diff --git a/README.md b/README.md index a6188c173..21fac2960 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ These are the source of the GeneXus Standard Classes for Java, valid since GeneX | Name | Description |---|--- | common | Classes common to Android and Java -| gxcryptocommon | Classes common to Android and Java related to Cryptography | gxmail | Classes related to mail handling | java | Java standard classes, output is gxclassr.jar | wrappercommon | Interfaces to encapsulate Java EE and Jakarta EE support, output is gxwrappercommon.jar diff --git a/android/pom.xml b/android/pom.xml index 3324e42a4..c25bbfb93 100644 --- a/android/pom.xml +++ b/android/pom.xml @@ -14,21 +14,6 @@ GeneXus Standard Classes for Android - - ${project.groupId} - gxcryptocommon - ${project.version} - - - commons-io - commons-io - - - org.bouncycastle - bcprov-jdk18on - - - ${project.groupId} gxcommon diff --git a/android/src/main/java/com/genexus/cryptography/GXAsymEncryption.java b/android/src/main/java/com/genexus/cryptography/GXAsymEncryption.java deleted file mode 100644 index bb06fb5b7..000000000 --- a/android/src/main/java/com/genexus/cryptography/GXAsymEncryption.java +++ /dev/null @@ -1,173 +0,0 @@ -package com.genexus.cryptography; - -import com.genexus.cryptography.encryption.asymmetric.CipherAsymProvider; -import com.genexus.cryptography.encryption.asymmetric.IGXAsymEncryption; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; - -public class GXAsymEncryption { - - private static final String DEFAULT_SYM_ALGORITHM = "RSA"; - private static final String DEFAULT_SYM_PADDING = "PKCS1Padding"; - private static final String DEFAULT_SYM_MODE = "ECB"; - - private static final String SHA256_SYM_PADDING = "OAEPWithSHA-256AndMGF1Padding"; - - private int _lastError; - private String _lastErrorDescription; - private String _algorithm; - - private GXCertificate _cert; - private IGXAsymEncryption _asymAlg; - private boolean _isDirty; - - public GXAsymEncryption() { - _isDirty = true; - _algorithm = String.format("%s/%s/%s", DEFAULT_SYM_ALGORITHM, - DEFAULT_SYM_MODE, DEFAULT_SYM_PADDING); - initialize(); - } - - private void initialize() { - if (_isDirty) { - // Support algorithms = RSA only for now.. - // SHA256 ? - setError(0); - - if (_cert != null && _cert.certLoaded() == true) { - try { - _asymAlg = new CipherAsymProvider(_algorithm, - _cert.getPublicKey(), _cert.getPrivateKey()); - _isDirty = false; - } catch (AlgorithmNotSupportedException e) { - setError(2); - } - } else { - setError(4); - } - } - } - - public String encrypt(String text) { - initialize(); - String encrypted = ""; - if (!anyError()) { - try { - encrypted = _asymAlg.encrypt(text); - } catch (PublicKeyNotFoundException e) { - setError(4); - } catch (EncryptionException e) { - setError(3); - Utils.logError(e); - } - } - return encrypted; - } - - public String decrypt(String text) { - initialize(); - String decrypted = ""; - if (!anyError()) { - - try { - decrypted = _asymAlg.decrypt(text); - } catch (PrivateKeyNotFoundException e) { - setError(5); - } catch (EncryptionException e) { - setError(3); - Utils.logError(e); - } - } - return decrypted; - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = Constants.OK; - break; - case 1: - break; - case 2: - _lastErrorDescription = Constants.ALGORITHM_NOT_SUPPORTED; - break; - case 3: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 4: - _lastErrorDescription = ""; - break; - case 5: - _lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT; - break; - default: - break; - } - if (!errDsc.equals("")) { - _lastErrorDescription = errDsc; - } - } - - public String getAlgorithm() { - return _algorithm; - } - - public void setAlgorithm(String value) - { - //Android , https://developer.android.com/reference/android/security/keystore/KeyProperties.html#KEY_ALGORITHM_AES - // RSA == RSA - // only support RSA https://developer.android.com/reference/javax/crypto/Cipher.html - // change to Android KeyProperties - //if (value.equalsIgnoreCase("SHA1")) { value = "HmacSHA1"; } - //if (value.equalsIgnoreCase("SHA256")) { value = "HmacSHA256"; } - //if (value.equalsIgnoreCase("SHA512")) { value = "HmacSHA512"; } - - // convert sha256 to RSA with sha256 - if (value.equalsIgnoreCase("SHA256")) - { - value = String.format("%s/%s/%s", DEFAULT_SYM_ALGORITHM, DEFAULT_SYM_MODE, - SHA256_SYM_PADDING); - } - else - { - value = String.format("%s/%s/%s", value, DEFAULT_SYM_MODE, - DEFAULT_SYM_PADDING); - } - _isDirty = _isDirty || !value.equals(_algorithm); - _algorithm = value; - } - - public GXCertificate getCertificate() { - return _cert; - - } - - public void setCertificate(GXCertificate cert) { - _isDirty = _isDirty || cert != _cert; - _cert = cert; - } - - private boolean anyError() { - - if (_cert == null || (!_cert.certLoaded() == true)) { - setError(4); // Certificate not initialized - } - return _lastError != 0; - - } - - public int getErrCode() { - return _lastError; - } - - public String getErrDescription() { - return _lastErrorDescription; - } -} diff --git a/android/src/main/java/com/genexus/cryptography/GXSymEncryption.java b/android/src/main/java/com/genexus/cryptography/GXSymEncryption.java deleted file mode 100644 index fb6c24d45..000000000 --- a/android/src/main/java/com/genexus/cryptography/GXSymEncryption.java +++ /dev/null @@ -1,214 +0,0 @@ -package com.genexus.cryptography; - -import java.security.NoSuchAlgorithmException; - -import javax.crypto.NoSuchPaddingException; - -import com.genexus.cryptography.encryption.symmetric.CipherSymProvider; -import com.genexus.cryptography.encryption.symmetric.IGXSymEncryption; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.InvalidKeyLengthException; - -public class GXSymEncryption { - - private int _lastError; - private String _lastErrorDescription; - private IGXSymEncryption _symAlg; // Algorithm instance - private String _algorithm; - private String _key = ""; // key - private String _iv = ""; // initialization vector - private boolean isDirty; - private int _keySize; - private int _blockSize; - - public GXSymEncryption() { - isDirty = true; - _algorithm = String.format("%s/%s/%s", Constants.DEFAULT_SYM_ALGORITHM, Constants.DEFAULT_SYM_MODE, - Constants.DEFAULT_SYM_PADDING); - } - - private void Initialize() { - if (isDirty) { - // Supported algorithms = {Rijndael, DES, RC2, TripleDES} - setError(0); - - try { - _symAlg = new CipherSymProvider(_algorithm); - if (validPropertyValue(_key)) { - _symAlg.setKey(_key); - } - if (validPropertyValue(_iv)) { - _symAlg.setIV(_iv); - } - if (_blockSize > 0) { - _symAlg.setBlockSize(_blockSize); - } - if (_keySize > 0) { - _symAlg.setKeySize(_keySize); - } - isDirty = false; - } catch (NoSuchAlgorithmException e) { - setError(2); - Utils.logError(e); - } catch (NoSuchPaddingException e) { - setError(3); - Utils.logError(e); - } catch (InvalidKeyLengthException e) { - setError(4, e.getMessage()); - Utils.logError(e); - } catch (AlgorithmNotSupportedException e) { - setError(2); - Utils.logError(e); - } - - } - } - - private boolean validPropertyValue(String value) { - return value != null && !value.equals(""); - } - - public String encrypt(String text) { - Initialize(); - String encrypted = ""; - if (!anyError()) { - try { - encrypted = _symAlg.encrypt(text); - } catch (EncryptionException e) { - setError(1); - Utils.logError(e); - } - } - return encrypted; - } - - public String decrypt(String text) { - Initialize(); - String decrypted = ""; - if (!anyError()) { - try { - if (getIV().equals("")){ - setError(5); - return ""; - } - decrypted = _symAlg.decrypt(text); - } catch (EncryptionException e) { - setError(1); - Utils.logError(e); - } - } - return decrypted; - } - - public String getAlgorithm() { - return _algorithm; - } - - public void setAlgorithm(String algorithm) - { - //Android , https://developer.android.com/reference/android/security/keystore/KeyProperties.html#KEY_ALGORITHM_AES - // Rijndael == AES - // TripleDES == DESede - // SHA-256 == HmacSHA256 - // change to Android KeyProperties - if (algorithm.equalsIgnoreCase("Rijndael")) { algorithm = "AES"; } - if (algorithm.equalsIgnoreCase("TripleDES")) { algorithm = "DESede"; } - if (algorithm.equalsIgnoreCase("SHA-256")) { algorithm = "HmacSHA256"; } - - - algorithm = String.format("%s/%s/%s", algorithm, Constants.DEFAULT_SYM_MODE, Constants.DEFAULT_SYM_PADDING); - isDirty = isDirty || !this._algorithm.equals(algorithm); - this._algorithm = algorithm; - } - - public String getKey() { - if (!anyError() && _symAlg != null) - return _symAlg.getKey(); - return _key; - } - - public void setKey(String key) { - isDirty = isDirty || !this._key.equals(key); - this._key = key; - } - - public String getIV() { - if (!anyError() && _symAlg != null) - return _symAlg.getIV(); - return _iv; - } - - public void setIV(String iv) { - isDirty = isDirty || !this._iv.equals(iv); - this._iv = iv; - } - - public int getKeySize() { - if (!anyError() && _symAlg != null) - return _symAlg.getKeySize(); - return _keySize; - } - - public void setKeySize(int keySize) { - isDirty = isDirty || this._keySize != keySize; - this._keySize = keySize; - - } - - public int getBlockSize() { - if (!anyError() && _symAlg != null) - return _symAlg.getBlockSize(); - return _blockSize; - } - - public void setBlockSize(int blockSize) { - isDirty = isDirty || this._blockSize != blockSize; - this._blockSize = blockSize; - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = ""; - break; - case 1: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 2: - _lastErrorDescription = Constants.ALGORITHM_NOT_SUPPORTED; - break; - case 3: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 4: - _lastErrorDescription = Constants.KEY_NOT_VALID; - break; - case 5: - _lastErrorDescription = "IV must be set for Decryption"; - break; - default: - break; - } - if (!errDsc.equals("")) { - _lastErrorDescription = errDsc; - } - } - - private boolean anyError() { - return _lastError != 0; - } - - public int getErrCode() { - return _lastError; - } - - public String getErrDescription() { - return _lastErrorDescription; - } -} \ No newline at end of file diff --git a/gxcryptocommon/pom.xml b/gxcryptocommon/pom.xml deleted file mode 100644 index b54f8b607..000000000 --- a/gxcryptocommon/pom.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - 4.0.0 - - - com.genexus - parent - ${revision}${changelist} - - - gxcryptocommon - GeneXus Cryptography - - - - ${project.groupId} - gxcommon - ${project.version} - - - org.bouncycastle - bcpkix-jdk18on - 1.75 - - - org.apache.santuario - xmlsec - 2.2.3 - - - * - * - - - - - org.slf4j - slf4j-nop - 1.7.7 - - - * - * - - - - - - - gxcryptocommon - - diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXCertificate.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/GXCertificate.java deleted file mode 100644 index 4d01e3e52..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXCertificate.java +++ /dev/null @@ -1,412 +0,0 @@ -package com.genexus.cryptography; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidator; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.PKIXParameters; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.List; - -import com.genexus.CommonUtil; -import com.genexus.util.Base64; - -public class GXCertificate { - // static readonly ILog log = - // LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); - - private X509Certificate _cert; - private int _lastError; - private String _lastErrorDescription; - private String _alias; - private PrivateKey _privateKey; - private PublicKey _publicKey; - - public GXCertificate() { - - } - - public GXCertificate(String certPath, String storePassword) { - load(certPath, storePassword); - } - public GXCertificate(String certPath, String storePassword, String pKeyPassword) { - load(certPath, storePassword, pKeyPassword); - } - - public int fromBase64(String base64Data) { - try { - byte[] dataBuffer = Base64.decode(base64Data); - ByteArrayInputStream bI = new ByteArrayInputStream(dataBuffer); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - _cert = (X509Certificate) cf.generateCertificate(bI); - } catch (CertificateException e) { - setError(1); - Utils.logError(e); - } - return _lastError; - } - - public int load(String certPath, String storePassword) { - return load(certPath, storePassword, storePassword); - } - public int load(String certPath, String storePassword, String pKeyPassword) { - setError(0); - try (FileInputStream inStream = new FileInputStream(certPath)){ - String lowerCertPath = certPath.toLowerCase(); - if (lowerCertPath.endsWith(".pfx") || lowerCertPath.endsWith(".jks") || lowerCertPath.endsWith(".bks") || lowerCertPath.endsWith(".p12")) { - KeyStore ks = null; - if (lowerCertPath.endsWith(".pfx") || lowerCertPath.endsWith(".p12")) { - ks = KeyStore.getInstance("PKCS12"); - - } else if (lowerCertPath.endsWith(".bks")) { - ks = KeyStore.getInstance("BKS"); - - } else { - ks = KeyStore.getInstance("JKS"); - } - ks.load(inStream, storePassword.toCharArray()); - _alias = ks.aliases().nextElement(); - _cert = (X509Certificate) ks.getCertificate(_alias); - _publicKey = _cert.getPublicKey(); - try { - Key key = ks.getKey(_alias, pKeyPassword.toCharArray()); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(key.getEncoded()); - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - _privateKey = keyFactory.generatePrivate(keySpec); - } catch (UnrecoverableKeyException e) { - setError(5); - } - } else if (certPath.endsWith(".cer")) { // No private key - CertificateFactory factory2 = CertificateFactory.getInstance("X.509"); - _cert = (X509Certificate) factory2.generateCertificate(inStream); - _publicKey = _cert.getPublicKey(); - } else { - setError(1); - } - } catch (FileNotFoundException e) { - // Certificate Path is not valid. - setError(3); - } catch (KeyStoreException e) { - setError(1); - Utils.logError(e); - } catch (NoSuchAlgorithmException e) { - Utils.logError(e); - } catch (CertificateException e) { - setError(1); - Utils.logError(e); - } catch (IOException e) { - setError(1); - Utils.logError(e); - } catch (InvalidKeySpecException e) { - setError(1); - Utils.logError(e); - } - return 0; - } - - public String getSerialNumber() { - String value = ""; - if (certLoaded()) { - value = _cert.getSerialNumber().toString(); - value = new BigInteger(value).toString(16); - } - return value; - } - - public String getSubject() { - - String value = ""; - if (certLoaded()) { - value = _cert.getSubjectDN().getName(); - } - return value; - - } - - public int getVersion() { - int value = 0; - if (certLoaded()) { - value = _cert.getVersion(); - } - return value; - - } - - public String getIssuer() { - - String value = ""; - if (certLoaded()) { - value = _cert.getIssuerDN().getName(); - } - return value; - - } - - public String getThumbprint() { - return ""; - } - - public Date getNotAfter() { - - Date value = CommonUtil.resetTime(CommonUtil.nullDate()); - if (certLoaded()) { - value = _cert.getNotAfter(); - } - return value; - - } - - public Date getNotBefore() { - - Date value = CommonUtil.resetTime(CommonUtil.nullDate()); - if (certLoaded()) { - value = _cert.getNotBefore(); - } - return value; - - } - - public PrivateKey getPrivateKey() { - return _privateKey; - - } - - public PublicKey getPublicKey() { - - return _publicKey; - } - - public String toBase64() { - String base64Encoded = ""; - if (certLoaded()) { - try { - base64Encoded = Base64.encodeBytes(_cert.getEncoded()); - setError(0); - } catch (CertificateEncodingException e) { - setError(6); - Utils.logError(e); - } - } else { - setError(1); - } - return base64Encoded; - } - - public boolean hasPrivateKey() { - if (certLoaded()) { - return _privateKey != null; - } - return false; - } - - /** - * Verifies a certificate. Checks its validity period and tries to find a - * trusted certificate from given list of trusted certificates that is - * directly signed given certificate. The certificate is valid if no - * exception is thrown. - * - * @param aCertificate - * the certificate to be verified. - * @param aTrustedCertificates - * a list of trusted certificates to be used in the verification - * process. - * - * @throws CertificateExpiredException - * if the certificate validity period is expired. - * @throws CertificateNotYetValidException - * if the certificate validity period is not yet started. - * @throws CertificateValidationException - * if the certificate is invalid (can not be validated using the - * given set of trusted certificates. - */ - - public void check() { - try { - // To check the validity of the dates - _cert.checkValidity(); - // Check the chain - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - List mylist = new ArrayList(); - mylist.add(_cert); - CertPath cp = cf.generateCertPath(mylist); - PKIXParameters params = new PKIXParameters(getTrustStore()); - params.setRevocationEnabled(false); - CertPathValidator cpv = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); - cpv.validate(cp, params); - } catch (Exception e) { - - } - } - - private static KeyStore trustStore; - - public KeyStore getTrustStore() { - if (trustStore == null) { - FileInputStream is = null; - try { - String filename = System.getProperty("java.home") - + "/lib/security/cacerts".replace('/', File.separatorChar); - is = new FileInputStream(filename); - KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(is, "changeit".toCharArray()); - is.close(); - trustStore = keyStore; - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - finally { - try {if (is != null) is.close();} catch (IOException e) {e.printStackTrace();} - } - } - return trustStore; - } - - public boolean verify() { - if (certLoaded()) { - return verifyCertificateFromCaCerts(); - } - return false; - } - - private boolean verifyCertificateFromCaCerts() { - String filename = System.getProperty("java.home") - + "/lib/security/cacerts".replace('/', File.separatorChar); - try (FileInputStream is = new FileInputStream(filename);){ - KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); - String password = "changeit"; - keystore.load(is, password.toCharArray()); - - Enumeration aliases = keystore.aliases(); - List certs = new ArrayList(); - while (aliases.hasMoreElements()) { - String alias = aliases.nextElement(); - certs.add((X509Certificate) keystore.getCertificate(alias)); - } - - X509Certificate[] certsArray = certs.toArray(new X509Certificate[certs.size()]); - - return GXCertificate.verifyCertificate(_cert, certsArray); - - } catch (Exception e) { - e.printStackTrace(); - } - return false; - } - - private static boolean verifyCertificate(X509Certificate aCertificate, X509Certificate[] aTrustedCertificates) - throws GeneralSecurityException { - // First check certificate validity period - aCertificate.checkValidity(); - - // Check if the certificate is signed by some of the given trusted certs - for (int i = 0; i < aTrustedCertificates.length; i++) { - X509Certificate trustedCert = aTrustedCertificates[i]; - try { - aCertificate.verify(trustedCert.getPublicKey()); - // Found parent certificate. Certificate is verified to be valid - return true; - } catch (GeneralSecurityException ex) { - // Certificate is not signed by current trustedCert. Try the - // next - } - } - - // Certificate is not signed by any of the trusted certs --> it is - // invalid - return false; - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = Constants.OK; - break; - case 1: - _lastErrorDescription = Constants.CERT_NOT_LOADED; - break; - case 2: - _lastErrorDescription = Constants.CERT_NOT_TRUSTED; - break; - case 3: - _lastErrorDescription = Constants.CERT_NOT_FOUND; - break; - case 4: - _lastErrorDescription = Constants.CERT_NOT_INITIALIZED; - break; - case 5: - _lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT; - break; - case 6: - _lastErrorDescription = Constants.CERT_ENCODING_EXCEPTION; - break; - default: - break; - } - if (!errDsc.equals("")) { - if (!_lastErrorDescription.equals("")) { - _lastErrorDescription = String.format("%s - %s", _lastErrorDescription, errDsc); - } else { - _lastErrorDescription = errDsc; - } - } - } - - public X509Certificate getCertificate() { - return _cert; - } - - public boolean certLoaded() { - return _cert != null; - } - - public int getErrCode() { - - return _lastError; - - } - - public String getErrDescription() { - - return _lastErrorDescription; - - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXSigning.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/GXSigning.java deleted file mode 100644 index 3ed384b16..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXSigning.java +++ /dev/null @@ -1,228 +0,0 @@ -package com.genexus.cryptography; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.GeneralSecurityException; - -import org.apache.commons.codec.binary.Base64; -import org.bouncycastle.cms.CMSException; - -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; -import com.genexus.cryptography.exception.SignatureException; -import com.genexus.cryptography.signing.IPkcsSign; -import com.genexus.cryptography.signing.standards.PKCS1Signature; -import com.genexus.cryptography.signing.standards.PKCS7Signature; -import com.genexus.cryptography.Utils.PKCSStandard; - -public class GXSigning { - - private GXCertificate _cert; - private String _alg; - private String _hashAlgorithm; - private String _signAlgorithm; - private IPkcsSign _sign; - private int _lastError; - private String _lastErrorDescription; - private Boolean isDirty; - private Boolean _validateCertificates; - private PKCSStandard _standard; - - public GXSigning() { - isDirty = true; - _validateCertificates = true; - _standard = Constants.DEFAULT_DIGITAL_SIGNATURE_STANDARD; - - _signAlgorithm = Constants.DEFAULT_DIGITAL_SIGNATURE_ALGORITHM_NAME; - _hashAlgorithm = Constants.DEFAULT_DIGITAL_SIGNATURE_HASH_ALGORITHM_NAME; - } - - public String sign(String text, Boolean detached) { - Initialize(); - String signed = ""; - if (!anyError()) { - try { - _sign.setCertificate(_cert.getCertificate()); - if (_standard == PKCSStandard.PKCS7) { - ((PKCS7Signature) _sign).setDetached(detached); - } - signed = _sign.sign(text.getBytes(Constants.UNICODE)); - } catch (PrivateKeyNotFoundException e) { - setError(5); - } catch (UnsupportedEncodingException e) { - Utils.logError(e); - setError(6, e.getMessage()); - } catch (GeneralSecurityException e) { - Utils.logError(e); - setError(6, e.getMessage()); - } catch (CMSException e) { - Utils.logError(e); - setError(6, e.getMessage()); - } catch (IOException e) { - Utils.logError(e); - setError(6, e.getMessage()); - } catch (PublicKeyNotFoundException e) { - setError(4); - } - } - return signed; - - } - - public Boolean verify(String signature, String text, Boolean detached) { - - Initialize(); - Boolean ok = false; - if (!anyError()) { - try { - _sign.setCertificate(_cert.getCertificate()); - if (_standard == PKCSStandard.PKCS7) { - ((PKCS7Signature) _sign).setDetached(detached); - } - ok = _sign.verify(text.getBytes(Constants.UNICODE), Base64.decodeBase64(signature)); - } catch (UnsupportedEncodingException e) { - Utils.logError(e); - setError(6); - } catch (GeneralSecurityException e) { - Utils.logError(e); - setError(6); - } catch (PublicKeyNotFoundException e) { - setError(4); - } catch (SignatureException e) { - Utils.logError(e); - setError(6, e.getMessage()); - } - } - return ok; - - } - - private void Initialize() { - if (isDirty) { - String algorithm = String.format("%swith%s", _hashAlgorithm, _signAlgorithm); - switch (_standard) { - case PKCS1: - _sign = new PKCS1Signature(algorithm, _cert.getCertificate(), _cert.getPrivateKey()); - break; - case PKCS7: - _sign = new PKCS7Signature(algorithm, _cert.getCertificate(), _cert.getPrivateKey()); - break; - default: - break; - } - - isDirty = false; - } - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = ""; - break; - case 1: - break; - case 2: - _lastErrorDescription = Constants.ALGORITHM_NOT_SUPPORTED; - break; - case 3: - _lastErrorDescription = "Invalid Algorithm format"; - break; - case 4: - _lastErrorDescription = Constants.CERT_NOT_INITIALIZED; - break; - case 5: - _lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT; - break; - case 6: - _lastErrorDescription = Constants.SIGNATURE_EXCEPTION; - break; - default: - break; - } - if (!errDsc.equals("")) { - if (!_lastErrorDescription.equals("")) { - _lastErrorDescription = String.format("%s - %s", _lastErrorDescription, errDsc); - } else { - _lastErrorDescription = errDsc; - } - } - } - - public void setValidateCertificate(Boolean validate) { - this._validateCertificates = validate; - } - - public Boolean getValidateCertificate() { - return this._validateCertificates; - } - - public void setStandard(String std) { - PKCSStandard oldV = _standard; - if (std.equals("PKCS7")) { - _standard = PKCSStandard.PKCS7; - } else if (std.equals("PKCS1")) { - _standard = PKCSStandard.PKCS1; - } else { - setError(2); // Algorithm not supported - } - - isDirty = isDirty || oldV != _standard; - } - - public String getStandard() { - return _standard.toString(); - } - - public void setAlgorithm(String value) { - - isDirty = isDirty || !value.equals(_alg); - _alg = value; - String[] parts = _alg.split(" "); - if (parts.length == 2) // Format Example: MD5 RSA. - { - String hash = parts[0]; - String sign = parts[1]; - - _hashAlgorithm = hash; - _signAlgorithm = sign; - } else { - setError(3); - // invalid format algorithm. - } - - } - - public GXCertificate getCertificate() { - return _cert; - } - - public void setCertificate(GXCertificate cert) { - this._cert = cert; - } - - private Boolean anyError() { - - if (_cert == null || (_cert != null && !_cert.certLoaded())) { - setError(4); // Certificate not initialized - } - return _lastError != 0; - } - - public int getErrCode() { - - return _lastError; - - } - - public String getErrDescription() { - - return _lastErrorDescription; - - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXXMLDsig.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/GXXMLDsig.java deleted file mode 100644 index d09e969c7..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/GXXMLDsig.java +++ /dev/null @@ -1,344 +0,0 @@ -package com.genexus.cryptography; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathFactory; - -import org.apache.xml.security.exceptions.XMLSecurityException; -import org.apache.xml.security.keys.KeyInfo; -import org.apache.xml.security.keys.content.X509Data; -import org.apache.xml.security.signature.XMLSignature; -import org.apache.xml.security.signature.XMLSignatureException; -import org.apache.xml.security.transforms.Transforms; -import org.apache.xml.security.utils.ElementProxy; -import org.apache.xml.security.utils.XMLUtils; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -import com.genexus.cryptography.signing.xml.Canonicalizer; -import com.genexus.internet.StringCollection; - -public class GXXMLDsig { - - private PrivateKey _pKey; - private X509Certificate _cert; - private GXCertificate _gxCert; - - private List _references; - private String _canonicalizationMethod; - private boolean _detached; - private StringCollection _keyInfoClauses; - private int _lastError; - private String _lastErrorDescription; - private boolean _validateCertificate; - - public GXXMLDsig() { - _references = new ArrayList(); - _keyInfoClauses = new StringCollection() { - { - add("X509IssuerSerial"); - add("X509SubjectName"); - add("X509Certificate"); - } - }; - _canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; - _detached = false; - } - - private void initialize() { - setError(0); - } - - public void addReference(String reference) { - _references.add(reference); - } - - public String sign(String xml) { - return signElements(xml, ""); - } - - public String signElements(String xml, String xPath) { - initialize(); - if (!anyError()) { - if (!_gxCert.hasPrivateKey()) - { - setError(5); - return ""; - } - try { - - Document doc = Utils.documentFromString(Canonicalizer.canonize(xml), true); - if (doc == null) { - setError(2); - return ""; - } - ArrayList list = new ArrayList(); - - if (xPath.equals("")) { - list.add(doc.getDocumentElement()); - } else { - XPath xPathHelper = XPathFactory.newInstance().newXPath(); - NodeList nodeList = (NodeList) xPathHelper.evaluate(xPath, doc, XPathConstants.NODESET); - for (int i = 0; i < nodeList.getLength(); i++) { - list.add((Element) nodeList.item(i)); - } - } - - for (int i = 0; i < list.size(); i++) { - - Element element = (Element) list.get(i); - - // Create a DOM XMLSignatureFactory that will be used to - // generate the enveloped signature. - - // removes signature element if present. - NodeList nodeListSignature = element.getElementsByTagName("Signature"); - for (int j = 0; j < nodeListSignature.getLength(); j++) { - Node parentSignature = nodeListSignature.item(j).getParentNode(); - parentSignature.removeChild(nodeListSignature.item(j)); - } - - DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance(); - DocumentBuilder docBuilder = dbfac.newDocumentBuilder(); - Document docToBeSigned = docBuilder.newDocument(); - - docToBeSigned.appendChild(docToBeSigned.importNode(element, true)); - - ElementProxy.setDefaultPrefix(org.apache.xml.security.utils.Constants.SignatureSpecNS, ""); - - XMLSignature signature = new XMLSignature(docToBeSigned, "", - XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1); - - docToBeSigned.getDocumentElement().appendChild(signature.getElement()); - Transforms transforms = new Transforms(docToBeSigned); - transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE); - - if (_references.size() > 0) { - for (int j = 0; j < _references.size(); j++) { - signature.addDocument(_references.get(j), transforms, - org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); - } - } else { - signature.addDocument("", transforms, - org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); // Signs - // the - // whole - // document - } - - setKeyInfo(signature); - - signature.sign(_gxCert.getPrivateKey()); - - Node p = element.getParentNode(); - p.replaceChild(doc.importNode(docToBeSigned.getDocumentElement(), true), element); - } - ByteArrayOutputStream byteArray = new ByteArrayOutputStream(); - XMLUtils.outputDOMc14nWithComments(doc, byteArray); - return new String(byteArray.toByteArray()); - - } catch (NoSuchAlgorithmException e) { - Utils.logError(e); - setError(3); - } catch (InvalidAlgorithmParameterException e) { - Utils.logError(e); - } catch (Exception e) { - Utils.logError(e); - setError(6, e.getMessage()); - } - } - return ""; - } - - public boolean verify(String xml) { - initialize(); - Document doc = null; - try { - doc = Utils.documentFromString(Canonicalizer.canonize(xml), true); - - } catch (Exception e) { - } - - if (doc == null) { - setError(2); - return false; - } - - // Find Signature element. - NodeList nl = doc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); - if (nl.getLength() == 0) { - return false; - } - - try { - Element sigElement = (Element) nl.item(0); - XMLSignature signature = new XMLSignature(sigElement, ""); - - boolean certValid = true; - if (_validateCertificate) { - certValid = _gxCert.verify(); - if (!certValid) { - setError(7); - } - } - KeyInfo ki = signature.getKeyInfo(); - boolean valid = true; - if (ki == null) { - setError(8); - } - - X509Certificate cert = signature.getKeyInfo().getX509Certificate(); - if (cert == null) { - PublicKey pk = signature.getKeyInfo().getPublicKey(); - if (pk == null) { - setError(7); - } - valid = signature.checkSignatureValue(pk); - } else { - valid = signature.checkSignatureValue(cert); - } - if (!valid) { - setError(9); - } - return valid && certValid; - } catch (XMLSignatureException e) { - Utils.logError(e); - setError(6); - } catch (XMLSecurityException e) { - Utils.logError(e); - setError(6); - } - return false; - } - - private void setKeyInfo(XMLSignature signature) { - X509Data x509data = new X509Data(signature.getDocument()); - if (_keyInfoClauses.getCount() > 0) { - List x509DataContent = new ArrayList(); - for (int i = 1; i <= _keyInfoClauses.getCount(); i++) { - String item = _keyInfoClauses.item(i); - if (item.equals("X509IssuerSerial")) { - x509data.addIssuerSerial(_gxCert.getCertificate().getIssuerDN().getName(), _gxCert.getCertificate() - .getSerialNumber()); - } else if (item.equals("X509SubjectName")) { - - x509DataContent.add(_cert.getIssuerDN().getName()); - } else if (item.equals("X509Certificate")) { - try { - x509data.addCertificate(_gxCert.getCertificate()); - } catch (XMLSecurityException e) { - } - } else if (item.equals("RSAKeyValue")) { - signature.getKeyInfo().add(_gxCert.getCertificate().getPublicKey()); - } - } - } - signature.getKeyInfo().add(x509data); - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = ""; - break; - case 1: - _lastErrorDescription = "Cannot sign an empty xml."; - break; - case 2: - _lastErrorDescription = "Input XML is not valid"; - break; - case 3: - _lastErrorDescription = "Invalid Algorithm format"; - break; - case 4: - _lastErrorDescription = Constants.CERT_NOT_INITIALIZED; - break; - case 5: - _lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT; - break; - case 6: - _lastErrorDescription = Constants.SIGNATURE_EXCEPTION; - break; - case 7: - _lastErrorDescription = "Certificate is not valid"; - break; - case 8: - _lastErrorDescription = "Signature element was not found"; - break; - case 9: - _lastErrorDescription = "Signature is not valid"; - break; - default: - break; - } - if (!errDsc.equals("")) { - if (!_lastErrorDescription.equals("")) { - _lastErrorDescription = String.format("%s - %s", _lastErrorDescription, errDsc); - } else { - _lastErrorDescription = errDsc; - } - } - } - - public GXCertificate getCertificate() { - return _gxCert; - } - - public void setCertificate(GXCertificate cert) { - this._gxCert = cert; - this._pKey = cert.getPrivateKey(); - this._cert = cert.getCertificate(); - } - - private Boolean anyError() { - - if (_gxCert == null || (_gxCert != null && !_gxCert.certLoaded())) { - setError(4); // Certificate not initialized - } - return _lastError != 0; - } - - public int getErrCode() { - - return _lastError; - - } - - public void setValidateCertificate(Boolean validate) { - this._validateCertificate = validate; - } - - public Boolean getValidateCertificate() { - return this._validateCertificate; - } - - public String getErrDescription() { - - return _lastErrorDescription; - - } - - public StringCollection getKeyInfoClauses(){ - return _keyInfoClauses; - } - -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/CipherAsymProvider.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/CipherAsymProvider.java deleted file mode 100644 index 87743babc..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/CipherAsymProvider.java +++ /dev/null @@ -1,82 +0,0 @@ -package com.genexus.cryptography.encryption.asymmetric; - -import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; - -import org.apache.commons.codec.binary.Base64; - -import com.genexus.cryptography.Constants; -import com.genexus.cryptography.Utils; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; -import com.genexus.util.Codecs; - -public class CipherAsymProvider implements IGXAsymEncryption { - - private String _algorithm; // "RSA/ECB/PKCS1Padding"; - private PublicKey _publicKey; - private PrivateKey _privateKey; - private Cipher _cipher; - - public CipherAsymProvider(String algorithm, PublicKey publicKey, - PrivateKey privateKey) throws AlgorithmNotSupportedException { - _algorithm = algorithm; - _publicKey = publicKey; - _privateKey = privateKey; - try { - _cipher = Cipher.getInstance(_algorithm); - } catch (NoSuchAlgorithmException e) { - throw new AlgorithmNotSupportedException(e); - } catch (NoSuchPaddingException e) { - System.err.println(e); - } - } - - public String encrypt(String data) throws PublicKeyNotFoundException, EncryptionException { - if (_publicKey == null) { - throw new PublicKeyNotFoundException(); - } - String encryted = ""; - try { - _cipher.init(Cipher.ENCRYPT_MODE, _publicKey); - encryted = new String(Base64.encodeBase64(_cipher.doFinal(data - .getBytes(Constants.UNICODE)))); - } catch (Exception e) - { - throw new EncryptionException(encryted, e); - } - return encryted; - } - - public String decrypt(String data) throws PrivateKeyNotFoundException, EncryptionException { - if (_privateKey == null) { - throw new PrivateKeyNotFoundException(); - } - byte[] dataBuffer = null; - try { - dataBuffer = Codecs.base64Decode(data.getBytes(Constants.UNICODE)); - } catch (UnsupportedEncodingException e1) { - Utils.logError(e1); - } - String decrypted = ""; - try { - _cipher.init(Cipher.DECRYPT_MODE, _privateKey); - decrypted = new String(_cipher.doFinal(dataBuffer), - Constants.UNICODE); - } catch (Exception e) - { - throw new EncryptionException("Decrypt Error", e); - } - - return decrypted; - } - - -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/IGXAsymEncryption.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/IGXAsymEncryption.java deleted file mode 100644 index bc5f8a037..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/asymmetric/IGXAsymEncryption.java +++ /dev/null @@ -1,21 +0,0 @@ -package com.genexus.cryptography.encryption.asymmetric; - -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; - -public interface IGXAsymEncryption { - // / Unknown error - // occured. - // / Certificate has not - // been loaded - String encrypt(String data) throws PublicKeyNotFoundException, EncryptionException; - - // / Unknown error - // occured. - // / Certificate has not - // been loaded. - // / The certificate specified - // does not contain private key needed to decrypt. - String decrypt(String data) throws PrivateKeyNotFoundException, EncryptionException; -} \ No newline at end of file diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/CipherSymProvider.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/CipherSymProvider.java deleted file mode 100644 index 7b4b91c20..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/CipherSymProvider.java +++ /dev/null @@ -1,154 +0,0 @@ -package com.genexus.cryptography.encryption.symmetric; - -import java.io.UnsupportedEncodingException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.NoSuchAlgorithmException; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import com.genexus.cryptography.Constants; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.InvalidKeyLengthException; -import com.genexus.util.Base64; -import com.genexus.util.Codecs; - -public class CipherSymProvider implements IGXSymEncryption { - - private int _keySize; - private int _blockSize; - byte[] _key; // key - byte[] _iv; // initialization vector - private Cipher _cipher; - private String _alg; - - public CipherSymProvider(String algorithm) throws NoSuchAlgorithmException, NoSuchPaddingException, - InvalidKeyLengthException, AlgorithmNotSupportedException { - this(algorithm, 0); - } - - public CipherSymProvider(String algorithm, int keySize) throws NoSuchAlgorithmException, NoSuchPaddingException, - InvalidKeyLengthException, AlgorithmNotSupportedException { - String[] algParts = algorithm.split("/"); - _keySize = keySize; - _alg = algParts[0]; - _cipher = Cipher.getInstance(algorithm); // DES/ECB/PKCS5Padding for - // SunJCE - _key = generateKey(keySize); - // _iv = generateIv(); - } - - public String encrypt(String text) throws EncryptionException { - try { - return encryption(Cipher.ENCRYPT_MODE, text.getBytes(Constants.UNICODE)); - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - } - return ""; - } - - public String decrypt(String text) throws EncryptionException { - byte[] data = Base64.decode(text);// Codecs.base64Decode(text.getBytes()); - return encryption(Cipher.DECRYPT_MODE, data); - } - - private String encryption(int mode, byte[] data) throws EncryptionException { - SecretKeySpec key = new SecretKeySpec(_key, _alg); - IvParameterSpec ivParameterSpec = null; - - if (_iv != null) { - ivParameterSpec = new IvParameterSpec(_iv); - } - try { - _cipher.init(mode, key, ivParameterSpec); - _iv = _cipher.getIV(); - } catch (InvalidAlgorithmParameterException e) { - throw new EncryptionException("Alghorithm not supported", e); - } catch (InvalidKeyException e) { - throw new EncryptionException("Encryption key not valid", e); - } - - try { - switch (mode) { - case Cipher.DECRYPT_MODE: - return new String(_cipher.doFinal(data), Constants.UNICODE); - case Cipher.ENCRYPT_MODE: - return new String(Codecs.base64Encode(_cipher.doFinal(data)), Constants.UNICODE); - default: - return ""; - } - } catch (Exception e) { - throw new EncryptionException(e.getMessage(), e); - } - } - - private byte[] generateKey(int keysize) throws InvalidKeyLengthException, AlgorithmNotSupportedException { - KeyGenerator kg = null; - try { - kg = KeyGenerator.getInstance(_alg); - if (keysize > 0) { - kg.init(keysize / 8); - } - } catch (NoSuchAlgorithmException e) { - - throw new AlgorithmNotSupportedException(); - } catch (InvalidParameterException e) { - throw new InvalidKeyLengthException(e); - } - byte[] result = kg.generateKey().getEncoded(); - _keySize = result.length * 8; - return result; - } - - public String getIV() { - return com.genexus.util.Base64.encodeBytes(_iv); - } - - public void setIV(String iv) { - _iv = com.genexus.util.Base64.decode(iv); - } - - public String getKey() { - return com.genexus.util.Base64.encodeBytes(_key); - } - - public void setKey(String Key) { - _key = com.genexus.util.Base64.decode(Key); - } - - public int getKeySize() { - return _keySize; - } - - public void setKeySize(int keySize) throws InvalidKeyLengthException, AlgorithmNotSupportedException { - _keySize = keySize; - _key = generateKey(keySize); - } - - public int getBlockSize() { - return _cipher.getBlockSize(); - } - - public void setBlockSize(int blockSize) { - _blockSize = blockSize; - } - - /*private byte[] generateIv() throws NoSuchAlgorithmException { - AlgorithmParameters params = _cipher.getParameters(); - byte[] iv = null; - try { - iv = params.getParameterSpec(IvParameterSpec.class).getIV(); - } catch (InvalidParameterSpecException e) { - - e.printStackTrace(); - } - return iv; - }*/ - -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/IGXSymEncryption.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/IGXSymEncryption.java deleted file mode 100644 index 4f05a7447..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/encryption/symmetric/IGXSymEncryption.java +++ /dev/null @@ -1,28 +0,0 @@ -package com.genexus.cryptography.encryption.symmetric; - -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.InvalidKeyLengthException; - -public interface IGXSymEncryption { - - String encrypt(String text) throws EncryptionException; - - String decrypt(String text) throws EncryptionException; - - String getIV(); - - void setIV(String iv); - - String getKey(); - - void setKey(String Key); - - int getKeySize(); - - void setKeySize(int keySize) throws InvalidKeyLengthException, AlgorithmNotSupportedException; - - int getBlockSize(); - - void setBlockSize(int blockSize); -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/AlgorithmNotSupportedException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/AlgorithmNotSupportedException.java deleted file mode 100644 index 21073a8bb..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/AlgorithmNotSupportedException.java +++ /dev/null @@ -1,11 +0,0 @@ -package com.genexus.cryptography.exception; - -public class AlgorithmNotSupportedException extends Exception { - - public AlgorithmNotSupportedException() { - super(); - } - public AlgorithmNotSupportedException( Throwable t) { - super( t); - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/EncryptionException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/EncryptionException.java deleted file mode 100644 index 3a0d37101..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/EncryptionException.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.genexus.cryptography.exception; - -public class EncryptionException extends Exception { - - public EncryptionException(String message, Throwable t) { - super(message, t); - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/InvalidKeyLengthException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/InvalidKeyLengthException.java deleted file mode 100644 index 0f078f732..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/InvalidKeyLengthException.java +++ /dev/null @@ -1,7 +0,0 @@ -package com.genexus.cryptography.exception; - -public class InvalidKeyLengthException extends Exception { - public InvalidKeyLengthException( Throwable t) { - super( t); - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PrivateKeyNotFoundException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PrivateKeyNotFoundException.java deleted file mode 100644 index 717e2e707..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PrivateKeyNotFoundException.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.genexus.cryptography.exception; - -public class PrivateKeyNotFoundException extends Exception { - - public PrivateKeyNotFoundException() { - super(); - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PublicKeyNotFoundException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PublicKeyNotFoundException.java deleted file mode 100644 index 55da978d5..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/PublicKeyNotFoundException.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.genexus.cryptography.exception; - -public class PublicKeyNotFoundException extends Exception { - public PublicKeyNotFoundException() { - super(); - } - -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/SignatureException.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/SignatureException.java deleted file mode 100644 index dc9f00cce..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/exception/SignatureException.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.genexus.cryptography.exception; - -public class SignatureException extends Exception { - - public SignatureException(Throwable t) { - super(t); - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/IPkcsSign.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/IPkcsSign.java deleted file mode 100644 index 3f40aee0b..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/IPkcsSign.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.genexus.cryptography.signing; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.cms.CMSException; - -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; -import com.genexus.cryptography.exception.SignatureException; - -public interface IPkcsSign { - - String sign(byte[] data) throws GeneralSecurityException, CMSException, IOException, PublicKeyNotFoundException, - PrivateKeyNotFoundException; - - boolean verify(byte[] data, byte[] aSignature) throws GeneralSecurityException, PublicKeyNotFoundException, - SignatureException; - - void setCertificate(X509Certificate cert); - - X509Certificate getCertificate(); -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS1Signature.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS1Signature.java deleted file mode 100644 index cfa939528..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS1Signature.java +++ /dev/null @@ -1,71 +0,0 @@ -package com.genexus.cryptography.signing.standards; - -import java.security.GeneralSecurityException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.X509Certificate; - -import org.apache.commons.codec.binary.Base64; - -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; -import com.genexus.cryptography.signing.IPkcsSign; - -public class PKCS1Signature implements IPkcsSign { - - /** - * Signs given document with a given private key. - */ - private String _algorithm; - - private X509Certificate _cert; - private PrivateKey _pKey; - - - public PKCS1Signature(String algorithm, X509Certificate cert, PrivateKey key) { - _algorithm = algorithm; - _cert = cert; - _pKey = key; - initialize(); - } - - - private void initialize() { - - } - - - - public String sign(byte[] data) throws GeneralSecurityException, PrivateKeyNotFoundException { - if (_pKey == null) { - throw new PrivateKeyNotFoundException(); - } - Signature signatureAlgorithm = Signature.getInstance(_algorithm); - signatureAlgorithm.initSign(_pKey); - signatureAlgorithm.update(data); - byte[] digitalSignature = signatureAlgorithm.sign(); - return Base64.encodeBase64String(digitalSignature); - } - - public boolean verify(byte[] data, byte[] aSignature) throws GeneralSecurityException, PublicKeyNotFoundException { - if (_cert == null) { - throw new PublicKeyNotFoundException(); - } - PublicKey pKey = _cert.getPublicKey(); - Signature signatureAlgorithm = Signature.getInstance(_algorithm); - signatureAlgorithm.initVerify(pKey); - signatureAlgorithm.update(data); - boolean valid = signatureAlgorithm.verify(aSignature); - return valid; - } - - public void setCertificate(X509Certificate cert) { - this._cert = cert; - } - - public X509Certificate getCertificate() { - return _cert; - } - -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS7Signature.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS7Signature.java deleted file mode 100644 index 5fd569f69..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/standards/PKCS7Signature.java +++ /dev/null @@ -1,150 +0,0 @@ -package com.genexus.cryptography.signing.standards; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.PrivateKey; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; - -import org.apache.commons.codec.binary.Base64; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.CMSTypedData; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; -import org.bouncycastle.util.Store; - -import com.genexus.cryptography.Utils; -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; -import com.genexus.cryptography.exception.SignatureException; -import com.genexus.cryptography.signing.IPkcsSign; - -public class PKCS7Signature implements IPkcsSign { - - /** - * Signs given document with a given private key. - */ - private String _algorithm; - private X509Certificate _cert; - private PrivateKey _pKey; - private Boolean _detached; - - public PKCS7Signature(String algorithm) { - _algorithm = algorithm; - initialize(); - } - - public PKCS7Signature(String algorithm, X509Certificate cert, PrivateKey key) { - _algorithm = algorithm; - _cert = cert; - _pKey = key; - initialize(); - } - - private void initialize() { - Security.addProvider(new BouncyCastleProvider()); - } - - public String sign(byte[] data) throws GeneralSecurityException, CMSException, IOException, - PublicKeyNotFoundException, PrivateKeyNotFoundException { - if (_cert == null) { - throw new PublicKeyNotFoundException(); - } - if (_pKey == null) { - throw new PrivateKeyNotFoundException(); - } - - ArrayList certList = new ArrayList(); - CMSTypedData msg = new CMSProcessableByteArray(data); - - certList.add(_cert); - - Store certs = new JcaCertStore(certList); - - try { - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - ContentSigner sha1Signer = new JcaContentSignerBuilder(_algorithm).setProvider("BC").build(_pKey); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder() - .setProvider("BC").build()).build(sha1Signer, _cert)); - gen.addCertificates(certs); - - CMSSignedData sigData = gen.generate(msg, !_detached); - - return Base64.encodeBase64String(sigData.getEncoded()); - } catch (OperatorCreationException e) { - Utils.logError(e); - } - - return ""; - } - - public boolean verify(byte[] data, byte[] aSignature) throws GeneralSecurityException, PublicKeyNotFoundException, - SignatureException { - initialize(); - CMSProcessableByteArray content = new CMSProcessableByteArray(data); - int verified = 0; - CMSSignedData signedData = null; - - try { - if (_detached) { - signedData = new CMSSignedData(content, aSignature); - } else { - signedData = new CMSSignedData(aSignature); - } - } catch (CMSException e) { - Utils.logError(e); - throw new SignatureException(e); - } - - Store certStore = signedData.getCertificates(); - SignerInformationStore signers = signedData.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) { - SignerInformation signer = (SignerInformation) it.next(); - Collection certCollection = certStore.getMatches(signer.getSID()); - - Iterator certIt = certCollection.iterator(); - X509CertificateHolder cert = (X509CertificateHolder) certIt.next(); - - try { - if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) { - verified++; - } - } catch (Exception e) { - Utils.logError(e); - throw new SignatureException(e); - } - } - return verified > 0; - } - - public void setDetached(Boolean value) { - _detached = value; - } - - public void setCertificate(X509Certificate cert) { - this._cert = cert; - } - - public X509Certificate getCertificate() { - return this._cert; - } -} diff --git a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/xml/Canonicalizer.java b/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/xml/Canonicalizer.java deleted file mode 100644 index 10d59197a..000000000 --- a/gxcryptocommon/src/main/java/com/genexus/cryptography/signing/xml/Canonicalizer.java +++ /dev/null @@ -1,36 +0,0 @@ -package com.genexus.cryptography.signing.xml; - - -import java.io.ByteArrayOutputStream; - - -import org.apache.xml.security.Init; - -public class Canonicalizer { - - static { - // XML canonicalizers must be added to hash array before we call - // getInstance - // Probably there is another way. I cannot found it though - (new Init()).init(); - - } - - public static String canonize(String input) throws Exception { - - byte inputBytes[] = input.getBytes(); - org.apache.xml.security.c14n.Canonicalizer cononicalizer = org.apache.xml.security.c14n.Canonicalizer - .getInstance(org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); - - byte result[]; - try(ByteArrayOutputStream newStream = new ByteArrayOutputStream()) - { - cononicalizer.canonicalize(inputBytes, newStream, false); - result = newStream.toByteArray(); - } - - - return new String(result); - } - -} diff --git a/java/pom.xml b/java/pom.xml index 50b250f30..da842c936 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -23,12 +23,7 @@ ${project.groupId} gxwrapperjavax ${project.version} - - - ${project.groupId} - gxcryptocommon - ${project.version} - + ${project.groupId} gxmail diff --git a/java/src/main/java/com/genexus/cryptography/GXAsymEncryption.java b/java/src/main/java/com/genexus/cryptography/GXAsymEncryption.java deleted file mode 100644 index 52389e8e9..000000000 --- a/java/src/main/java/com/genexus/cryptography/GXAsymEncryption.java +++ /dev/null @@ -1,152 +0,0 @@ -package com.genexus.cryptography; - -import com.genexus.cryptography.encryption.asymmetric.CipherAsymProvider; -import com.genexus.cryptography.encryption.asymmetric.IGXAsymEncryption; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.PrivateKeyNotFoundException; -import com.genexus.cryptography.exception.PublicKeyNotFoundException; - -public class GXAsymEncryption { - - private static final String DEFAULT_SYM_ALGORITHM = "RSA"; - private static final String DEFAULT_SYM_PADDING = "PKCS1Padding"; - private static final String DEFAULT_SYM_MODE = "ECB"; - - private int _lastError; - private String _lastErrorDescription; - private String _algorithm; - - private GXCertificate _cert; - private IGXAsymEncryption _asymAlg; - private boolean _isDirty; - - public GXAsymEncryption() { - _isDirty = true; - _algorithm = String.format("%s/%s/%s", DEFAULT_SYM_ALGORITHM, - DEFAULT_SYM_MODE, DEFAULT_SYM_PADDING); - initialize(); - } - - private void initialize() { - if (_isDirty) { - // Support algorithms = RSA only for now.. - setError(0); - - if (_cert != null && _cert.certLoaded() == true) { - try { - _asymAlg = new CipherAsymProvider(_algorithm, - _cert.getPublicKey(), _cert.getPrivateKey()); - _isDirty = false; - } catch (AlgorithmNotSupportedException e) { - setError(2); - } - } else { - setError(4); - } - } - } - - public String encrypt(String text) { - initialize(); - String encrypted = ""; - if (!anyError()) { - try { - encrypted = _asymAlg.encrypt(text); - } catch (PublicKeyNotFoundException e) { - setError(4); - } catch (EncryptionException e) { - setError(3); - Utils.logError(e); - } - } - return encrypted; - } - - public String decrypt(String text) { - initialize(); - String decrypted = ""; - if (!anyError()) { - - try { - decrypted = _asymAlg.decrypt(text); - } catch (PrivateKeyNotFoundException e) { - setError(5); - } catch (EncryptionException e) { - setError(3); - Utils.logError(e); - } - } - return decrypted; - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = Constants.OK; - break; - case 1: - break; - case 2: - _lastErrorDescription = Constants.ALGORITHM_NOT_SUPPORTED; - break; - case 3: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 4: - _lastErrorDescription = ""; - break; - case 5: - _lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT; - break; - default: - break; - } - if (!errDsc.equals("")) { - _lastErrorDescription = errDsc; - } - } - - public String getAlgorithm() { - return _algorithm; - } - - public void setAlgorithm(String value) { - value = String.format("%s/%s/%s", value, DEFAULT_SYM_MODE, - DEFAULT_SYM_PADDING); - _isDirty = _isDirty || !value.equals(_algorithm); - _algorithm = value; - } - - public GXCertificate getCertificate() { - return _cert; - - } - - public void setCertificate(GXCertificate cert) { - _isDirty = _isDirty || cert != _cert; - _cert = cert; - } - - private boolean anyError() { - - if (_cert == null || (!_cert.certLoaded() == true)) { - setError(4); // Certificate not initialized - } - return _lastError != 0; - - } - - public int getErrCode() { - return _lastError; - } - - public String getErrDescription() { - return _lastErrorDescription; - } -} diff --git a/java/src/main/java/com/genexus/cryptography/GXSymEncryption.java b/java/src/main/java/com/genexus/cryptography/GXSymEncryption.java deleted file mode 100644 index 4d862353a..000000000 --- a/java/src/main/java/com/genexus/cryptography/GXSymEncryption.java +++ /dev/null @@ -1,208 +0,0 @@ -package com.genexus.cryptography; - -import java.security.NoSuchAlgorithmException; - -import javax.crypto.NoSuchPaddingException; - -import com.genexus.diagnostics.Log; - -import com.genexus.cryptography.encryption.symmetric.CipherSymProvider; -import com.genexus.cryptography.encryption.symmetric.IGXSymEncryption; -import com.genexus.cryptography.exception.AlgorithmNotSupportedException; -import com.genexus.cryptography.exception.EncryptionException; -import com.genexus.cryptography.exception.InvalidKeyLengthException; - -public class GXSymEncryption { - - private int _lastError; - private String _lastErrorDescription; - private IGXSymEncryption _symAlg; // Algorithm instance - private String _algorithm; - private String _key = ""; // key - private String _iv = ""; // initialization vector - private boolean isDirty; - private int _keySize; - private int _blockSize; - - public GXSymEncryption() { - isDirty = true; - _algorithm = String.format("%s/%s/%s", Constants.DEFAULT_SYM_ALGORITHM, Constants.DEFAULT_SYM_MODE, - Constants.DEFAULT_SYM_PADDING); - } - - private void Initialize() { - if (isDirty) { - // Supported algorithms = {Rijndael, DES, RC2, TripleDES} - setError(0); - - try { - _symAlg = new CipherSymProvider(_algorithm); - if (validPropertyValue(_key)) { - _symAlg.setKey(_key); - } - if (validPropertyValue(_iv)) { - _symAlg.setIV(_iv); - } - if (_blockSize > 0) { - _symAlg.setBlockSize(_blockSize); - } - if (_keySize > 0) { - _symAlg.setKeySize(_keySize); - } - isDirty = false; - } catch (NoSuchAlgorithmException e) { - setError(2); - logError(e); - } catch (NoSuchPaddingException e) { - setError(3); - logError(e); - } catch (InvalidKeyLengthException e) { - setError(4, e.getMessage()); - logError(e); - } catch (AlgorithmNotSupportedException e) { - setError(2); - logError(e); - } - } - } - - private boolean validPropertyValue(String value) { - return value != null && !value.equals(""); - } - - public String encrypt(String text) { - Initialize(); - String encrypted = ""; - if (!anyError()) { - try { - encrypted = _symAlg.encrypt(text); - } catch (EncryptionException e) { - setError(1); - Log.error(e.getMessage(), "GXSymEncryption", e); - } - } - return encrypted; - } - - public String decrypt(String text) { - Initialize(); - String decrypted = ""; - if (!anyError()) { - try { - if (getIV().equals("")){ - setError(5); - return ""; - } - decrypted = _symAlg.decrypt(text); - } catch (EncryptionException e) { - setError(1); - logError(e); - } - } - return decrypted; - } - - public String getAlgorithm() { - return _algorithm; - } - - public void setAlgorithm(String algorithm) { - algorithm = String.format("%s/%s/%s", algorithm, Constants.DEFAULT_SYM_MODE, Constants.DEFAULT_SYM_PADDING); - isDirty = isDirty || !this._algorithm.equals(algorithm); - this._algorithm = algorithm; - } - - public String getKey() { - if (!anyError() && _symAlg != null) - return _symAlg.getKey(); - return _key; - } - - public void setKey(String key) { - isDirty = isDirty || !this._key.equals(key); - this._key = key; - } - - public String getIV() { - if (!anyError() && _symAlg != null) - return _symAlg.getIV(); - return _iv; - } - - public void setIV(String iv) { - isDirty = isDirty || !this._iv.equals(iv); - this._iv = iv; - } - - public int getKeySize() { - if (!anyError() && _symAlg != null) - return _symAlg.getKeySize(); - return _keySize; - } - - public void setKeySize(int keySize) { - isDirty = isDirty || this._keySize != keySize; - this._keySize = keySize; - - } - - public int getBlockSize() { - if (!anyError() && _symAlg != null) - return _symAlg.getBlockSize(); - return _blockSize; - } - - public void setBlockSize(int blockSize) { - isDirty = isDirty || this._blockSize != blockSize; - this._blockSize = blockSize; - } - - private void setError(int errorCode) { - setError(errorCode, ""); - } - - private void setError(int errorCode, String errDsc) { - _lastError = errorCode; - switch (errorCode) { - case 0: - _lastErrorDescription = ""; - break; - case 1: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 2: - _lastErrorDescription = Constants.ALGORITHM_NOT_SUPPORTED; - break; - case 3: - _lastErrorDescription = Constants.ENCRYPTION_ERROR; - break; - case 4: - _lastErrorDescription = Constants.KEY_NOT_VALID; - break; - case 5: - _lastErrorDescription = "IV must be set for Decryption"; - break; - default: - break; - } - if (!errDsc.equals("")) { - _lastErrorDescription = errDsc; - } - } - - private boolean anyError() { - return _lastError != 0; - } - - public int getErrCode() { - return _lastError; - } - - public String getErrDescription() { - return _lastErrorDescription; - } - - private static void logError(Throwable e) { - Log.error(e.getMessage(), "GXSymEncryption", e); - } -} \ No newline at end of file diff --git a/pom.xml b/pom.xml index 7a9973d0b..d81fb0724 100644 --- a/pom.xml +++ b/pom.xml @@ -87,7 +87,6 @@ wrapperjakarta wrappercommon java - gxcryptocommon gxdynamiccall gxmail gxmaps