Search in sources :

Example 11 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class U2fUtil method loadUserKeys.

public static List<SecurityKeyData> loadUserKeys(AuthInfo userData, String challengeStoreAttribute, String encyrptionKeyName) throws Exception, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
    Attribute challengeAttr = userData.getAttribs().get(challengeStoreAttribute);
    Type t = new TypeToken<List<KeyHolder>>() {
    }.getType();
    ArrayList<SecurityKeyData> devices = new ArrayList<SecurityKeyData>();
    if (challengeAttr != null) {
        SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encyrptionKeyName);
        if (key == null) {
            throw new Exception("Queue message encryption key not found");
        }
        EncryptedMessage msg = gson.fromJson(inflate(challengeAttr.getValues().get(0)), EncryptedMessage.class);
        IvParameterSpec spec = new IvParameterSpec(msg.getIv());
        Cipher cipher;
        cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        byte[] bytes = cipher.doFinal(msg.getMsg());
        String json = new String(bytes);
        java.util.List<KeyHolder> fromJSON = gson.fromJson(json, t);
        for (KeyHolder kh : fromJSON) {
            devices.add(new SecurityKeyData(kh.getEnrollmentTime(), kh.getKeyHandle(), kh.getPublicKey(), null, kh.getCounter()));
        }
    }
    return devices;
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) KeyHolder(com.tremolosecurity.unison.google.u2f.KeyHolder) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) MalformedURLException(java.net.MalformedURLException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) Type(java.lang.reflect.Type) SecretKey(javax.crypto.SecretKey) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage) ArrayList(java.util.ArrayList) List(java.util.List) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher)

Example 12 with EncryptedMessage

use of com.tremolosecurity.provisioning.util.EncryptedMessage in project OpenUnison by TremoloSecurity.

the class U2fUtil method encode.

public static String encode(List<SecurityKeyData> devices, String encyrptionKeyName) throws Exception {
    ArrayList<KeyHolder> keys = new ArrayList<KeyHolder>();
    for (SecurityKeyData dr : devices) {
        KeyHolder kh = new KeyHolder();
        kh.setCounter(dr.getCounter());
        kh.setEnrollmentTime(dr.getEnrollmentTime());
        kh.setKeyHandle(dr.getKeyHandle());
        kh.setPublicKey(dr.getPublicKey());
        kh.setTransports(dr.getTransports());
        keys.add(kh);
    }
    String json = gson.toJson(keys);
    EncryptedMessage msg = new EncryptedMessage();
    SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encyrptionKeyName);
    if (key == null) {
        throw new Exception("Queue message encryption key not found");
    }
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key);
    msg.setMsg(cipher.doFinal(json.getBytes("UTF-8")));
    msg.setIv(cipher.getIV());
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    DeflaterOutputStream compressor = new DeflaterOutputStream(baos, new Deflater(Deflater.BEST_COMPRESSION, true));
    compressor.write(gson.toJson(msg).getBytes("UTF-8"));
    compressor.flush();
    compressor.close();
    String b64 = new String(Base64.encodeBase64(baos.toByteArray()));
    return b64;
}
Also used : SecretKey(javax.crypto.SecretKey) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) Deflater(java.util.zip.Deflater) ArrayList(java.util.ArrayList) EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage) DeflaterOutputStream(java.util.zip.DeflaterOutputStream) KeyHolder(com.tremolosecurity.unison.google.u2f.KeyHolder) Cipher(javax.crypto.Cipher) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) MalformedURLException(java.net.MalformedURLException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException)

Aggregations

EncryptedMessage (com.tremolosecurity.provisioning.util.EncryptedMessage)12 Cipher (javax.crypto.Cipher)7 SecretKey (javax.crypto.SecretKey)7 Gson (com.google.gson.Gson)6 IOException (java.io.IOException)6 Attribute (com.tremolosecurity.saml.Attribute)5 InvalidKeyException (java.security.InvalidKeyException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 BadPaddingException (javax.crypto.BadPaddingException)4 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 HashMap (java.util.HashMap)3 IvParameterSpec (javax.crypto.spec.IvParameterSpec)3 TextMessage (javax.jms.TextMessage)3 SecurityKeyData (com.google.u2f.server.data.SecurityKeyData)2 TaskHolder (com.tremolosecurity.provisioning.util.TaskHolder)2 KeyHolder (com.tremolosecurity.unison.google.u2f.KeyHolder)2