tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Verna Knapp <ver...@navicom.com>
Subject [Fwd: Cannot set up certs for trusted CAs; JCE and tomcat]
Date Fri, 07 Jul 2000 16:38:58 GMT
Sorry, I forgot the code to reproduce this one. 

Here it is. Instantiate it from a JSP or XML file, and then call
encrypt(byte[] b, String any).

I am also reporting this one to Sun.

Verna


-----------------------------

import javax.crypto.*;
import java.security.cert.Certificate;
import java.io.*;
import java.security.*;
import java.security.Provider;
import java.security.Security;
import com.sun.crypto.provider.SunJCE;



public class CryptoSecurity
{
   
    private final String keyStoreFileName = ".\\store\\cryptokeystore";
    private final String cryptoFileDirectory = ".\\crypto";

    private final String keyStorePassword = "cryptodemo";
    private final String keyPasswordPrefix = "hpcryptox";
    
     KeyStore keyStore = null;
     SecretKey key = null;
    /* 
    
    CryptoSecurity constructor 
       
    */
    public CryptoSecurity() 
    { 
        Security.addProvider((Provider)(new
com.sun.crypto.provider.SunJCE()));
        loadKeyStore(keyStoreFileName, keyStorePassword);
    }
    
    
    
    public byte[] encrypt(byte[] clearText, String keyAlias)
    {
        //Get a new secret key.
        SecretKey key = getKey(keyAlias);
        return encrypt(clearText, key, getCipher());
    }
    
    private SecretKey getKey(String fileName)
    {
        SecretKey key = null;
        if (keyStore == null)
        {
            keyStore = newKeyStore(keyStorePassword);
        }
        else
        {
            key = getKeyFromKeyStore(fileName, keyPasswordPrefix +
fileName, keyStore);
        }
        if (key == null)
        {
            //Get a new secret key.
            key = createNewKey();
            
            //The alias is the file name. 
            //The password is derived from the file name by prepending
it with keyPasswordPrefix.
            setKeyEntryInKeyStore(fileName, keyPasswordPrefix +
fileName, key, keyStore);
            saveKeyStore(keyStoreFileName, keyStorePassword, keyStore);
        }
        return key;
    }
    
    private void encrypt(byte[] clearText, byte[] cipherText, String
fileName)
    {
        
        //Get a new secret key.
        SecretKey key = getKey(fileName);
        cipherText = encrypt(clearText, key, getCipher());
        
    }

    /* 
        encrypts input bytes using the specified key and cipher and
returns
       the encrypted bytes
    */
    private byte[] encrypt(byte[] clearText, SecretKey key, Cipher
cipher) 
    {
        try 
        {
            cipher.init(Cipher.ENCRYPT_MODE, key); 
            byte[] cipherText = cipher.doFinal(clearText); //encrypt the
bytes
            return cipherText;
        }
        catch(InvalidKeyException e) 
        {
            e.printStackTrace();
        }
        catch(IllegalBlockSizeException e)
        {
            e.printStackTrace();
        }
        catch(BadPaddingException e)
        {
            e.printStackTrace();
        }
        return new byte[1];
    } 
   
    
    private void decrypt(byte[] clearText, byte[] cipherText, String
fileName)
    {
        //Load the keystore
        KeyStore keyStore = loadKeyStore(keyStoreFileName,
keyStorePassword);
        //Get the secret key.
        //The alias is the file name. 
        //The password is derived from the file name by prepending it
with keyPasswordPrefix.
        SecretKey key = getKeyFromKeyStore(fileName, keyPasswordPrefix +
fileName, keyStore);
        clearText = decrypt(cipherText, key, getCipher());
    }
    /* 
        decrypts input bytes using the current key and
        returns the decrypted bytes
    */
    private byte[] decrypt(byte[] cipherText, SecretKey key, Cipher
cipher) 
    { 
        try 
        {
            cipher.init(Cipher.DECRYPT_MODE, key); 
            byte[] clearText = cipher.doFinal(cipherText);
            return clearText;
        }
        catch(InvalidKeyException e) 
        {
            e.printStackTrace();
        }
        catch(IllegalBlockSizeException e)
        {
            e.printStackTrace();
        }
        catch(BadPaddingException e)
        {
            e.printStackTrace();
        }
        return new byte[1]; 
    }
    
    /* void newKeyStore(password)
       creates a new keystore protected with the password
    */
    private KeyStore newKeyStore(String password) 
    {
        KeyStore keyStore = null;
	    try 
	    {
	        keyStore = KeyStore.getInstance("JCEKS", "SunJCE");
            char passwd[] = new char[password.length()];
            password.getChars(0, password.length(), passwd, 0);
            keyStore.load(null, passwd);
	    }
	    catch (KeyStoreException e) 
	    {
            e.printStackTrace();
        }
	    catch (NoSuchProviderException e) 
	    {
            e.printStackTrace();
        }
	    catch (java.security.cert.CertificateException e) 
	    {
           e.printStackTrace();
        }
	    catch (NoSuchAlgorithmException e) 
	    {
            e.printStackTrace();
        }
	    catch (IOException e) 
	    {
            e.printStackTrace();
        }
	    return keyStore;
	}
	
	/*  void saveKeyStore(String fileName, String password)
	    saves the current keyStore to disk
	*/
	private void saveKeyStore(String fileName, String password, KeyStore
keyStore) 
	{
	    try 
	    {    
	        char passwd[] = new char[password.length()];
	        password.getChars(0, password.length(), passwd, 0);
	        FileOutputStream f = new FileOutputStream(fileName);
	        keyStore.store(f, passwd);
	    }
	    catch (FileNotFoundException e) 
	    {
	        e.printStackTrace();
	    }
	    catch (KeyStoreException e) 
	    {
            e.printStackTrace();
        }
	    catch (IOException e) 
	    {
            e.printStackTrace();
        }
	    catch (NoSuchAlgorithmException e) 
	    {
	        e.printStackTrace();
	    }
	    catch (java.security.cert.CertificateException e) 
	    {
           e.printStackTrace();
        }
	}
    
    /*  void loadKeyStore(String fileName, String password)
        load the keyStore from disk
    */
    private KeyStore loadKeyStore(String fileName, String password) 
    {
        KeyStore keyStore = null;
        try 
        {
	        char passwd[] = new char[password.length()];
	        password.getChars(0, password.length(), passwd, 0); //convert
the String password into char[]
	        
	        FileInputStream f = new FileInputStream(fileName);
	        keyStore.load(f, passwd); //load the keyStore
	    }
	    catch(FileNotFoundException e)
	    {
	        e.printStackTrace();
	    }
	    catch(IOException e)
	    {
	        e.printStackTrace();
	    }
	    catch(NoSuchAlgorithmException e)
	    {
	        e.printStackTrace();
	    }
	    catch (java.security.cert.CertificateException e) 
	    {
           e.printStackTrace();
        }
	    return keyStore;
    }
    
    /*  void setKeyEntryInKeyStore(String alias, String password)
        puts a key into the keyStore undert the alias and protected
        by the password
    */
    private void setKeyEntryInKeyStore(String alias, String password,
SecretKey key, KeyStore keyStore) 
    {
        try 
        {
            Certificate[] chain = new Certificate[1]; //certificate not
needed for storing des keys
            char passwd[] = new char[password.length()]; 
	        password.getChars(0, password.length(), passwd, 0); //convert
the String password into char[]
	        
            keyStore.setKeyEntry(alias, key, passwd, chain); //store the
key
        }
        catch (KeyStoreException e) 
        {
	        e.printStackTrace();
	    }
    }
    
    /*  void getKeyFromKeyStore(String alias, String password)
        retrieves key with alias and protected by password from
        the current keyStore
    */
    private SecretKey getKeyFromKeyStore(String alias, String password,
KeyStore keyStore) 
    {
        SecretKey key = null;
        try 
        {
            char passwd[] = new char[password.length()];
	        password.getChars(0, password.length(), passwd, 0); //convert
the String password into char[]
	        
            key = (SecretKey)(keyStore.getKey(alias, passwd));
//retrieve the key from the keyStore
        }
        catch (KeyStoreException e) 
        {
	        e.printStackTrace();
	    }
	    catch(NoSuchAlgorithmException e)
	    {
	        e.printStackTrace();
	    }
	    catch(UnrecoverableKeyException e)
	    {
	    }
	    return key; 
	    
    }
    
    /*  
    void createNewKey()
    */
    private SecretKey createNewKey() 
    {
        SecretKey key = null;
        try 
        {
            key = KeyGenerator.getInstance("DES").generateKey();
        }
	    catch(NoSuchAlgorithmException e)
	    {
	        e.printStackTrace();
	    }
        return key;
    }
    /*
    Get the cipher.
    */
    private Cipher getCipher()
    {
        try
        {
            return Cipher.getInstance("DES/ECB/PKCS5Padding");
        }
	    catch(NoSuchAlgorithmException e)
	    {
	        e.printStackTrace();
	    }
	    catch(NoSuchPaddingException e)
	    {
	        e.printStackTrace();
	    }
	    return null;
    }
} 


Verna Knapp wrote:
> 
> This is starting to look more and more like a tomcat problem.
> 
> I am able to reproduce this bug both with cocoon and without cocoon
> installed, and on more than one machine.
> 
> The environment is:
> JCE1.2.1beta
> JDK1.3
> Tomcat 3.1
> (sometimes...Cocoon 1.7.4)
> 
> Windows NT 4.0 svc pack 5
> 
> This is very similar to a bug that happens when using JDK1.2.x. Right
> now the Sun site reports that JDK1.3 must be used to avoid the problem.
> The bug itself is in the JCE. However, it should not appear if JDK1.3 is
> being used.
> 
> I don't encounter the bug when executing the same code without Tomcat,
> just using the jdk 1.3 java. This makes me wonder what tomcat is doing
> to stir it up, and whether it is the same bug as the one reported on the
> Sun site or not.
> 
> What looks like the same bug is also reported in the archives by another
> user who was using Solaris and WebLogic. In that user's case, he was
> trying to getCipher rather than generate a key. It is probably the same
> bug, though.
> 
> I compile with the JDK compiler. JDK1.2.x of any flavor is not installed
> on one of the two machines I reproduced this on.
> 
> I have a version of this that happens with XSP/XML under cocoon, and
> another that happens at the same place in a JSP. Both instantiate a
> class and call it.
> 
> Verna Knapp
> vernak@navicom.com
> Verna_Knapp@cv.hp.com
> 
>              java.lang.ExceptionInInitializerError:
> java.lang.SecurityException: Cannot set up certs for trusted CAs
>                      at javax.crypto.b.([DashoPro-V1.2-120198])
>                      at
> javax.crypto.KeyGenerator.getInstance([DashoPro-V1.2-120198])
>                      at
> CryptoSecurity.createNewKey(CryptoSecurity.java:442)
>                      at CryptoSecurity.getKey(CryptoSecurity.java:130)
>                      at CryptoSecurity.encrypt(CryptoSecurity.java:112)
>                      at
> _I_._jakarta_tomcat._webapps._encryptDecrypt._encrypt.encrypt(_encrypt.java:62)
>                      at
> _I_._jakarta_tomcat._webapps._encryptDecrypt._encrypt.populateDocument(_encrypt.java:183)
>                      at
> org.apache.cocoon.processor.xsp.XSPPage.getDocument(XSPPage.java:96)
>                      at
> org.apache.cocoon.processor.xsp.XSPProcessor.process(XSPProcessor.java:456)
>                      at org.apache.cocoon.Engine.handle(Engine.java:305)
>                      at
> org.apache.cocoon.Cocoon.service(Cocoon.java:167)
>                      at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
>                      at
> org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWrapper.java:503)
>                      at
> org.apache.tomcat.core.ContextManager.service(ContextManager.java:559)
>                      at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:160)
>                      at
> org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.java:338)
>                      at java.lang.Thread.run(Unknown Source)

Mime
View raw message