下面列出了javax.crypto.SecretKey#destroy ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
String encodedToken,
String encodedSecretKey,
KeyProperties props) throws SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
ServerAccessToken serverAccessToken = decryptAccessToken(provider, encodedToken, key, props);
// Clean the secret key from memory when we're done
try {
key.destroy();
} catch (DestroyFailedException ex) {
// ignore
}
return serverAccessToken;
}
public byte[] getContentEncryptionKey(JweHeaders headers) {
byte[] theCek = null;
if (cek == null) {
String algoJava = getAlgorithm().getJavaName();
SecretKey secretKey = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava),
getContentEncryptionKeySize(headers));
theCek = secretKey.getEncoded();
if (generateCekOnce) {
synchronized (this) {
cek = theCek;
}
}
// Clean the key after we're done with it
try {
secretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
} else {
theCek = cek;
}
return theCek;
}
public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
String encodedToken,
String encodedSecretKey,
KeyProperties props) throws SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
ServerAuthorizationCodeGrant authzCodeGrant = decryptCodeGrant(provider, encodedToken, key, props);
// Clean the secret key from memory when we're done
try {
key.destroy();
} catch (DestroyFailedException ex) {
// ignore
}
return authzCodeGrant;
}
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
String encodedToken,
String encodedSecretKey,
KeyProperties props) throws SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
RefreshToken refreshToken = decryptRefreshToken(provider, encodedToken, key, props);
// Clean the secret key from memory when we're done
try {
key.destroy();
} catch (DestroyFailedException ex) {
// ignore
}
return refreshToken;
}
protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
try {
SecretKey createCekSecretKey = createCekSecretKey(state);
byte[] encryptedBytes = CryptoUtils.encryptBytes(content, createCekSecretKey, state.keyProps);
// Here we're finished with the SecretKey we created, so we can destroy it
try {
createCekSecretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
return encryptedBytes;
} catch (SecurityException ex) {
LOG.fine(ex.getMessage());
if (ex.getCause() instanceof NoSuchAlgorithmException) {
LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
}
}
/**
* Protects the given cleartext private key, using the password provided at
* construction time.
*/
byte[] protect(PrivateKey key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
PBEWithMD5AndTripleDESCipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
// encrypt private key
cipher = new PBEWithMD5AndTripleDESCipher();
cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
} finally {
pbeKeySpec.clearPassword();
if (sKey != null) sKey.destroy();
}
byte[] plain = key.getEncoded();
byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
Arrays.fill(plain, (byte)0x00);
// wrap encrypted private key in EncryptedPrivateKeyInfo
// (as defined in PKCS#8)
AlgorithmParameters pbeParams =
AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
pbeParams.init(pbeSpec);
AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
/**
* Seals the given cleartext key, using the password provided at
* construction time
*/
SealedObject seal(Key key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
// seal key
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher);
}
/**
* Seals the given cleartext key, using the password provided at
* construction time
*/
SealedObject seal(Key key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
// seal key
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher);
}
/**
* Protects the given cleartext private key, using the password provided at
* construction time.
*/
byte[] protect(PrivateKey key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
PBEWithMD5AndTripleDESCipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
// encrypt private key
cipher = new PBEWithMD5AndTripleDESCipher();
cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
} finally {
pbeKeySpec.clearPassword();
if (sKey != null) sKey.destroy();
}
byte[] plain = key.getEncoded();
byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
Arrays.fill(plain, (byte)0x00);
// wrap encrypted private key in EncryptedPrivateKeyInfo
// (as defined in PKCS#8)
AlgorithmParameters pbeParams =
AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
pbeParams.init(pbeSpec);
AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
keyProperties.setAlgoSpec(spec);
boolean compressionSupported =
JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
keyProperties.setCompressionSupported(compressionSupported);
byte[] actualCek = getActualCek(cek,
jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
byte[] bytes =
CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);
// Here we're finished with the SecretKey we created, so we can destroy it
try {
secretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
Arrays.fill(cek, (byte) 0);
if (actualCek != cek) {
Arrays.fill(actualCek, (byte) 0);
}
return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
/**
* Seals the given cleartext key, using the password provided at
* construction time
*/
SealedObject seal(Key key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
// seal key
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher);
}
/**
* Seals the given cleartext key, using the password provided at
* construction time
*/
SealedObject seal(Key key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
pbeKeySpec.clearPassword();
// seal key
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher);
}
/**
* Protects the given cleartext private key, using the password provided at
* construction time.
*/
byte[] protect(PrivateKey key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
PBEWithMD5AndTripleDESCipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
// encrypt private key
cipher = new PBEWithMD5AndTripleDESCipher();
cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
} finally {
pbeKeySpec.clearPassword();
if (sKey != null) sKey.destroy();
}
byte[] plain = key.getEncoded();
byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
Arrays.fill(plain, (byte)0x00);
// wrap encrypted private key in EncryptedPrivateKeyInfo
// (as defined in PKCS#8)
AlgorithmParameters pbeParams =
AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
pbeParams.init(pbeSpec);
AlgorithmId encrAlg = new AlgorithmId
(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
}
/**
* Seals the given cleartext key, using the password provided at
* construction time
*/
SealedObject seal(Key key)
throws Exception
{
// create a random salt (8 bytes)
byte[] salt = new byte[8];
SunJCE.getRandom().nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
// seal key
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher);
}
/**
* Unseals the sealed key.
*/
Key unseal(SealedObject so)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
if (!(so instanceof SealedObjectForKeyProtector)) {
soForKeyProtector = new SealedObjectForKeyProtector(so);
} else {
soForKeyProtector = (SealedObjectForKeyProtector)so;
}
AlgorithmParameters params = soForKeyProtector.getParameters();
if (params == null) {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}
/**
* Unseals the sealed key.
*/
Key unseal(SealedObject so)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
if (!(so instanceof SealedObjectForKeyProtector)) {
soForKeyProtector = new SealedObjectForKeyProtector(so);
} else {
soForKeyProtector = (SealedObjectForKeyProtector)so;
}
AlgorithmParameters params = soForKeyProtector.getParameters();
if (params == null) {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}
/**
* Unseals the sealed key.
*
* @param maxLength Maximum possible length of so.
* If bigger, must be illegal.
*/
Key unseal(SealedObject so, int maxLength)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
if (!(so instanceof SealedObjectForKeyProtector)) {
soForKeyProtector = new SealedObjectForKeyProtector(so);
} else {
soForKeyProtector = (SealedObjectForKeyProtector)so;
}
AlgorithmParameters params = soForKeyProtector.getParameters();
if (params == null) {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher, maxLength);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}
Key recover(EncryptedPrivateKeyInfo encrInfo)
throws UnrecoverableKeyException, NoSuchAlgorithmException
{
byte[] plain = null;
SecretKey sKey = null;
try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
&& !encrAlg.equals(KEY_PROTECTOR_OID)) {
throw new UnrecoverableKeyException("Unsupported encryption "
+ "algorithm");
}
if (encrAlg.equals(KEY_PROTECTOR_OID)) {
// JDK 1.2 style recovery
plain = recover(encrInfo.getEncryptedData());
} else {
byte[] encodedParams =
encrInfo.getAlgorithm().getEncodedParams();
// parse the PBE parameters into the corresponding spec
AlgorithmParameters pbeParams =
AlgorithmParameters.getInstance("PBE");
pbeParams.init(encodedParams);
PBEParameterSpec pbeSpec =
pbeParams.getParameterSpec(PBEParameterSpec.class);
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
pbeKeySpec.clearPassword();
// decrypt private key
PBEWithMD5AndTripleDESCipher cipher;
cipher = new PBEWithMD5AndTripleDESCipher();
cipher.engineInit(Cipher.DECRYPT_MODE, sKey, pbeSpec, null);
plain=cipher.engineDoFinal(encrInfo.getEncryptedData(), 0,
encrInfo.getEncryptedData().length);
}
// determine the private-key algorithm, and parse private key
// using the appropriate key factory
String oidName = new AlgorithmId
(new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
KeyFactory kFac = KeyFactory.getInstance(oidName);
return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (plain != null) Arrays.fill(plain, (byte) 0x00);
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}
/**
* Unseals the sealed key.
*/
Key unseal(SealedObject so)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec,
"PBEWithMD5AndTripleDES", false);
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
if (!(so instanceof SealedObjectForKeyProtector)) {
soForKeyProtector = new SealedObjectForKeyProtector(so);
} else {
soForKeyProtector = (SealedObjectForKeyProtector)so;
}
AlgorithmParameters params = soForKeyProtector.getParameters();
if (params == null) {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}
/**
* Unseals the sealed key.
*
* @param maxLength Maximum possible length of so.
* If bigger, must be illegal.
*/
Key unseal(SealedObject so, int maxLength)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
SecretKey sKey = null;
try {
// create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null;
if (!(so instanceof SealedObjectForKeyProtector)) {
soForKeyProtector = new SealedObjectForKeyProtector(so);
} else {
soForKeyProtector = (SealedObjectForKeyProtector)so;
}
AlgorithmParameters params = soForKeyProtector.getParameters();
if (params == null) {
throw new UnrecoverableKeyException("Cannot get " +
"algorithm parameters");
}
PBEParameterSpec pbeSpec;
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new IOException("Invalid PBE algorithm parameters");
}
if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
throw new IOException("PBE iteration count too large");
}
PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher();
Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(),
"PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher, maxLength);
} catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the
// later catch of GeneralSecurityException
throw ex;
} catch (IOException ioe) {
throw new UnrecoverableKeyException(ioe.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
}
}