001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064:
065: package com.jcorporate.expresso.core.security;
066:
067: import com.jcorporate.expresso.core.misc.ByteArrayCounter;
068: import com.jcorporate.expresso.core.misc.ConfigManager;
069: import com.jcorporate.expresso.kernel.ComponentLifecycle;
070: import com.jcorporate.expresso.kernel.Configuration;
071: import com.jcorporate.expresso.kernel.exception.ChainedException;
072: import com.jcorporate.expresso.kernel.exception.ConfigurationException;
073:
074: /**
075: * CryptoManager.java
076: * <p/>
077: * Singleton Class that acts as a facade for managing if strong or weak crypto
078: * is desired.
079: * </p>
080: * Copyright 2000-2002 Jcorporate Ltd.
081: *
082: * @author Michael Rimov
083: * @since Expresso 3.0
084: */
085: public class CryptoManager extends
086: com.jcorporate.expresso.kernel.ComponentBase implements
087: ComponentLifecycle {
088:
089: //static final private String defaultPW = "Jcorporate Rocks";
090: static final private String this Class = "com.jcorporate.expresso.core.security.CryptoManager";
091: static private CryptoManager theManager = null;
092: static protected ByteArrayCounter ivCounter = new ByteArrayCounter(
093: 8);
094: protected AbstractRandomNumber randomGenerator = null;
095: protected AbstractStringEncryption stringEncryptor = null;
096: protected StringHash stringHash = null;
097: boolean initialized;
098:
099: String encryptMode;
100:
101: /**
102: * Flag for string cryptography
103: */
104: boolean strongCrypto = false;
105:
106: /**
107: * Passphrase
108: */
109: private String cryptoKey;
110: private String randomSeed;
111:
112: /**
113: * Do not call this constructor directly. Use getInstance() instead.
114: * This is public ONLY so that it can be instantiated by the test program.
115: */
116: public CryptoManager() {
117: } /* CryptoManager() */
118:
119: /**
120: * Singleton Generator. Call to get an instance of the Crypto Manager<p>
121: * <B>Please Note</B> If strong encryption is used, this class may take quite
122: * some time in initializing due to the nature of generating a default seed for
123: * the crypto-strength random number generator.
124: *
125: * @return the ony and only instance of the Crypto Manager;
126: * @throws ChainedException If there is a problem instantiating the crypto classes
127: */
128: public static synchronized CryptoManager getInstance()
129: throws ChainedException {
130: if (theManager == null) {
131: theManager = new CryptoManager();
132: boolean strongCrypto = false;
133:
134: strongCrypto = ConfigManager.getConfig().strongCrypto();
135:
136: theManager.setEncryptMode(ConfigManager.getConfig()
137: .getEncryptMode());
138: theManager.setCryptoKey(ConfigManager.getConfig()
139: .getCryptoKey());
140: theManager.setRandomSeed(ConfigManager.getConfigDir());
141: theManager.setStrongCrypto(strongCrypto);
142:
143: //Do we use weak obfuscation methods?
144: if (!strongCrypto) {
145: theManager.loadClasses(false);
146: } else {
147: theManager.loadClasses(true);
148: }
149: }
150:
151: return theManager;
152: } /* getInstance() */
153:
154: /**
155: * Method removes all static entries.
156: */
157: public synchronized void destroy() {
158: stringEncryptor.destroy();
159: randomGenerator = null;
160: stringHash = null;
161: stringEncryptor = null;
162: theManager = null;
163:
164: }
165:
166: /**
167: * Returns whether the crypto manager is using strong cryptography or not.
168: *
169: * @return true if a strong cryptographic provider is included
170: */
171: public synchronized boolean isUsingStrongCrypto() {
172: return strongCrypto;
173: }
174:
175: /**
176: * Returns an instantiated subclass of AbstractRandomNumber depending if
177: * strong or weak crypto is desired.
178: *
179: * @return a random number generator
180: * @see com.jcorporate.expresso.core.security.AbstractRandomNumber
181: * @see com.jcorporate.expresso.core.security.weakencryption.RandomNumber
182: * @see com.jcorporate.expresso.core.security.strongencryption.RandomNumber
183: */
184: public synchronized AbstractRandomNumber getRandomGenerator() {
185: return randomGenerator;
186: } /* getRandomGenerator() */
187:
188: /**
189: * Factory method that returns an instantiated subclass of
190: * <code>AbstractStringEncryption</code> depending of strong
191: * or weak crypto is desired.
192: *
193: * @return A string encryption concrete class.
194: * @see com.jcorporate.expresso.core.security.AbstractStringEncryption
195: * @see com.jcorporate.expresso.core.security.weakencryption.StringEncryption
196: * @see com.jcorporate.expresso.core.security.strongencryption.StringEncryption
197: */
198: public synchronized AbstractStringEncryption getStringEncryption() {
199: return stringEncryptor;
200: } /* getStringEncryption() */
201:
202: /**
203: * Factory method that returns an instantiated subclass of
204: * <code>AbstractStringHash</code> depending of strong
205: * or weak crypto is desired.
206: *
207: * @return An instantiated String Hashing class
208: * @see com.jcorporate.expresso.core.security.StringHash
209: */
210: public synchronized StringHash getStringHash() {
211: return stringHash;
212: } /* getStringHash() */
213:
214: /**
215: * Loads the appropriate crypto classes. Also is split off from the constructor
216: * for testing purposes.
217: *
218: * @param useStrongCrypto Set to true if we desire to load the strong
219: * cryptographic classes.
220: * @throws ChainedException upon error loading the classes.
221: */
222: public synchronized void loadClasses(boolean useStrongCrypto)
223: throws ChainedException {
224: String packageName;
225: final String myName = this Class + ".loadClasses";
226: strongCrypto = useStrongCrypto;
227:
228: //Do we use weak obfuscation methods instead?
229: if (useStrongCrypto == false) {
230: packageName = "com.jcorporate.expresso.core.security.weakencryption";
231: } else {
232:
233: //No
234: packageName = "com.jcorporate.expresso.core.security.strongencryption";
235: }
236: //Load up the classes
237: try {
238: randomGenerator = (AbstractRandomNumber) Class.forName(
239: packageName + ".RandomNumber").newInstance();
240: stringEncryptor = (AbstractStringEncryption) Class.forName(
241: packageName + ".StringEncryption").newInstance();
242: stringHash = new StringHash();
243:
244: randomGenerator.setCryptoManager(this );
245: stringEncryptor.setCryptoManager(this );
246: stringHash.setCryptoManager(this );
247: stringEncryptor.init();
248: randomGenerator.init();
249: } catch (ClassNotFoundException ex) {
250: throw new ChainedException(myName
251: + " Unable to load crypto class in package "
252: + packageName, ex);
253: } catch (IllegalAccessException ex) {
254: throw new ChainedException(myName + ":Package "
255: + packageName, ex);
256: } catch (InstantiationException ex) {
257: throw new ChainedException(
258: myName
259: + " Unable to instantiate a cryto class in package "
260: + packageName, ex);
261: } catch (ChainedException e) {
262: throw e;
263: } catch (Exception e) {
264: throw new ChainedException(myName
265: + ":Unable to load classes for crypto package "
266: + packageName, e);
267: }
268: }
269:
270: public synchronized void initialize() {
271: theManager = this ;
272: }
273:
274: /**
275: * Configure the Cryptographic manager
276: *
277: * @param newConfig the new configuration bean to configure with
278: * @throws ConfigurationException upon configuration error
279: */
280: public synchronized void configure(Configuration newConfig)
281: throws ConfigurationException {
282: Boolean strongCrypto = (Boolean) newConfig.get("StrongCrypto");
283: this .setStrongCrypto(strongCrypto.booleanValue());
284: this .setEncryptMode((String) newConfig.get("EncryptMode"));
285: this .setCryptoKey((String) newConfig.get("CryptoKey"));
286: this .setRandomSeed((String) newConfig.get("RandomSeed"));
287:
288: //Do we use weak obfuscation methods?
289: try {
290: if (!strongCrypto.booleanValue()) {
291: theManager.loadClasses(false);
292: } else {
293: theManager.loadClasses(true);
294: }
295: } catch (ChainedException ex) {
296: throw new ConfigurationException(
297: "Error loading cryptographic manager.", ex);
298: }
299: }
300:
301: /**
302: * Reconfigure lifecycle event. Destroys itself and reconstructs with
303: * the new configuration
304: *
305: * @param newConfig the configuration data to reconfigure with.
306: */
307: public synchronized void reconfigure(Configuration newConfig)
308: throws ConfigurationException {
309: destroy();
310: setStrongCrypto(false);
311: setEncryptMode(null);
312: setCryptoKey(null);
313: setRandomSeed(null);
314: configure(newConfig);
315: }
316:
317: public synchronized boolean isStrongCrypto() {
318: return strongCrypto;
319: }
320:
321: public synchronized void setStrongCrypto(boolean strongCrypto) {
322: this .strongCrypto = strongCrypto;
323: }
324:
325: public synchronized String getEncryptMode() {
326: return encryptMode;
327: }
328:
329: public synchronized void setEncryptMode(String encryptMode) {
330: this .encryptMode = encryptMode;
331: }
332:
333: public boolean isInitialized() {
334: return initialized;
335: }
336:
337: public void setCryptoKey(String cryptoKey) {
338: this .cryptoKey = cryptoKey;
339: }
340:
341: public String getCryptoKey() {
342: return cryptoKey;
343: }
344:
345: public void setRandomSeed(String randomSeed) {
346: this .randomSeed = randomSeed;
347: }
348:
349: public String getRandomSeed() {
350: return randomSeed;
351: }
352:
353: } /* CryptoManager */
|