can't read the source code.
034 * So the main idea is to protect against casual observers.
035 *
036 * If someone has a better idea for how to implement encryption with a
037 * non-obvious key that the user isn't likely to change during the normal
038 * course of working with the server, I'd be happy to hear it. (But I
039 * assume the SSL keystore is likely to be changed, which would result
040 * in losing all the "encrypted" data.
041 *
042 * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
043 */
044 public class SimpleEncryption {
045 private final static Log log = LogFactory.getLog(SimpleEncryption.class);
046 private final static SecretKeySpec SECRET_KEY = new SecretKeySpec(new byte[]{(byte)-45,(byte)-15,(byte)100,(byte)-34,(byte)70,(byte)83,(byte)75,(byte)-100,(byte)-75,(byte)61,(byte)26,(byte)114,(byte)-20,(byte)-58,(byte)114,(byte)77}, "AES");
047
048
049 /**
050 * Gets a String which contains the Base64-encoded form of the source,
051 * encrypted with the known key.
052 */
053 public static String encrypt(Serializable source) {
054 try {
055 Cipher c = Cipher.getInstance("AES");
056 c.init(Cipher.ENCRYPT_MODE, SECRET_KEY);
057 SealedObject so = new SealedObject(source, c);
058 ByteArrayOutputStream store = new ByteArrayOutputStream();
059 ObjectOutputStream out = new ObjectOutputStream(store);
060 out.writeObject(so);
061 out.close();
062 byte[] data = store.toByteArray();
063 byte[] textData = Base64.encode(data);
064 return new String(textData, "US-ASCII");
065 } catch (Exception e) {
066 log.error("Unable to encrypt", e);
067 return null;
068 }
069 }
070
071 /**
072 * Given a String which is the Base64-encoded encrypted data, retrieve
073 * the original Object.
074 */
075 public static Object decrypt(String source) {
076 try {
077 byte[] data = Base64.decode(source);
078 Cipher c = Cipher.getInstance("AES");
079 c.init(Cipher.DECRYPT_MODE, SECRET_KEY);
080 ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(data));
081 SealedObject so = (SealedObject) in.readObject();
082 return so.getObject(c);
083 } catch (Exception e) {
084 log.error("Unable to decrypt", e);
085 return null;
086 }
087 }
088 }