PageRenderTime 232ms CodeModel.GetById 46ms RepoModel.GetById 1ms app.codeStats 0ms

/afirma-crypto-cipher/src/main/java/es/gob/afirma/ciphers/jce/AOSunJCECipher.java

https://gitlab.com/edgardo001/clienteafirma
Java | 270 lines | 202 code | 33 blank | 35 comment | 26 complexity | 5ea41dad848d75b810d7413a7366a1da MD5 | raw file
    

  1. /* Copyright (C) 2011 [Gobierno de Espana]

    2. 

  2.  * This file is part of "Cliente @Firma".

    3. 

  3.  * "Cliente @Firma" is free software; you can redistribute it and/or modify it under the terms of:

    4. 

  4.  *   - the GNU General Public License as published by the Free Software Foundation;

    5. 

  5.  *     either version 2 of the License, or (at your option) any later version.

    6. 

  6.  *   - or The European Software License; either version 1.1 or (at your option) any later version.

    7. 

  7.  * Date: 11/01/11

    8. 

  8.  * You may contact the copyright holder at: soporte.afirma5@mpt.es

    9. 

  9.  */

    10. 

  10. 

    11. 

  11. package es.gob.afirma.ciphers.jce;

    12. 

  12. 

    13. 

  13. import java.security.InvalidKeyException;

    14. 

  14. import java.security.Key;

    15. 

  15. import java.security.KeyException;

    16. 

  16. import java.security.spec.AlgorithmParameterSpec;

    17. 

  17. 

    18. 

  18. import javax.crypto.BadPaddingException;

    19. 

  19. import javax.crypto.Cipher;

    20. 

  20. import javax.crypto.KeyGenerator;

    21. 

  21. import javax.crypto.SecretKeyFactory;

    22. 

  22. import javax.crypto.spec.IvParameterSpec;

    23. 

  23. import javax.crypto.spec.PBEKeySpec;

    24. 

  24. import javax.crypto.spec.PBEParameterSpec;

    25. 

  25. import javax.crypto.spec.SecretKeySpec;

    26. 

  26. 

    27. 

  27. import es.gob.afirma.core.AOException;

    28. 

  28. import es.gob.afirma.core.ciphers.AOCipher;

    29. 

  29. import es.gob.afirma.core.ciphers.AOCipherConfig;

    30. 

  30. import es.gob.afirma.core.ciphers.CipherConstants.AOCipherAlgorithm;

    31. 

  31. import es.gob.afirma.core.ciphers.CipherConstants.AOCipherBlockMode;

    32. 

  32. import es.gob.afirma.core.ciphers.CipherConstants.AOCipherPadding;

    33. 

  33. 

    34. 

  34. 

    35. 

  35. 

    36. 

  36. 

    37. 

  37. /** Cifrador seg&uacute;n las capacidades del proveedor JCE (<i>Java Cryptography

    38. 

  38.  * Extension</i>). */

    39. 

  39. public final class AOSunJCECipher implements AOCipher {

    40. 

  40. 

    41. 

  41.     /** Proveedor Java que da soporte a los algoritmos aqui descritos. */

    42. 

  42.     private static final String PROVIDER = "SunJCE"; //$NON-NLS-1$

    43. 

  43. 

    44. 

  44.     private static final byte[] SALT = {

    45. 

  45.         (byte) 0xA2, (byte) 0x35, (byte) 0xDC, (byte) 0xA4, (byte) 0x11, (byte) 0x7C, (byte) 0x99, (byte) 0x4B

    46. 

  46.     };

    47. 

  47. 

    48. 

  48.     private static final int ITERATION_COUNT = 9;

    49. 

  49. 

    50. 

  50.     /** Vector de inicializacion de 8 bytes. Un vector de inicializaci&oacute;n

    51. 

  51.      * de 8 bytes es necesario para el uso de los algoritmos DES y DESede. */

    52. 

  52.     private static final byte[] IV_8 = {

    53. 

  53.         (byte) 0xC6, (byte) 0xBA, (byte) 0xDE, (byte) 0xA4, (byte) 0x76, (byte) 0x43, (byte) 0x32, (byte) 0x6B

    54. 

  54.     };

    55. 

  55. 

    56. 

  56.     /** Vector de inicializacion de 16 bytes. Un vector de inicializaci&oacute;n

    57. 

  57.      * de 16 bytes es necesario para el uso de los algoritmos DES y DESede. */

    58. 

  58.     private static final byte[] IV_16 = {

    59. 

  59.         (byte) 0xB2, (byte) 0xBA, (byte) 0xDE, (byte) 0xA4, (byte) 0x41, (byte) 0x7F, (byte) 0x97, (byte) 0x4B,

    60. 

  60.         (byte) 0xAC, (byte) 0x63, (byte) 0xAC, (byte) 0xAA, (byte) 0x76, (byte) 0x73, (byte) 0x12, (byte) 0x6B

    61. 

  61.     };

    62. 

  62. 

    63. 

  63.     /** Configuraciones de cifrado soportadas. */

    64. 

  64.     private static final AOCipherConfig[] SUPPORTED_CONFIGS = new AOCipherConfig[] {

    65. 

  65.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.ECB, AOCipherPadding.PKCS5PADDING),

    66. 

  66.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.ECB, AOCipherPadding.ISO10126PADDING),

    67. 

  67.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    68. 

  68.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CBC, AOCipherPadding.ISO10126PADDING),

    69. 

  69.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.PCBC, AOCipherPadding.PKCS5PADDING),

    70. 

  70.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.PCBC, AOCipherPadding.ISO10126PADDING),

    71. 

  71.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CTR, AOCipherPadding.NOPADDING),

    72. 

  72.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CTR, AOCipherPadding.PKCS5PADDING),

    73. 

  73.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CFB, AOCipherPadding.PKCS5PADDING),

    74. 

  74.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.CFB, AOCipherPadding.ISO10126PADDING),

    75. 

  75.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.OFB, AOCipherPadding.PKCS5PADDING),

    76. 

  76.         new AOCipherConfig(AOCipherAlgorithm.AES, AOCipherBlockMode.OFB, AOCipherPadding.ISO10126PADDING),

    77. 

  77.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.ECB, AOCipherPadding.PKCS5PADDING),

    78. 

  78.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.ECB, AOCipherPadding.ISO10126PADDING),

    79. 

  79.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    80. 

  80.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CBC, AOCipherPadding.ISO10126PADDING),

    81. 

  81.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.PCBC, AOCipherPadding.PKCS5PADDING),

    82. 

  82.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.PCBC, AOCipherPadding.ISO10126PADDING),

    83. 

  83.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CTR, AOCipherPadding.NOPADDING),

    84. 

  84.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CTR, AOCipherPadding.PKCS5PADDING),

    85. 

  85.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CFB, AOCipherPadding.PKCS5PADDING),

    86. 

  86.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.CFB, AOCipherPadding.ISO10126PADDING),

    87. 

  87.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.OFB, AOCipherPadding.PKCS5PADDING),

    88. 

  88.         new AOCipherConfig(AOCipherAlgorithm.BLOWFISH, AOCipherBlockMode.OFB, AOCipherPadding.ISO10126PADDING),

    89. 

  89.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.ECB, AOCipherPadding.PKCS5PADDING),

    90. 

  90.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.ECB, AOCipherPadding.ISO10126PADDING),

    91. 

  91.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    92. 

  92.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CBC, AOCipherPadding.ISO10126PADDING),

    93. 

  93.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.PCBC, AOCipherPadding.PKCS5PADDING),

    94. 

  94.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.PCBC, AOCipherPadding.ISO10126PADDING),

    95. 

  95.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CTR, AOCipherPadding.NOPADDING),

    96. 

  96.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CTR, AOCipherPadding.PKCS5PADDING),

    97. 

  97.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CFB, AOCipherPadding.PKCS5PADDING),

    98. 

  98.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.CFB, AOCipherPadding.ISO10126PADDING),

    99. 

  99.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.OFB, AOCipherPadding.PKCS5PADDING),

    100. 

  100.         new AOCipherConfig(AOCipherAlgorithm.DES, AOCipherBlockMode.OFB, AOCipherPadding.ISO10126PADDING),

    101. 

  101.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.ECB, AOCipherPadding.PKCS5PADDING),

    102. 

  102.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.ECB, AOCipherPadding.ISO10126PADDING),

    103. 

  103.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    104. 

  104.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CBC, AOCipherPadding.ISO10126PADDING),

    105. 

  105.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.PCBC, AOCipherPadding.PKCS5PADDING),

    106. 

  106.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.PCBC, AOCipherPadding.ISO10126PADDING),

    107. 

  107.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CTR, AOCipherPadding.NOPADDING),

    108. 

  108.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CTR, AOCipherPadding.PKCS5PADDING),

    109. 

  109.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CFB, AOCipherPadding.PKCS5PADDING),

    110. 

  110.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.CFB, AOCipherPadding.ISO10126PADDING),

    111. 

  111.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.OFB, AOCipherPadding.PKCS5PADDING),

    112. 

  112.         new AOCipherConfig(AOCipherAlgorithm.TRIPLEDES, AOCipherBlockMode.OFB, AOCipherPadding.ISO10126PADDING),

    113. 

  113.         new AOCipherConfig(AOCipherAlgorithm.PBEWITHSHA1ANDDESEDE, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    114. 

  114.         new AOCipherConfig(AOCipherAlgorithm.PBEWITHSHA1ANDRC2_40, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING),

    115. 

  115.         new AOCipherConfig(AOCipherAlgorithm.PBEWITHMD5ANDDES, AOCipherBlockMode.CBC, AOCipherPadding.PKCS5PADDING)

    116. 

  116.     };

    117. 

  117. 

    118. 

  118.     /** {@inheritDoc} */

    119. 

  119.     @Override

    120. 

  120. 	public AOCipherConfig[] getSupportedConfigs() {

    121. 

  121.         return SUPPORTED_CONFIGS.clone();

    122. 

  122.     }

    123. 

  123. 

    124. 

  124.     /** {@inheritDoc} */

    125. 

  125.     @Override

    126. 

  126. 	public byte[] cipher(final byte[] data, final AOCipherConfig algorithmConfig, final Key cipherKey) throws AOException, KeyException {

    127. 

  127. 

    128. 

  128.         if (data == null || algorithmConfig == null || cipherKey == null || data.length == 0) {

    129. 

  129.             throw new AOException("Los parametros de la funcion de cifrado no pueden ser nulos o vacios"); //$NON-NLS-1$

    130. 

  130.         }

    131. 

  131. 

    132. 

  132.         // Tomamos el cipher para el algoritmo indicado

    133. 

  133.         final Cipher cipher;

    134. 

  134.         try {

    135. 

  135.             cipher = Cipher.getInstance(algorithmConfig.toString(), PROVIDER);

    136. 

  136.         }

    137. 

  137.         catch (final Exception e) {

    138. 

  138.             throw new AOException("Error al obtener el cifrador: " + e, e); //$NON-NLS-1$

    139. 

  139.         }

    140. 

  140. 

    141. 

  141.         // Inicializamos el cipher

    142. 

  142.         try {

    143. 

  143.             cipher.init(Cipher.ENCRYPT_MODE, cipherKey, AOSunJCECipher.getParams(algorithmConfig));

    144. 

  144.         }

    145. 

  145.         catch (final InvalidKeyException e) {

    146. 

  146.             throw new KeyException("La clave de cifrado introducida no es valida para el algoritmo '" + //$NON-NLS-1$

    147. 

  147.                     algorithmConfig.getAlgorithm().getName() + "'", e); //$NON-NLS-1$

    148. 

  148.         }

    149. 

  149.         catch (final Exception e) {

    150. 

  150.             throw new AOException("Error al inicializar el cifrador", e); //$NON-NLS-1$

    151. 

  151.         }

    152. 

  152. 

    153. 

  153.         // Realizamos el cifrado

    154. 

  154.         try {

    155. 

  155.             return cipher.doFinal(data);

    156. 

  156.         }

    157. 

  157.         catch (final Exception e) {

    158. 

  158.             throw new AOException("Error cifrando los datos", e); //$NON-NLS-1$

    159. 

  159.         }

    160. 

  160.     }

    161. 

  161. 

    162. 

  162.     /** {@inheritDoc} */

    163. 

  163.     @Override

    164. 

  164. 	public byte[] decipher(final byte[] data, final AOCipherConfig algorithmConfig, final Key decipherKey) throws AOException, InvalidKeyException {

    165. 

  165. 

    166. 

  166.         if (data == null || algorithmConfig == null || decipherKey == null) {

    167. 

  167.             throw new AOException("Los parametros de la funcion de descifrado no pueden ser nulos"); //$NON-NLS-1$

    168. 

  168.         }

    169. 

  169. 

    170. 

  170.         // Tomamos el cipher para el algoritmo indicado

    171. 

  171.         final Cipher cipher;

    172. 

  172.         try {

    173. 

  173.             cipher = Cipher.getInstance(algorithmConfig.toString(), PROVIDER);

    174. 

  174.         }

    175. 

  175.         catch (final Exception e) {

    176. 

  176.             throw new AOException("Error obteniendo el descifrador", e); //$NON-NLS-1$

    177. 

  177.         }

    178. 

  178. 

    179. 

  179.         // Inicializamos el cipher

    180. 

  180.         try {

    181. 

  181.             cipher.init(Cipher.DECRYPT_MODE, decipherKey, AOSunJCECipher.getParams(algorithmConfig));

    182. 

  182.         }

    183. 

  183.         catch (final InvalidKeyException e) {

    184. 

  184.             throw new InvalidKeyException("La clave de descifrado introducida no es valida para el algoritmo '" //$NON-NLS-1$

    185. 

  185.                     + algorithmConfig.getAlgorithm().getName() + "'", //$NON-NLS-1$

    186. 

  186.                     e);

    187. 

  187.         }

    188. 

  188.         catch (final Exception e) {

    189. 

  189.             throw new AOException("Error al inicializar el descifrador", e); //$NON-NLS-1$

    190. 

  190.         }

    191. 

  191. 

    192. 

  192.         // Realizamos el descifrado

    193. 

  193.         try {

    194. 

  194.             return cipher.doFinal(data);

    195. 

  195.         }

    196. 

  196.         catch(final BadPaddingException e) {

    197. 

  197.         	throw new InvalidKeyException("La clave de descifrado introducida no es correcta", e); //$NON-NLS-1$

    198. 

  198.         }

    199. 

  199.         catch (final Exception e) {

    200. 

  200.             throw new AOException("Error descifrando los datos", e); //$NON-NLS-1$

    201. 

  201.         }

    202. 

  202.     }

    203. 

  203. 

    204. 

  204.     /** {@inheritDoc} */

    205. 

  205. 	@Override

    206. 

  206. 	public Key decodeKey(final byte[] keyEncoded, final AOCipherConfig algorithmConfig, final Object[] params) throws KeyException {

    207. 

  207.         if (keyEncoded == null || keyEncoded.length < 1) {

    208. 

  208.             throw new IllegalArgumentException("La clave a descodificar no puede ser nula ni vacia"); //$NON-NLS-1$

    209. 

  209.         }

    210. 

  210.         if (algorithmConfig == null) {

    211. 

  211.             throw new IllegalArgumentException("La configuracion de cifrado no puede ser nula"); //$NON-NLS-1$

    212. 

  212.         }

    213. 

  213. 

    214. 

  214.         try {

    215. 

  215.             return new SecretKeySpec(keyEncoded, algorithmConfig.getAlgorithm().getName());

    216. 

  216.         }

    217. 

  217.         catch (final Exception e) {

    218. 

  218.             throw new KeyException("Error creando la clave secreta", e); //$NON-NLS-1$

    219. 

  219.         }

    220. 

  220.     }

    221. 

  221. 

    222. 

  222.     /** {@inheritDoc} */

    223. 

  223.     @Override

    224. 

  224. 	public Key decodePassphrase(final char[] passphrase, final AOCipherConfig algorithmConfig, final Object[] params) throws AOException {

    225. 

  225. 

    226. 

  226.         if (passphrase == null || passphrase.length < 1) {

    227. 

  227.             throw new IllegalArgumentException("La contrasena para la generacion de la clave no puede ser nula ni vacia"); //$NON-NLS-1$

    228. 

  228.         }

    229. 

  229.         if (algorithmConfig == null) {

    230. 

  230.             throw new IllegalArgumentException("La configuracion de cifrado no puede ser nula"); //$NON-NLS-1$

    231. 

  231.         }

    232. 

  232. 

    233. 

  233.         try {

    234. 

  234.             return SecretKeyFactory.getInstance(

    235. 

  235.                     algorithmConfig.getAlgorithm().getName(), PROVIDER).generateSecret(

    236. 

  236.                             new PBEKeySpec(passphrase, SALT, ITERATION_COUNT));

    237. 

  237.         }

    238. 

  238.         catch (final Exception e) {

    239. 

  239.             throw new AOException("Error generando la clave secreta", e); //$NON-NLS-1$

    240. 

  240.         }

    241. 

  241.     }

    242. 

  242. 

    243. 

  243.     /** {@inheritDoc} */

    244. 

  244.     @Override

    245. 

  245. 	public Key generateKey(final AOCipherConfig algorithmConfig) throws AOException {

    246. 

  246.         try {

    247. 

  247.             return KeyGenerator.getInstance(algorithmConfig.getAlgorithm().getName(), PROVIDER).generateKey();

    248. 

  248.         }

    249. 

  249.         catch (final Exception e) {

    250. 

  250.             throw new AOException("No se pudo generar una clave compatible para la configuracion '" + algorithmConfig + "': " + e , e); //$NON-NLS-1$ //$NON-NLS-2$

    251. 

  251.         }

    252. 

  252.     }

    253. 

  253. 

    254. 

  254.     /** Genera los par&aacute;metros necesarios para poder operar con una

    255. 

  255.      * configuracion concreta de cifrado. Si no es necesario ning&uacute;n

    256. 

  256.      * par&aacute;metro especial, devolvemos <code>null</code>.

    257. 

  257.      * @param algorithmConfig

    258. 

  258.      *        Configuracion de cifrado que debemos parametrizar.

    259. 

  259.      * @return Par&aacute;metros para operar. */

    260. 

  260.     private static AlgorithmParameterSpec getParams(final AOCipherConfig algorithmConfig) {

    261. 

  261.         if (algorithmConfig.getAlgorithm().supportsPassword()) {

    262. 

  262.             return new PBEParameterSpec(SALT, ITERATION_COUNT);

    263. 

  263.         }

    264. 

  264.         if (!algorithmConfig.getBlockMode().equals(AOCipherBlockMode.ECB)) {

    265. 

  265.             return new IvParameterSpec(algorithmConfig.getAlgorithm().equals(AOCipherAlgorithm.AES) ? IV_16 : IV_8);

    266. 

  266.         }

    267. 

  267.         return null;

    268. 

  268.     }

    269. 

  269. 

    270. 

  270. }

    271. 

  271.