SecretKeyStore.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.keystore;

  23. import java.io.Serializable;

  25. import javax.crypto.SecretKey;

  27. import org.openspcoop2.security.SecurityException;
  28. import org.openspcoop2.utils.certificate.SymmetricKeyUtils;
  29. import org.openspcoop2.utils.certificate.byok.BYOKCostanti;
  30. import org.openspcoop2.utils.certificate.byok.BYOKRequestParams;
  31. import org.openspcoop2.utils.security.CipherInfo;
  32. import org.openspcoop2.utils.security.EncryptOpenSSLPass;
  33. import org.openspcoop2.utils.security.EncryptOpenSSLPassPBKDF2;
  34. import org.openspcoop2.utils.security.OpenSSLEncryptionMode;

  36. /**
  37.  * SecretKeyStore
  38.  *
  39.  * @author Andrea Poli (apoli@link.it)
  40.  * @author $Author$
  41.  * @version $Rev$, $Date$
  42.  */
  43. public class SecretKeyStore implements Serializable {

  45.     /**
  46.      * 
  47.      */
  48.     private static final long serialVersionUID = 1L;
  49.     
  50.     private String secretKeyPath;
  51.     
  52.     private byte[] secretKeyContent;
  53.     private transient SecretKey secretKey;
  54.     
  55.     private String algorithm;
  56.     
  57.     private byte[] iv;
  58.     private byte[] salt;
  59.     
  60.     @Override
  61.     public String toString() {
  62.         StringBuilder bf = new StringBuilder();
  63.         bf.append("SecretKeyStore (public:").append(this.secretKeyPath).append(")");
  64.         return bf.toString();
  65.     }
  66.     
  67.     public SecretKeyStore(String secretKeyPath, String algorithm) throws SecurityException{
  68.         this(secretKeyPath, algorithm, null);
  69.     }
  70.     public SecretKeyStore(String secretKeyPath, String algorithm, BYOKRequestParams requestParams) throws SecurityException{
  71.     
  72.         this.secretKeyPath = secretKeyPath;
  73.                 
  74.         this.algorithm = algorithm==null ? SymmetricKeyUtils.ALGO_AES : algorithm;
  75.         
  76.         this.secretKeyContent = StoreUtils.readContent("SecretKey", this.secretKeyPath);
  77.         
  78.         this.secretKeyContent = StoreUtils.unwrapBYOK(this.secretKeyContent, requestParams);
  79.             
  80.     }
  81.     
  82.     public SecretKeyStore(byte[] secretKey, String algorithm) throws SecurityException{
  83.         this(secretKey, algorithm, null);
  84.     }
  85.     public SecretKeyStore(byte[] secretKey, String algorithm, BYOKRequestParams requestParams) throws SecurityException{

  87.         try{            
  88.             if(secretKey==null){
  89.                 throw new SecurityException("Store publicKey undefined");
  90.             }
  91.             this.secretKeyContent = secretKey;
  92.             
  93.             this.secretKeyContent = StoreUtils.unwrapBYOK(this.secretKeyContent, requestParams);

  95.             this.algorithm = algorithm==null ? SymmetricKeyUtils.ALGO_AES : algorithm;
  96.             
  97.         }catch(Exception e){
  98.             throw new SecurityException(e.getMessage(),e);
  99.         }
  100.         
  101.     }
  102.     
  103.     public SecretKeyStore(SecretPasswordKeyDerivationConfig passwordKeyDerivationConfig) throws SecurityException{
  104.         this(passwordKeyDerivationConfig, null);
  105.     }
  106.     public SecretKeyStore(SecretPasswordKeyDerivationConfig passwordKeyDerivationConfig, BYOKRequestParams requestParams) throws SecurityException{
  107.         /** NOTA: Ha senso SOLO per ottenere una chiave per cifrare; mentre per la decifratura la chiave deve essere derivata anche analizzando il testo cifrato */
  108.         try{            
  109.             if(passwordKeyDerivationConfig==null){
  110.                 throw new SecurityException("Password Key Derivation config undefined");
  111.             }
  112.             if(passwordKeyDerivationConfig.getPasswordEncryptionMode()==null){
  113.                 throw new SecurityException("Password Key Derivation mode undefined");
  114.             }
  115.             if(passwordKeyDerivationConfig.getPassword()==null){
  116.                 throw new SecurityException("Password Key Derivation undefined");
  117.             }
  118.             String pwd = null;
  119.             if(requestParams!=null) {
  120.                 pwd = new String(StoreUtils.unwrapBYOK(passwordKeyDerivationConfig.getPassword().getBytes(), requestParams));
  121.             }
  122.             else {
  123.                 pwd = passwordKeyDerivationConfig.getPassword();
  124.             }
  125.             if(BYOKCostanti.isOpenSSLPasswordDerivationKeyMode(passwordKeyDerivationConfig.getPasswordEncryptionMode())) {
  126.                 CipherInfo cipherInfo = null;
  127.                 if(BYOKCostanti.isOpenSSLPBKDF2PasswordDerivationKeyMode(passwordKeyDerivationConfig.getPasswordEncryptionMode())) {
  128.                     cipherInfo = EncryptOpenSSLPassPBKDF2.buildCipherInfo(pwd, passwordKeyDerivationConfig.getPasswordIterator(), 
  129.                             OpenSSLEncryptionMode.toMode(passwordKeyDerivationConfig.getPasswordEncryptionMode()));
  130.                 }
  131.                 else {
  132.                     cipherInfo = EncryptOpenSSLPass.buildCipherInfo(pwd, null, 
  133.                             OpenSSLEncryptionMode.toMode(passwordKeyDerivationConfig.getPasswordEncryptionMode()));
  134.                 }
  135.                 this.secretKeyContent = cipherInfo.getEncodedKey();
  136.                 this.secretKey = (SecretKey) cipherInfo.getKey();
  137.                 this.algorithm = SymmetricKeyUtils.ALGO_AES;
  138.                 this.iv = cipherInfo.getIv();
  139.                 this.salt = cipherInfo.getSalt();
  140.             }
  141.             else {
  142.                 throw new SecurityException("Password Key Derivation mode '"+passwordKeyDerivationConfig.getPasswordEncryptionMode()+"' unsupported");
  143.             }
  144.             
  145.         }catch(Exception e){
  146.             throw new SecurityException(e.getMessage(),e);
  147.         }
  148.         
  149.     }

  151.     public SecretKey getSecretKey() throws SecurityException {
  152.         if(this.secretKey==null) {
  153.             initializeSecretKey();
  154.         }
  155.         return this.secretKey;
  156.     }
  157.     private synchronized void initializeSecretKey() throws SecurityException {
  158.         if(this.secretKey==null) {
  159.             try {
  160.                 this.secretKey = SymmetricKeyUtils.getInstance(this.algorithm).getSecretKey(this.secretKeyContent);
  161.             }catch(Exception e){
  162.                 throw new SecurityException("Load public key failed: "+e.getMessage(),e);
  163.             }
  164.         }
  165.     }
  166.     
  167.     public byte[] getIv() {
  168.         return this.iv;
  169.     }
  170.     public byte[] getSalt() {
  171.         return this.salt;
  172.     }
  173.     
  174. }
Created with JaCoCo 0.8.8.202204050719