geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hiteshkhame...@apache.org
Subject [35/36] incubator-geode git commit: Merge branch 'feature/GEODE-1372' of https://git-wip-us.apache.org/repos/asf/incubator-geode into GEODE-1372
Date Thu, 19 May 2016 19:27:40 GMT
Merge branch 'feature/GEODE-1372' of https://git-wip-us.apache.org/repos/asf/incubator-geode
into GEODE-1372


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/4d5f9477
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/4d5f9477
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/4d5f9477

Branch: refs/heads/feature/GEODE-1372
Commit: 4d5f94778c8a38966a201fa9a3024b4ddbd34120
Parents: a08172f c31633c
Author: Hitesh Khamesra <hiteshk25@yahoo.com>
Authored: Thu May 19 10:53:28 2016 -0700
Committer: Hitesh Khamesra <hiteshk25@yahoo.com>
Committed: Thu May 19 10:53:28 2016 -0700

----------------------------------------------------------------------
 .../membership/gms/messenger/GMSEncrypt.java    | 233 ++++++++-----------
 .../gms/messenger/GMSEncryptJUnitTest.java      |  13 +-
 2 files changed, 109 insertions(+), 137 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4d5f9477/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
----------------------------------------------------------------------
diff --cc geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
index 3d3633d,7cec567..f307290
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
@@@ -42,86 -43,64 +42,77 @@@ import org.apache.logging.log4j.Logger
  import com.gemstone.gemfire.distributed.internal.DistributionConfig;
  import com.gemstone.gemfire.internal.logging.LogService;
  
--public class GMSEncrypt implements Cloneable{
--  
++public class GMSEncrypt implements Cloneable {
++
    public static long encodingsPerformed;
    public static long decodingsPerformed;
  
    private static final Logger logger = LogService.getLogger();
  
    // Parameters for the Diffie-Hellman key exchange
--  private static final BigInteger dhP = new BigInteger(
--    "13528702063991073999718992897071702177131142188276542919088770094024269"
--      +  "73079899070080419278066109785292538223079165925365098181867673946"
--      +  "34756714063947534092593553024224277712367371302394452615862654308"
--      +  "11180902979719649450105660478776364198726078338308557022096810447"
--      +  "3500348898008043285865193451061481841186553");
--
--  private static final BigInteger dhG = new BigInteger(
--    "13058345680719715096166513407513969537624553636623932169016704425008150"
--      +  "56576152779768716554354314319087014857769741104157332735258102835"
--      +  "93126577393912282416840649805564834470583437473176415335737232689"
--      +  "81480201869671811010996732593655666464627559582258861254878896534"
--      +  "1273697569202082715873518528062345259949959");
++  private static final BigInteger dhP = new BigInteger("13528702063991073999718992897071702177131142188276542919088770094024269"
+ "73079899070080419278066109785292538223079165925365098181867673946"
++      + "34756714063947534092593553024224277712367371302394452615862654308" + "11180902979719649450105660478776364198726078338308557022096810447"
+ "3500348898008043285865193451061481841186553");
++
++  private static final BigInteger dhG = new BigInteger("13058345680719715096166513407513969537624553636623932169016704425008150"
+ "56576152779768716554354314319087014857769741104157332735258102835"
++      + "93126577393912282416840649805564834470583437473176415335737232689" + "81480201869671811010996732593655666464627559582258861254878896534"
+ "1273697569202082715873518528062345259949959");
  
    private static final int dhL = 1023;
  
--  private  PrivateKey dhPrivateKey = null;
++  private PrivateKey dhPrivateKey = null;
  
--  private  PublicKey dhPublicKey = null;
++  private PublicKey dhPublicKey = null;
  
--  private  String dhSKAlgo = null;
++  private String dhSKAlgo = null;
  
    private Services services;
-   
+ 
 +  private InternalDistributedMember localMember;
 +
    private NetView view;
  
    private Map<InternalDistributedMember, PeerEncryptor> memberToPeerEncryptor = new
ConcurrentHashMap<>();
-   
-   private ClusterEncryptor clusterEncryptor;
  
++  private ClusterEncryptor clusterEncryptor;
  
 -  protected void installView(NetView view) {
 +  protected void installView(NetView view) throws Exception {
      this.view = view;
      this.view.setPublicKey(services.getJoinLeave().getMemberID(), getPublicKeyBytes());
 -    // TODO remove ciphers for departed members
    }
--  
 -  protected void installView(NetView view, InternalDistributedMember mbr) {
++
 +  protected void installView(NetView view, InternalDistributedMember mbr) throws Exception
{
      this.view = view;
-    // this.view.setPublicKey(mbr, getPublicKeyBytes());
 -    this.view.setPublicKey(mbr, getPublicKeyBytes());
++    // this.view.setPublicKey(mbr, getPublicKeyBytes());
      // TODO remove ciphers for departed members
-     //addClusterKey();
++    // addClusterKey();
 +  }
-   
++
 +  protected byte[] getSecretBytes() {
 +    return this.clusterEncryptor.secretBytes;
 +  }
-   
++
 +  protected synchronized void addClusterKey() throws Exception {
 +    this.clusterEncryptor = new ClusterEncryptor(this);
 +  }
-   
++
 +  protected synchronized void addClusterKey(byte[] secretBytes) throws Exception {
 +    this.clusterEncryptor = new ClusterEncryptor(secretBytes);
    }
  
    protected GMSEncrypt() {
--    
++
    }
  
--  public GMSEncrypt(Services services) throws  Exception {
++  public GMSEncrypt(Services services) throws Exception {
      this.services = services;
      initDHKeys(services.getConfig().getDistributionConfig());
    }
-   
-   public GMSEncrypt(Services services, InternalDistributedMember mbr) throws  Exception
{
+ 
++  public GMSEncrypt(Services services, InternalDistributedMember mbr) throws Exception {
 +    this.services = services;
 +    this.localMember = mbr;
 +    initDHKeys(services.getConfig().getDistributionConfig());
 +  }
 +
    public byte[] decryptData(byte[] data, InternalDistributedMember member) throws Exception
{
      return getPeerEncryptor(member).decryptBytes(data);
    }
@@@ -129,16 -108,7 +120,15 @@@
    public byte[] encryptData(byte[] data, InternalDistributedMember member) throws Exception
{
      return getPeerEncryptor(member).encryptBytes(data);
    }
-   
  
 +  public byte[] decryptData(byte[] data) throws Exception {
 +    return this.clusterEncryptor.decryptBytes(data);
 +  }
 +
 +  public byte[] encryptData(byte[] data) throws Exception {
 +    return this.clusterEncryptor.encryptBytes(data);
 +  }
 +
    protected byte[] getPublicKeyBytes() {
      return dhPublicKey.getEncoded();
    }
@@@ -158,7 -127,7 +148,7 @@@
        System.out.println("private key format " + format);
        System.out.println("public ksy format " + this.dhPublicKey.getFormat());
        PKCS8EncodedKeySpec x509KeySpecPKey = new PKCS8EncodedKeySpec(this.dhPrivateKey.getEncoded());
--      
++
        keyFact = KeyFactory.getInstance("DH");
        // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
        gmsEncrypt.dhPrivateKey = keyFact.generatePrivate(x509KeySpecPKey);
@@@ -190,7 -162,7 +180,7 @@@
      }
    }
  
--  protected synchronized PeerEncryptor getPeerEncryptor(InternalDistributedMember member)
throws Exception{
++  protected synchronized PeerEncryptor getPeerEncryptor(InternalDistributedMember member)
throws Exception {
      PeerEncryptor result = memberToPeerEncryptor.get(member);
      if (result == null) {
        result = createPeerEncryptor(member);
@@@ -205,7 -177,7 +195,6 @@@
      return result;
    }
  
--
    private static int getKeySize(String skAlgo) {
      // skAlgo contain both algo and key size info
      int colIdx = skAlgo.indexOf(':');
@@@ -214,20 -186,20 +203,16 @@@
      if (colIdx >= 0) {
        algoStr = skAlgo.substring(0, colIdx);
        algoKeySize = Integer.parseInt(skAlgo.substring(colIdx + 1));
--    }
--    else {
++    } else {
        algoStr = skAlgo;
      }
      int keysize = -1;
      if (algoStr.equalsIgnoreCase("DESede")) {
        keysize = 24;
--    }
--    else if (algoStr.equalsIgnoreCase("Blowfish")) {
++    } else if (algoStr.equalsIgnoreCase("Blowfish")) {
        keysize = algoKeySize > 128 ? algoKeySize / 8 : 16;
--    }
--    else if (algoStr.equalsIgnoreCase("AES")) {
--      keysize = (algoKeySize != 192 && algoKeySize != 256) ? 16
--        : algoKeySize / 8;
++    } else if (algoStr.equalsIgnoreCase("AES")) {
++      keysize = (algoKeySize != 192 && algoKeySize != 256) ? 16 : algoKeySize /
8;
      }
      return keysize;
    }
@@@ -237,8 -209,8 +222,7 @@@
      String algoStr;
      if (colIdx >= 0) {
        algoStr = skAlgo.substring(0, colIdx);
--    }
--    else {
++    } else {
        algoStr = skAlgo;
      }
      return algoStr;
@@@ -249,75 -221,101 +233,69 @@@
      String algoStr = getDhAlgoStr(skAlgo);
      if (algoStr.equalsIgnoreCase("DESede")) {
        blocksize = 8;
--    }
--    else if (algoStr.equalsIgnoreCase("Blowfish")) {
++    } else if (algoStr.equalsIgnoreCase("Blowfish")) {
        blocksize = 8;
--    }
--    else if (algoStr.equalsIgnoreCase("AES")) {
++    } else if (algoStr.equalsIgnoreCase("AES")) {
        blocksize = 16;
      }
      return blocksize;
    }
  
--  static public byte[] encryptBytes(byte[] data, Cipher encrypt) throws Exception{
--    synchronized(GMSEncrypt.class) {
++  static public byte[] encryptBytes(byte[] data, Cipher encrypt) throws Exception {
++    synchronized (GMSEncrypt.class) {
        encodingsPerformed++;
      }
      return encrypt.doFinal(data);
    }
  
--  static public byte[] decryptBytes(byte[] data, Cipher decrypt)
--    throws Exception{
++  static public byte[] decryptBytes(byte[] data, Cipher decrypt) throws Exception {
      try {
        byte[] decryptBytes = decrypt.doFinal(data);
--      synchronized(GMSEncrypt.class) {
++      synchronized (GMSEncrypt.class) {
          decodingsPerformed++;
        }
        return decryptBytes;
--    }catch(Exception ex) {
++    } catch (Exception ex) {
        throw ex;
      }
    }
  
--
    protected class PeerEncryptor {
  
      private PublicKey peerPublicKey = null;
  
      private String peerSKAlgo = null;
  
 -    private Cipher _encrypt;
 +    private Cipher encrypt;
-     
+ 
 -    protected PeerEncryptor(byte[] peerPublicKeyBytes) throws NoSuchAlgorithmException,
InvalidKeySpecException {
 -      X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(peerPublicKeyBytes);
 -      KeyFactory keyFact = KeyFactory.getInstance("DH");
 -      //PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
 -      this.peerPublicKey = keyFact.generatePublic(x509KeySpec);
 +    private Cipher decrypt = null;
 +
 +    protected PeerEncryptor(byte[] peerPublicKeyBytes) throws Exception {
 +      this.peerPublicKey = getPublicKey(peerPublicKeyBytes);
      }
  
--    public byte [] encryptBytes(byte[] data) throws Exception {
++    public byte[] encryptBytes(byte[] data) throws Exception {
        String algo = null;
        if (this.peerSKAlgo != null) {
          algo = this.peerSKAlgo;
        } else {
          algo = dhSKAlgo;
        }
 -      return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo, this.peerPublicKey));
 +      return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo));
      }
  
-     private Cipher getEncryptCipher(String dhSKAlgo)
 -    private Cipher getEncryptCipher(String dhSKAlgo, PublicKey publicKey)
--      throws Exception{
++    private Cipher getEncryptCipher(String dhSKAlgo) throws Exception {
        try {
-         if(encrypt == null) {
 -        if(_encrypt == null) {
 -          KeyAgreement ka = KeyAgreement.getInstance("DH");
 -          ka.init(dhPrivateKey);
 -          ka.doPhase(publicKey, true);
 -
 -          Cipher encrypt;
 -
 -          int keysize = getKeySize(dhSKAlgo);
 -          int blocksize = getBlockSize(dhSKAlgo);
 -
 -          if (keysize == -1 || blocksize == -1) {
 -            SecretKey sKey = ka.generateSecret(dhSKAlgo);
 -            encrypt = Cipher.getInstance(dhSKAlgo);
 -            encrypt.init(Cipher.ENCRYPT_MODE, sKey);
 -          }
 -          else {
 -            String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
 -
 -            byte[] sKeyBytes = ka.generateSecret();
 -            SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
 -            IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
 -
 -            encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
 -            encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
 -          }
 -          _encrypt = encrypt;
++        if (encrypt == null) {
 +          encrypt = GMSEncrypt.getEncryptCipher(dhSKAlgo, dhPrivateKey, this.peerPublicKey);
          }
--      }catch(Exception ex) {
++      } catch (Exception ex) {
          throw ex;
        }
 -      return _encrypt;
 +      return encrypt;
      }
-     
-     public byte[] decryptBytes(byte[] data) throws Exception
-     {
+ 
 -
 -    public byte[] decryptBytes(byte[] data) throws Exception
 -    {
++    public byte[] decryptBytes(byte[] data) throws Exception {
        String algo = null;
        if (this.peerSKAlgo != null) {
          algo = this.peerSKAlgo;
@@@ -327,213 -325,48 +305,206 @@@
        Cipher c = getDecryptCipher(algo, this.peerPublicKey);
        return GMSEncrypt.decryptBytes(data, c);
  
-     }    
+     }
  
-     private Cipher getDecryptCipher( String dhSKAlgo, PublicKey publicKey)
-       throws Exception{
-       if(decrypt == null) {
++    private Cipher getDecryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception
{
++      if (decrypt == null) {
 +        decrypt = GMSEncrypt.getDecryptCipher(dhSKAlgo, dhPrivateKey, this.peerPublicKey);
 +      }
 +      return decrypt;
 +    }
 +
 +  }
  
-   protected static Cipher getEncryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey
peerPublicKey) 
-     throws Exception{
++  protected static Cipher getEncryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey
peerPublicKey) throws Exception {
 +    KeyAgreement ka = KeyAgreement.getInstance("DH");
 +    ka.init(privateKey);
 +    ka.doPhase(peerPublicKey, true);
-     
+ 
 -    private Cipher _decrypt = null;
 +    Cipher encrypt;
  
 -    private Cipher getDecryptCipher( String dhSKAlgo, PublicKey publicKey)
 -      throws Exception{
 -      if(_decrypt == null) {
 -        try {
 -          KeyAgreement ka = KeyAgreement.getInstance("DH");
 -          ka.init(dhPrivateKey);
 -          ka.doPhase(publicKey, true);
 +    int keysize = getKeySize(dhSKAlgo);
 +    int blocksize = getBlockSize(dhSKAlgo);
  
 -          Cipher decrypt;
 +    if (keysize == -1 || blocksize == -1) {
 +      SecretKey sKey = ka.generateSecret(dhSKAlgo);
 +      encrypt = Cipher.getInstance(dhSKAlgo);
 +      encrypt.init(Cipher.ENCRYPT_MODE, sKey);
-     }
-     else {
++    } else {
 +      String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
  
 -          int keysize = getKeySize(dhSKAlgo);
 -          int blocksize = getBlockSize(dhSKAlgo);
 +      byte[] sKeyBytes = ka.generateSecret();
 +      SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
 +      IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
  
 -          if (keysize == -1 || blocksize == -1) {
 -            SecretKey sKey = ka.generateSecret(dhSKAlgo);
 -            decrypt = Cipher.getInstance(dhSKAlgo);
 -            decrypt.init(Cipher.DECRYPT_MODE, sKey);
 -          }
 -          else {
 -            String algoStr = getDhAlgoStr(dhSKAlgo);
 +      encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
 +      encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
 +    }
  
 -            byte[] sKeyBytes = ka.generateSecret();
 -            SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
 -            IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
 +    return encrypt;
 +  }
-   
-   protected static Cipher getEncryptCipher(String dhSKAlgo, byte[] secretBytes) 
-       throws Exception{
-       
-       Cipher encrypt = null;
- 
-       int keysize = getKeySize(dhSKAlgo);
-       int blocksize = getBlockSize(dhSKAlgo);
- 
-       if (keysize == -1 || blocksize == -1) {
-         //TODO how should we do here
-         /*SecretKey sKey = ka.generateSecret(dhSKAlgo);
-         encrypt = Cipher.getInstance(dhSKAlgo);
-         encrypt.init(Cipher.ENCRYPT_MODE, sKey);*/
-       }
-       else {
-         String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
  
-         SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, dhAlgoStr);
-         IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
 -            decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
 -            decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
 -          }
++  protected static Cipher getEncryptCipher(String dhSKAlgo, byte[] secretBytes) throws Exception
{
  
-         encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
-         encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
-       }
 -          _decrypt = decrypt;
 -        }catch(Exception ex) {
 -          throw ex;
++    Cipher encrypt = null;
 +
-       return encrypt;
++    int keysize = getKeySize(dhSKAlgo);
++    int blocksize = getBlockSize(dhSKAlgo);
++
++    if (keysize == -1 || blocksize == -1) {
++      // TODO how should we do here
++      /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
++       * encrypt = Cipher.getInstance(dhSKAlgo);
++       * encrypt.init(Cipher.ENCRYPT_MODE, sKey); */
++    } else {
++      String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
++
++      SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, dhAlgoStr);
++      IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
++
++      encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
++      encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
 +    }
-   
++
++    return encrypt;
++  }
++
 +  protected static Cipher getDecryptCipher(String dhSKAlgo, PrivateKey privateKey, PublicKey
publicKey) throws Exception {
 +    KeyAgreement ka = KeyAgreement.getInstance("DH");
 +    ka.init(privateKey);
 +    ka.doPhase(publicKey, true);
-     
++
 +    Cipher decrypt;
 +
 +    int keysize = getKeySize(dhSKAlgo);
 +    int blocksize = getBlockSize(dhSKAlgo);
 +
 +    if (keysize == -1 || blocksize == -1) {
 +      SecretKey sKey = ka.generateSecret(dhSKAlgo);
 +      decrypt = Cipher.getInstance(dhSKAlgo);
 +      decrypt.init(Cipher.DECRYPT_MODE, sKey);
 +    } else {
 +      String algoStr = getDhAlgoStr(dhSKAlgo);
 +
 +      byte[] sKeyBytes = ka.generateSecret();
 +      SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
 +      IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
 +
 +      decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
 +      decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
 +    }
 +    return decrypt;
 +  }
-   
++
 +  protected static Cipher getDecryptCipher(String dhSKAlgo, byte[] secretBytes) throws Exception
{
 +    Cipher decrypt = null;
 +
 +    int keysize = getKeySize(dhSKAlgo);
 +    int blocksize = getBlockSize(dhSKAlgo);
 +
 +    if (keysize == -1 || blocksize == -1) {
-       //TODO: how to do here
-       /*SecretKey sKey = ka.generateSecret(dhSKAlgo);
-       decrypt = Cipher.getInstance(dhSKAlgo);
-       decrypt.init(Cipher.DECRYPT_MODE, sKey);*/
++      // TODO: how to do here
++      /* SecretKey sKey = ka.generateSecret(dhSKAlgo);
++       * decrypt = Cipher.getInstance(dhSKAlgo);
++       * decrypt.init(Cipher.DECRYPT_MODE, sKey); */
 +    } else {
 +      String algoStr = getDhAlgoStr(dhSKAlgo);
 +
 +      SecretKeySpec sks = new SecretKeySpec(secretBytes, 0, keysize, algoStr);
 +      IvParameterSpec ivps = new IvParameterSpec(secretBytes, keysize, blocksize);
 +
 +      decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
 +      decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
 +    }
 +    return decrypt;
 +  }
++
 +  protected static byte[] generateSecret(String dhSKAlgo, PrivateKey privateKey, PublicKey
otherPublicKey) throws Exception {
 +    KeyAgreement ka = KeyAgreement.getInstance("DH");
 +    ka.init(privateKey);
 +    ka.doPhase(otherPublicKey, true);
-     
++
 +    int keysize = getKeySize(dhSKAlgo);
 +    int blocksize = getBlockSize(dhSKAlgo);
 +
 +    if (keysize == -1 || blocksize == -1) {
 +      SecretKey sKey = ka.generateSecret(dhSKAlgo);
 +      return sKey.getEncoded();
 +    } else {
 +      String algoStr = getDhAlgoStr(dhSKAlgo);
 +
 +      return ka.generateSecret();
 +    }
 +  }
-   
++
 +  protected static PublicKey getPublicKey(byte[] publicKeyBytes) throws Exception {
 +    X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKeyBytes);
 +    KeyFactory keyFact = KeyFactory.getInstance("DH");
-     //PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
++    // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
 +    return keyFact.generatePublic(x509KeySpec);
 +  }
 +
-   protected static void initEncryptCipher(KeyAgreement ka, List<PublicKey> publicKeys)
throws Exception{
++  protected static void initEncryptCipher(KeyAgreement ka, List<PublicKey> publicKeys)
throws Exception {
 +    Iterator<PublicKey> itr = publicKeys.iterator();
-     while(itr.hasNext()) {
-        ka.doPhase(itr.next(), !itr.hasNext());
++    while (itr.hasNext()) {
++      ka.doPhase(itr.next(), !itr.hasNext());
 +    }
 +  }
++
 +  /***
 +   * this will hold the common key for cluster
 +   * that will be created using publickey of all the members..
 +   *
 +   */
-   protected class ClusterEncryptor{
++  protected class ClusterEncryptor {
 +    byte[] secretBytes;
 +    Cipher encrypt;
 +    Cipher decrypt;
 +    int viewId;
 +    Set<InternalDistributedMember> mbrs;
-     
++
 +    public ClusterEncryptor(GMSEncrypt other) throws Exception {
-       GMSEncrypt mine = new GMSEncrypt(other.services);      
++      GMSEncrypt mine = new GMSEncrypt(other.services);
 +      this.secretBytes = GMSEncrypt.generateSecret(mine.dhSKAlgo, mine.dhPrivateKey, other.dhPublicKey);
 +    }
-     
++
 +    public ClusterEncryptor(byte[] sb) {
 +      this.secretBytes = sb;
 +    }
-     
-     public byte [] encryptBytes(byte[] data) throws Exception {
++
++    public byte[] encryptBytes(byte[] data) throws Exception {
 +      String algo = dhSKAlgo;
 +      return GMSEncrypt.encryptBytes(data, getEncryptCipher(algo));
 +    }
 +
-     private Cipher getEncryptCipher(String dhSKAlgo)
-       throws Exception{
++    private Cipher getEncryptCipher(String dhSKAlgo) throws Exception {
 +      try {
-         if(encrypt == null) {
++        if (encrypt == null) {
 +          synchronized (this) {
-             if(encrypt == null)
++            if (encrypt == null)
 +              encrypt = GMSEncrypt.getEncryptCipher(dhSKAlgo, secretBytes);
-           }          
++          }
          }
-       }catch(Exception ex) {
++      } catch (Exception ex) {
 +        throw ex;
        }
 -      return _decrypt;
 +      return encrypt;
      }
-     
-     public byte[] decryptBytes(byte[] data) throws Exception
-     {
+ 
++    public byte[] decryptBytes(byte[] data) throws Exception {
 +      String algo = dhSKAlgo;
 +      Cipher c = getDecryptCipher(algo);
 +      return GMSEncrypt.decryptBytes(data, c);
 +    }
 +
-     private Cipher getDecryptCipher( String dhSKAlgo)
-       throws Exception{
-       if(decrypt == null) {
++    private Cipher getDecryptCipher(String dhSKAlgo) throws Exception {
++      if (decrypt == null) {
 +        synchronized (this) {
-           if(decrypt == null)
++          if (decrypt == null)
 +            decrypt = GMSEncrypt.getDecryptCipher(dhSKAlgo, secretBytes);
-         }        
++        }
 +      }
 +      return decrypt;
 +    }
    }
  }
- 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4d5f9477/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
index 8652b67,de90328..3a08faa
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
@@@ -9,15 -8,9 +8,18 @@@ import com.gemstone.gemfire.distributed
  import com.gemstone.gemfire.distributed.internal.membership.gms.ServiceConfig;
  import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
  import com.gemstone.gemfire.internal.admin.remote.RemoteTransportConfig;
 +
 +import org.junit.Assert;
 +import org.junit.Test;
 +
 +import java.math.BigInteger;
 +import java.security.Key;
 +import java.security.KeyPair;
 +import java.security.KeyPairGenerator;
 +import java.security.NoSuchAlgorithmException;
+ import org.junit.Assert;
+ import org.junit.Test;
+ 
  import java.util.Arrays;
  import java.util.LinkedList;
  import java.util.List;
@@@ -151,406 -137,4 +152,406 @@@ public class GMSEncryptJUnitTest 
      Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
  
    }
 +  
 +  @Test
 +  public void testForClusterSecretKey() throws Exception{
 +    initMocks();
 +
 +    GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the
sender
 +    gmsEncrypt1.addClusterKey();
 +    // establish the public keys for the sender and receiver
 +    netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
 +    
 +    gmsEncrypt1.installView(netView, mockMembers[1]);
 +    
 +    // sender encrypts a message, so use receiver's public key
 +    String ch = "Hello world";
 +    byte[] challenge =  ch.getBytes();
 +    byte[]  encryptedChallenge =  gmsEncrypt1.encryptData(challenge);
 +
 +    // receiver decrypts the message using the sender's public key
 +    byte[] decryptBytes = gmsEncrypt1.decryptData(encryptedChallenge);
 +    
 +    Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
 +
 +    Assert.assertTrue(Arrays.equals(challenge, decryptBytes));    
 +  }
 +  
 +  @Test
 +  public void testForClusterSecretKeyFromOtherMember() throws Exception{
 +    initMocks();
 +
 +    GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services, mockMembers[1]); // this will be the
sender
 +    gmsEncrypt1.addClusterKey();
 +    GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services, mockMembers[2]); // this will be the
sender
 +    
 +    // establish the public keys for the sender and receiver
 +    netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
 +    netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
 +    
 +    gmsEncrypt1.installView(netView, mockMembers[1]);
 +    
 +    byte[] secretBytes = gmsEncrypt1.getSecretBytes();
 +    gmsEncrypt2.addClusterKey(secretBytes);
 +    
 +    gmsEncrypt2.installView(netView, mockMembers[1]);
 +    
 +    // sender encrypts a message, so use receiver's public key
 +    String ch = "Hello world";
 +    byte[] challenge =  ch.getBytes();
 +    byte[]  encryptedChallenge =  gmsEncrypt1.encryptData(challenge);
 +
 +    // receiver decrypts the message using the sender's public key
 +    byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge);
 +    
 +    // now send a response
 +    String response = "Hello yourself!";
 +    byte[] responseBytes = response.getBytes();
 +    byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes);
 +
 +    // receiver decodes the response
 +    byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse);
 +
 +    Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
 +
 +    Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
 +
 +    Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
 +
 +    Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));  
 +  }
 +  
 +    
 +  @Test
 +    public void testDHAlgo() throws Exception {
 +
 +      DHParameterSpec dhSkipParamSpec;
 +
 +      System.out.println("Using SKIP Diffie-Hellman parameters");
 +      dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
 +
 +      // Alice creates her own DH key pair
 +      System.out.println("ALICE: Generate DH keypair ...");
 +      KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
 +      aliceKpairGen.initialize(dhSkipParamSpec);
 +      KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
 +
 +      // Bob creates his own DH key pair
 +      System.out.println("BOB: Generate DH keypair ...");
 +      KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
 +      bobKpairGen.initialize(dhSkipParamSpec);
 +      KeyPair bobKpair = bobKpairGen.generateKeyPair();
 +
 +      // Carol creates her own DH key pair
 +      System.out.println("CAROL: Generate DH keypair ...");
 +      KeyPairGenerator carolKpairGen = KeyPairGenerator.getInstance("DH");
 +      carolKpairGen.initialize(dhSkipParamSpec);
 +      KeyPair carolKpair = carolKpairGen.generateKeyPair();
 +
 +
 +      // Alice initialize
 +      System.out.println("ALICE: Initialize ...");
 +      KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
 +      aliceKeyAgree.init(aliceKpair.getPrivate());
 +
 +      // Bob initialize
 +      System.out.println("BOB: Initialize ...");
 +      KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
 +      bobKeyAgree.init(bobKpair.getPrivate());
 +
 +      // Carol initialize
 +      System.out.println("CAROL: Initialize ...");
 +      KeyAgreement carolKeyAgree = KeyAgreement.getInstance("DH");
 +      carolKeyAgree.init(carolKpair.getPrivate());
 +
 +
 +      // Alice uses Carol's public key
 +      Key ac = aliceKeyAgree.doPhase(carolKpair.getPublic(), false);
 +
 +      // Bob uses Alice's public key
 +      Key ba = bobKeyAgree.doPhase(aliceKpair.getPublic(), false);
 +
 +      // Carol uses Bob's public key
 +      Key cb = carolKeyAgree.doPhase(bobKpair.getPublic(), false);
 +
 +
 +      // Alice uses Carol's result from above
 +      aliceKeyAgree.doPhase(cb, true);
 +
 +      // Bob uses Alice's result from above
 +      bobKeyAgree.doPhase(ac, true);
 +
 +      // Carol uses Bob's result from above
 +      carolKeyAgree.doPhase(ba, true);
 +
 +
 +      // Alice, Bob and Carol compute their secrets
 +      byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
 +      System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
 +
 +      byte[] bobSharedSecret = bobKeyAgree.generateSecret();
 +      System.out.println("Bob secret: " + toHexString(bobSharedSecret));
 +
 +      byte[] carolSharedSecret = carolKeyAgree.generateSecret();
 +      System.out.println("Carol secret: " + toHexString(carolSharedSecret));
 +
 +
 +      // Compare Alice and Bob
 +      if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
 +          throw new Exception("Alice and Bob differ");
 +      System.out.println("Alice and Bob are the same");
 +
 +      // Compare Bob and Carol
 +      if (!java.util.Arrays.equals(bobSharedSecret, carolSharedSecret))
 +          throw new Exception("Bob and Carol differ");
 +      System.out.println("Bob and Carol are the same");
 +  }
 +  
 +  @Test
 +  public void testDHAlgo2() throws Exception {
 +
 +    DHParameterSpec dhSkipParamSpec;
 +
 +    System.out.println("Using SKIP Diffie-Hellman parameters");
 +    dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
 +
 + // Alice creates her own DH key pair
 +    System.out.println("ALICE: Generate DH keypair ...");
 +    KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
 +    aliceKpairGen.initialize(dhSkipParamSpec);
 +    KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
 +
 +    
 +    // Bob creates his own DH key pair
 +    System.out.println("BOB: Generate DH keypair ...");
 +    KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
 +    bobKpairGen.initialize(dhSkipParamSpec);
 +    KeyPair bobKpair = bobKpairGen.generateKeyPair();
 +
 +    
 +    // Alice initialize
 +    System.out.println("ALICE: Initialize ...");
 +    KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
 +    aliceKeyAgree.init(aliceKpair.getPrivate()); 
 +
 +    // Bob initialize
 +    System.out.println("BOB  : Initialize ...");
 +    KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
 +    bobKeyAgree.init(bobKpair.getPrivate());
 +    
 +    // Alice uses Carol's public key
 +    aliceKeyAgree.doPhase(bobKpair.getPublic(), true);       
 +    
 +    // Bob uses Alice's public key
 +    bobKeyAgree.doPhase(aliceKpair.getPublic(), true);
 +
 +    // Alice, Bob and Carol compute their secrets
 +    byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
 +    System.out.println("Alice secret: " + toHexString(aliceSharedSecret));
 +
 +    
 +    byte[] bobSharedSecret = bobKeyAgree.generateSecret();
 +    System.out.println("Bob   secret: " + toHexString(bobSharedSecret));
 +    
 +    
 +    // Compare Alice and Bob
 +    if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
 +        throw new Exception("Alice and Bob differ");
 +    System.out.println("Alice and Bob are the same");
 +
 +  }
 +  
 +  @Test
 +  public void testDHAlgo3() throws Exception {
 +
 +    DHParameterSpec dhSkipParamSpec;
 +
 +    System.out.println("Using SKIP Diffie-Hellman parameters");
 +    dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
 +
 + // Alice creates her own DH key pair
 +    System.out.println("ALICE: Generate DH keypair ...");
 +    KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
 +    aliceKpairGen.initialize(dhSkipParamSpec);
 +    KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
 +
 +    
 +    // Bob creates his own DH key pair
 +    System.out.println("BOB: Generate DH keypair ...");
 +    KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
 +    bobKpairGen.initialize(dhSkipParamSpec);
 +    KeyPair bobKpair = bobKpairGen.generateKeyPair();
 +
 +    
 +    // Alice initialize
 +    System.out.println("ALICE: Initialize ...");
 +    KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
 +    aliceKeyAgree.init(aliceKpair.getPrivate()); 
 +
 +    // Bob initialize
 +    System.out.println("BOB  : Initialize ...");
 +    KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
 +    bobKeyAgree.init(bobKpair.getPrivate());
 +    
 +    // Alice uses Carol's public key
 +    aliceKeyAgree.doPhase(bobKpair.getPublic(), true);       
 +    
 +    // Bob uses Alice's public key
 +    bobKeyAgree.doPhase(aliceKpair.getPublic(), true);
 +
 +    String dhKalgo = "AES"; 
 +    // Alice, Bob and Carol compute their secrets
 +    SecretKey aliceSharedSecret = aliceKeyAgree.generateSecret(dhKalgo);
 +    System.out.println("Alice secret: " + toHexString(aliceSharedSecret.getEncoded()));
 +
 +    
 +    
 +    SecretKey bobSharedSecret = bobKeyAgree.generateSecret(dhKalgo);
 +    System.out.println("Bob   secret: " + toHexString(bobSharedSecret.getEncoded()));
 +    
-     applyMAC(aliceSharedSecret);
-     applyMAC(bobSharedSecret);
++    //applyMAC(aliceSharedSecret);
++    //applyMAC(bobSharedSecret);
 +    
 +    // Compare Alice and Bob
 +    if (!java.util.Arrays.equals(aliceSharedSecret.getEncoded(), bobSharedSecret.getEncoded()))
 +        throw new Exception("Alice and Bob differ");
 +    System.out.println("Alice and Bob are the same");
 +  }
 +  
 +  private void applyMAC(Key key) throws Exception {
 +    SecretKey key2 = new SecretKey() {
 +      
 +      @Override
 +      public String getFormat() {
 +        // TODO Auto-generated method stub
 +        return key.getFormat();
 +      }
 +      
 +      @Override
 +      public byte[] getEncoded() {
 +        // TODO Auto-generated method stub
 +        String hitesh = "This is from Hitesh";
 +        byte[] secbytes = hitesh.getBytes();
 +        byte[] origsecret = key.getEncoded(); 
 +        byte[] ns = new byte[origsecret.length + secbytes.length];
 +        System.arraycopy(origsecret, 0, ns, 0, origsecret.length);
 +        System.arraycopy(secbytes, 0, ns, origsecret.length, secbytes.length);
 +        return ns;
 +      }
 +      
 +      @Override
 +      public String getAlgorithm() {
 +        // TODO Auto-generated method stub
 +        return key.getAlgorithm();
 +      }
 +    };
 + // Generate secret key for HMAC-MD5
 +    //KeyGenerator kg = KeyGenerator.getInstance("HmacMD5");
 +    //SecretKey sk = kg.generateKey();
 +
 +    // Get instance of Mac object implementing HMAC-MD5, and
 +    // initialize it with the above secret key
 +    
 +    System.out.println("Key2 secret " + toHexString(key2.getEncoded()));
 +    
 +    Mac mac = Mac.getInstance("HmacMD5");
 +    mac.init(key2);
 +    byte[] result = mac.doFinal("Hi There".getBytes());
 +   
 +    
 +    System.out.println("Message Authentication code length: " + mac.getMacLength());
 +    System.out.println("Message Authentication code : " + toHexString(result));
 +    
 +    verifyMacBody(mac, result);
 +  }
 +  
 +  private byte[] verifyMacBody(Mac hmac, byte[] encryptedAndMac) throws Exception {    
          
 +    byte[] encrypted = new byte[encryptedAndMac.length - hmac.getMacLength()];
 +    System.arraycopy(encryptedAndMac, 0, encrypted, 0, encrypted.length);
 +
 +    byte[] remoteMac = new byte[hmac.getMacLength()];
 +    System.arraycopy(encryptedAndMac, encryptedAndMac.length - remoteMac.length, remoteMac,
0, remoteMac.length);
 +
 +    byte[] localMac  = hmac.doFinal(encrypted);
 +
 +    System.out.println("Message Authentication code remoteMac : " + toHexString(remoteMac));
 +    System.out.println("Message Authentication code localMac : " + toHexString(localMac));
 +    if (!Arrays.equals(remoteMac, localMac))
 +      throw new Exception("MAC doesen't match.");
 +
 +    return encrypted;
 +  }
 +  // The 1024 bit Diffie-Hellman modulus values used by SKIP
 +  private static final byte skip1024ModulusBytes[] = {
 +      (byte)0xF4, (byte)0x88, (byte)0xFD, (byte)0x58,
 +      (byte)0x4E, (byte)0x49, (byte)0xDB, (byte)0xCD,
 +      (byte)0x20, (byte)0xB4, (byte)0x9D, (byte)0xE4,
 +      (byte)0x91, (byte)0x07, (byte)0x36, (byte)0x6B,
 +      (byte)0x33, (byte)0x6C, (byte)0x38, (byte)0x0D,
 +      (byte)0x45, (byte)0x1D, (byte)0x0F, (byte)0x7C,
 +      (byte)0x88, (byte)0xB3, (byte)0x1C, (byte)0x7C,
 +      (byte)0x5B, (byte)0x2D, (byte)0x8E, (byte)0xF6,
 +      (byte)0xF3, (byte)0xC9, (byte)0x23, (byte)0xC0,
 +      (byte)0x43, (byte)0xF0, (byte)0xA5, (byte)0x5B,
 +      (byte)0x18, (byte)0x8D, (byte)0x8E, (byte)0xBB,
 +      (byte)0x55, (byte)0x8C, (byte)0xB8, (byte)0x5D,
 +      (byte)0x38, (byte)0xD3, (byte)0x34, (byte)0xFD,
 +      (byte)0x7C, (byte)0x17, (byte)0x57, (byte)0x43,
 +      (byte)0xA3, (byte)0x1D, (byte)0x18, (byte)0x6C,
 +      (byte)0xDE, (byte)0x33, (byte)0x21, (byte)0x2C,
 +      (byte)0xB5, (byte)0x2A, (byte)0xFF, (byte)0x3C,
 +      (byte)0xE1, (byte)0xB1, (byte)0x29, (byte)0x40,
 +      (byte)0x18, (byte)0x11, (byte)0x8D, (byte)0x7C,
 +      (byte)0x84, (byte)0xA7, (byte)0x0A, (byte)0x72,
 +      (byte)0xD6, (byte)0x86, (byte)0xC4, (byte)0x03,
 +      (byte)0x19, (byte)0xC8, (byte)0x07, (byte)0x29,
 +      (byte)0x7A, (byte)0xCA, (byte)0x95, (byte)0x0C,
 +      (byte)0xD9, (byte)0x96, (byte)0x9F, (byte)0xAB,
 +      (byte)0xD0, (byte)0x0A, (byte)0x50, (byte)0x9B,
 +      (byte)0x02, (byte)0x46, (byte)0xD3, (byte)0x08,
 +      (byte)0x3D, (byte)0x66, (byte)0xA4, (byte)0x5D,
 +      (byte)0x41, (byte)0x9F, (byte)0x9C, (byte)0x7C,
 +      (byte)0xBD, (byte)0x89, (byte)0x4B, (byte)0x22,
 +      (byte)0x19, (byte)0x26, (byte)0xBA, (byte)0xAB,
 +      (byte)0xA2, (byte)0x5E, (byte)0xC3, (byte)0x55,
 +      (byte)0xE9, (byte)0x2F, (byte)0x78, (byte)0xC7
 +  };
 +  
 +
 +
 +  // The SKIP 1024 bit modulus
 +  private static final BigInteger skip1024Modulus
 +  = new BigInteger(1, skip1024ModulusBytes);
 +
 +  // The base used with the SKIP 1024 bit modulus
 +  private static final BigInteger skip1024Base = BigInteger.valueOf(2);
 +  
 +  /*
 +   * Converts a byte to hex digit and writes to the supplied buffer
 +   */
 +  private void byte2hex(byte b, StringBuffer buf) {
 +      char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
 +                          '9', 'A', 'B', 'C', 'D', 'E', 'F' };
 +      int high = ((b & 0xf0) >> 4);
 +      int low = (b & 0x0f);
 +      buf.append(hexChars[high]);
 +      buf.append(hexChars[low]);
 +  }
 +
 +  /*
 +   * Converts a byte array to hex string
 +   */
 +  private String toHexString(byte[] block) {
 +      StringBuffer buf = new StringBuffer();
 +
 +      int len = block.length;
 +
 +      for (int i = 0; i < len; i++) {
 +           byte2hex(block[i], buf);
 +           if (i < len-1) {
 +               buf.append(":");
 +           }
 +      }
 +      return buf.toString();
 +  }
  }



Mime
View raw message