Examples with EncryptedMessage com.tremolosecurity.provisioning.util.EncryptedMessage used on opensource projects

Example 1 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class LoadToken method loadToken.

@Override
public Object loadToken(AuthInfo user, HttpSession session) throws Exception {
    HashMap<String, String> token = new HashMap<String, String>();
    Attribute attr = user.getAttribs().get(this.attributeName);
    if (attr != null) {
        String json = attr.getValues().get(0);
        Gson gson = new Gson();
        EncryptedMessage em = gson.fromJson(json, EncryptedMessage.class);
        SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encryptionKey);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        IvParameterSpec spec = new IvParameterSpec(em.getIv());
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        byte[] bytes = cipher.doFinal(em.getMsg());
        String password = new String(bytes);
        token.put("Temporary Password", password);
    } else {
        token.put("Temporary Password", "No password found");
    }
    return token;
}

Example 2 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class UnisonMessageListener method onMessage.

@Override
public void onMessage(Message msg) {
    try {
        TextMessage smsg = (TextMessage) msg;
        if (smsg.getBooleanProperty("unisonignore")) {
            if (logger.isDebugEnabled()) {
                logger.debug("ignoring message");
            }
            smsg.acknowledge();
            return;
        }
        ConfigManager cfgMgr = (ConfigManager) GlobalEntries.getGlobalEntries().get(ProxyConstants.CONFIG_MANAGER);
        Gson gson = new Gson();
        Object obj;
        if (this.isEncrypted()) {
            EncryptedMessage em = gson.fromJson(smsg.getText(), EncryptedMessage.class);
            obj = cfgMgr.getProvisioningEngine().decryptObject(em);
        } else {
            obj = JsonReader.jsonToJava(smsg.getText());
        }
        this.onMessage(cfgMgr, obj, msg);
        msg.acknowledge();
    } catch (Throwable t) {
        logger.error("Unable to run listener", t);
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        PrintWriter baout = new PrintWriter(baos);
        t.printStackTrace(baout);
        baout.flush();
        baout.close();
        StringBuffer b = new StringBuffer();
        b.append("Could not run listener").append(new String(baos.toByteArray()));
        throw new RuntimeException(b.toString(), t);
    }
}

Example 3 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class SendMessageThread method encryptObject.

@Override
public EncryptedMessage encryptObject(Object o) throws ProvisioningException {
    SecretKey key = this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getQueueConfig().getEncryptionKeyName());
    if (key == null) {
        throw new ProvisioningException("Queue message encryption key not found");
    }
    try {
        String json = JsonWriter.objectToJson(o);
        byte[] encoded = json.getBytes("UTF-8");
        EncryptedMessage msg = new EncryptedMessage();
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, key);
        msg.setMsg(cipher.doFinal(encoded));
        msg.setIv(cipher.getIV());
        return msg;
    } catch (IOException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
        throw new ProvisioningException("Could not encrypt message", e);
    }
}

Example 4 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class WebAuthnUtils method lookupWebAuthnUserData.

public static WebAuthnUserData lookupWebAuthnUserData(AuthInfo userData, String attributeName, String encryptionKeyName) throws ServletException {
    Attribute encData = userData.getAttribs().get(attributeName);
    if (encData == null) {
        return null;
    } else {
        try {
            String encAuthData = encData.getValues().get(0);
            String encryptedAuth = inflate(encAuthData);
            SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
            if (key == null) {
                throw new Exception("encryption key not found");
            }
            EncryptedMessage msg = gson.fromJson(encryptedAuth, EncryptedMessage.class);
            IvParameterSpec spec = new IvParameterSpec(msg.getIv());
            Cipher cipher;
            cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, key, spec);
            byte[] bytes = cipher.doFinal(msg.getMsg());
            ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(bytes));
            WebAuthnUserData webAuthnData = (WebAuthnUserData) ois.readObject();
            return webAuthnData;
        } catch (Exception e) {
            throw new ServletException("Could not extract webauthn user data", e);
        }
    }
}

Example 5 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class WebAuthnUtils method storeWebAuthnUserData.

public static void storeWebAuthnUserData(WebAuthnUserData webAuthnUserData, String encryptionKeyName, AuthInfo userData, String workflowName, String uidAttributeName, String challengeStoreAttribute) throws Exception {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(baos);
    oos.writeObject(webAuthnUserData);
    EncryptedMessage msg = new EncryptedMessage();
    SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
    if (key == null) {
        throw new Exception("User data message encryption key not found");
    }
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key);
    msg.setMsg(cipher.doFinal(baos.toByteArray()));
    msg.setIv(cipher.getIV());
    baos = new ByteArrayOutputStream();
    DeflaterOutputStream compressor = new DeflaterOutputStream(baos, new Deflater(Deflater.BEST_COMPRESSION, true));
    Gson gson = new Gson();
    compressor.write(gson.toJson(msg).getBytes("UTF-8"));
    compressor.flush();
    compressor.close();
    String b64 = new String(java.util.Base64.getEncoder().encodeToString(baos.toByteArray()));
    userData.getAttribs().put(challengeStoreAttribute, new Attribute(challengeStoreAttribute, b64));
    WFCall wc = new WFCall();
    wc.setName(workflowName);
    wc.setUidAttributeName(uidAttributeName);
    TremoloUser tu = new TremoloUser();
    tu.setUid(userData.getAttribs().get(uidAttributeName).getValues().get(0));
    tu.getAttributes().add(new Attribute(uidAttributeName, userData.getAttribs().get(uidAttributeName).getValues().get(0)));
    tu.getAttributes().add(new Attribute(challengeStoreAttribute, b64));
    wc.setUser(tu);
    Map<String, Object> req = new HashMap<String, Object>();
    req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
    wc.setRequestParams(req);
    GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(wc);
}