Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / 4d06c121aeef699522e9b4f2e2ffa803dbe11158 / . / src / main / java / de / ids_mannheim / korap / encryption / KustvaktEncryption.java
blob: 610f69c2b23e5b05170205b15e2296f2cafd4562 [file] [log] [blame]
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]1package de.ids_mannheim.korap.encryption;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]2
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]3import java.io.UnsupportedEncodingException;
4import java.security.MessageDigest;
5import java.security.NoSuchAlgorithmException;
6import java.security.SecureRandom;
7
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]8import org.apache.commons.codec.EncoderException;
9import org.apache.commons.codec.binary.Base64;
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]10import org.apache.commons.lang.RandomStringUtils;
margaretha49cb6882018-07-04 04:19:54 +0200[diff] [blame]11import org.apache.logging.log4j.LogManager;
12import org.apache.logging.log4j.Logger;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]13import org.mindrot.jbcrypt.BCrypt;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]14
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]15import de.ids_mannheim.korap.config.FullConfiguration;
16import de.ids_mannheim.korap.interfaces.EncryptionIface;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]17
18public class KustvaktEncryption implements EncryptionIface {
19
20 private static final String ALGORITHM = "SHA-256";
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]21 private static Logger jlog = LogManager.getLogger(KustvaktEncryption.class);
Michael Hanld8aa6212016-06-03 12:48:43 +0200[diff] [blame]22
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]23 private final FullConfiguration config;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]24
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]25 public KustvaktEncryption (FullConfiguration config) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]26 jlog.info("initializing KorAPEncryption implementation");
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]27 this.config = config;
28 }
29
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]30 public static boolean matchTokenByteCode (Object param) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]31 if (!(param instanceof String))
32 return false;
33 String token = (String) param;
34 byte[] bytes = token.getBytes();
35 return 64 == bytes.length;
36 }
37
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]38 private String encodeBase (byte[] bytes) throws EncoderException {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]39 return Base64.encodeBase64String(bytes);
40 }
41
42 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]43 public String encodeBase () {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]44 try {
45 return encodeBase(this.createSecureRandom(24));
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]46 }
47 catch (EncoderException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]48 return "";
49 }
50 }
51
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]52 public String secureHash (String input) {
53 return secureHash(input, "");
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]54 }
55
56 @Override
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]57 public String secureHash (String input, String salt) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]58 String hashString = "";
margaretha33fa3d92018-07-26 13:50:17 +0200[diff] [blame]59 switch (config.getSecureHashAlgorithm()) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]60 case ESAPICYPHER:
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]61 break;
62 case SIMPLE:
63 try {
64 MessageDigest md = MessageDigest.getInstance("SHA-256");
65 md.update(input.getBytes("UTF-8"));
66 byte[] digest = md.digest();
67
68 for (byte b : digest)
69 hashString += String.format("%02x", b);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]70 }
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]71 catch (UnsupportedEncodingException
72 | NoSuchAlgorithmException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]73 e.printStackTrace();
74 }
75 break;
76 case BCRYPT:
77 hashString = bcryptHash(input, salt);
78 break;
79 default:
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]80 jlog.warn("Invalid value: " + config.getSecureHashAlgorithm());
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]81 break;
82 }
83 return hashString;
84 }
85
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]86 public String hash (String input) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]87 String hashString = "";
88 MessageDigest md;
89 try {
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]90 md = MessageDigest.getInstance(ALGORITHM);
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]91 md.update(input.getBytes("UTF-8"));
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]92 }
93 catch (NoSuchAlgorithmException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]94 return "";
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]95 }
96 catch (UnsupportedEncodingException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]97 return "";
98 }
99
100 byte[] digest = md.digest();
101
102 for (byte b : digest) {
103 hashString += String.format("%02x", b);
104 }
105 return hashString;
106 }
107
108 /**
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]109 * // some sort of algorithm to create token and isSystem
110 * regularly the integrity
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]111 * // of the token
112 * public String createAuthToken() {
113 * final byte[] rNumber = SecureRGenerator
114 * .getNextSecureRandom(SecureRGenerator.TOKEN_RANDOM_SIZE);
115 * String hash;
116 * try {
117 * hash = produceSimpleHash(SecureRGenerator.toHex(rNumber));
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]118 * } catch (NoSuchAlgorithmException |
119 * UnsupportedEncodingException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]120 * return "";
121 * }
122 * return hash;
123 * }
124 */
125
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]126 private byte[] createSecureRandom (int size) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]127 return SecureRGenerator.getNextSecureRandom(size);
128 }
129
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]130 /**
131 * does this need to be equal for every iteration?!
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]132 *
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]133 * @param hash
134 * @param obj
135 * @return
136 */
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]137 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]138 public String createToken (boolean hash, Object ... obj) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]139 StringBuffer b = new StringBuffer();
140 try {
141 for (Object o : obj) {
142 b.append(" | ");
143 b.append(o);
144 }
145 if (hash)
146 return encodeBase(hash(b.toString().trim()).getBytes());
147 else
148 return encodeBase(b.toString().trim().getBytes());
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]149 }
150 catch (EncoderException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]151 return "";
152 }
153
154 }
155
156 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]157 public String createToken () {
margaretha6d61a552018-04-10 19:26:44 +0200[diff] [blame]158 return RandomStringUtils.randomAlphanumeric(64);
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]159
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]160 // EM: code from MH
161 // String encoded;
162 // String v = RandomStringUtils.randomAlphanumeric(64);
163 // encoded = hash(v);
164 // jlog.trace("creating new token {}", encoded);
165 // return encoded;
166 }
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]167
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]168 @Override
Michael Hanl7ab5d102016-06-03 13:16:09 +0200[diff] [blame]169 public String createRandomNumber (Object ... obj) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]170 final byte[] rNumber = SecureRGenerator
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]171 .getNextSecureRandom(SecureRGenerator.ID_RANDOM_SIZE);
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]172 if (obj.length == 0) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]173 obj = new Object[1];
174 obj[0] = rNumber;
175 }
176 return createToken(false, obj);
177 }
178
179 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]180 public boolean checkHash (String plain, String hash, String salt) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]181 String pw = "";
margaretha33fa3d92018-07-26 13:50:17 +0200[diff] [blame]182 switch (config.getSecureHashAlgorithm()) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]183 case ESAPICYPHER:
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]184 pw = secureHash(plain, salt);
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]185 break;
186 case BCRYPT:
187 try {
188 return BCrypt.checkpw(plain, hash);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]189 }
190 catch (IllegalArgumentException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]191 return false;
192 }
193 case SIMPLE:
194 pw = hash(plain);
195 break;
196 }
197 return pw.equals(hash);
198 }
199
200 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]201 public boolean checkHash (String plain, String hash) {
margaretha33fa3d92018-07-26 13:50:17 +0200[diff] [blame]202 switch (config.getSecureHashAlgorithm()) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]203 case ESAPICYPHER:
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]204 return secureHash(plain).equals(hash);
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]205 case BCRYPT:
206 try {
207 return BCrypt.checkpw(plain, hash);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]208 }
209 catch (IllegalArgumentException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]210 return false;
211 }
212 case SIMPLE:
213 return hash(plain).equals(hash);
214 }
215 return false;
216 }
217
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]218 private String bcryptHash (String text, String salt) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]219 if (salt == null || salt.isEmpty())
220 salt = BCrypt.gensalt(config.getLoadFactor());
221 return BCrypt.hashpw(text, salt);
222 }
223
224 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]225 public String toString () {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]226 return this.getClass().getCanonicalName();
227 }
228
229 public static class SecureRGenerator {
230 private static final String SHA1_PRNG = "SHA1PRNG";
231 protected static final int DEFAULT_RANDOM_SIZE = 128;
232 protected static final int TOKEN_RANDOM_SIZE = 128;
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]233 protected static final int ID_RANDOM_SIZE = 128;
234 protected static final int CORPUS_RANDOM_SIZE = 64;
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]235 private static final char[] HEX_DIGIT = { '0', '1', '2', '3', '4', '5',
margaretha35e1ca22023-11-16 22:00:01 +0100[diff] [blame]236 '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'z', 'x', 'h',
237 'q', 'w' };
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]238 private static final SecureRandom sRandom__;
239
240 static {
241 try {
242 sRandom__ = SecureRandom.getInstance("SHA1PRNG");
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]243 }
244 catch (NoSuchAlgorithmException e) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]245 throw new Error(e);
246 }
247 }
248
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]249 public static byte[] getNextSecureRandom (int bits) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]250 if (bits % 8 != 0) {
251 throw new IllegalArgumentException(
252 "Size is not divisible by 8!");
253 }
254
255 byte[] bytes = new byte[bits / 8];
256
257 sRandom__.nextBytes(bytes);
258
259 return bytes;
260 }
261
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]262 public static String toHex (byte[] bytes) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]263 if (bytes == null) {
264 return null;
265 }
266
267 StringBuilder buffer = new StringBuilder(bytes.length * 2);
268 for (byte thisByte : bytes) {
269 buffer.append(byteToHex(thisByte));
270 }
271
272 return buffer.toString();
273 }
274
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]275 private static String byteToHex (byte b) {
Michael Hanldeb3c212015-10-16 23:02:24 +0200[diff] [blame]276 char[] array = { HEX_DIGIT[(b >> 4 & 0xF)], HEX_DIGIT[(b & 0xF)] };
277 return new String(array);
278 }
279 }
280
281}