001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.interceptors;
023:
024: import java.io.Serializable;
025: import java.security.GeneralSecurityException;
026: import java.security.InvalidAlgorithmParameterException;
027: import java.util.Iterator;
028: import java.util.Set;
029: import javax.crypto.Cipher;
030: import javax.crypto.SealedObject;
031: import javax.crypto.SecretKey;
032: import javax.crypto.spec.IvParameterSpec;
033: import javax.security.auth.Subject;
034:
035: import org.apache.log4j.Category;
036:
037: import org.jboss.invocation.Invocation;
038: import org.jboss.proxy.Interceptor;
039: import org.jboss.security.SecurityAssociation;
040: import org.jboss.security.srp.SRPParameters;
041:
042: /** A client side interceptor that encrypts
043:
044: @author Scott.Stark@jboss.org
045: @version $Revision: 57211 $
046: */
047: public class ClientEncryptionInterceptor extends Interceptor {
048: /** The is initialized the first time */
049: private Cipher encryptCipher;
050: private Cipher decryptCipher;
051: private Category log = Category
052: .getInstance(ClientEncryptionInterceptor.class);
053:
054: /** Creates a new instance of EncryptionInterceptor */
055: public ClientEncryptionInterceptor() {
056: }
057:
058: public Object invoke(Invocation mi) throws Throwable {
059: if (encryptCipher == null) {
060: Subject subject = SecurityAssociation.getSubject();
061: initCipher(subject);
062: }
063:
064: log.debug("invoke mi=" + mi.getMethod());
065: // Check for arguments to encrypt
066: Object[] args = mi.getArguments();
067: int length = args != null ? args.length : 0;
068: for (int a = 0; a < length; a++) {
069: if ((args[a] instanceof Serializable) == false)
070: continue;
071: Serializable arg = (Serializable) args[a];
072: SealedObject sarg = new SealedObject(arg, encryptCipher);
073: args[a] = sarg;
074: log.debug(" Sealed arg(" + a + "): " + arg);
075: }
076:
077: Interceptor next = getNext();
078: Object value = next.invoke(mi);
079: if (value instanceof SealedObject) {
080: SealedObject svalue = (SealedObject) value;
081: value = svalue.getObject(decryptCipher);
082: }
083: return value;
084: }
085:
086: private void initCipher(Subject subject)
087: throws GeneralSecurityException {
088: Set credentials = subject
089: .getPrivateCredentials(SecretKey.class);
090: Iterator iter = credentials.iterator();
091: SecretKey key = null;
092: while (iter.hasNext()) {
093: key = (SecretKey) iter.next();
094: }
095: if (key == null) {
096: System.out.println("Subject: " + subject);
097: throw new GeneralSecurityException(
098: "Failed to find SecretKey in Subject.PrivateCredentials");
099: }
100:
101: credentials = subject
102: .getPrivateCredentials(SRPParameters.class);
103: iter = credentials.iterator();
104: SRPParameters params = null;
105: while (iter.hasNext()) {
106: params = (SRPParameters) iter.next();
107: }
108: if (params == null)
109: throw new GeneralSecurityException(
110: "Failed to find SRPParameters in Subject.PrivateCredentials");
111:
112: encryptCipher = Cipher.getInstance(key.getAlgorithm());
113: encryptCipher.init(Cipher.ENCRYPT_MODE, key);
114: decryptCipher = Cipher.getInstance(key.getAlgorithm());
115: decryptCipher.init(Cipher.DECRYPT_MODE, key);
116: }
117: }
|