org.alfresco.encryption
Class DefaultEncryptionUtils

java.lang.Object
  extended by org.alfresco.encryption.DefaultEncryptionUtils
All Implemented Interfaces:
EncryptionUtils

public class DefaultEncryptionUtils
extends java.lang.Object
implements EncryptionUtils

Various encryption utility methods.

Since:
4.0

Field Summary
protected  Encryptor encryptor
           
protected static java.lang.String HEADER_ALGORITHM_PARAMETERS
           
protected static java.lang.String HEADER_MAC
           
protected static java.lang.String HEADER_TIMESTAMP
           
protected  java.lang.String localIP
           
protected static org.apache.commons.logging.Log logger
           
protected  MACUtils macUtils
           
protected  long messageTimeout
           
protected  java.lang.String remoteIP
           
 
Constructor Summary
DefaultEncryptionUtils()
           
 
Method Summary
protected  boolean authenticate(byte[] expectedMAC, MACUtils.MACInput macInput)
           
 boolean authenticate(javax.servlet.http.HttpServletRequest req, byte[] decryptedBody)
          Authenticate the http request: validate the MAC, check that the remote IP is as expected and that the timestamp is recent.
 boolean authenticateResponse(org.apache.commons.httpclient.HttpMethod method, java.lang.String remoteIP, byte[] decryptedBody)
          Authenticate the http method response: validate the MAC, check that the remote IP is as expected and that the timestamp is recent.
protected  java.security.AlgorithmParameters decodeAlgorithmParameters(org.apache.commons.httpclient.HttpMethod method)
          Decode cipher algorithm parameters from the HTTP method
protected  java.security.AlgorithmParameters decodeAlgorithmParameters(javax.servlet.http.HttpServletRequest req)
          Decode cipher algorithm parameters from the HTTP method
 byte[] decryptBody(javax.servlet.http.HttpServletRequest req)
          Decrypt the body of the http request
 byte[] decryptResponseBody(org.apache.commons.httpclient.HttpMethod method)
          Decrypt the response body of the http method
protected  java.lang.String getLocalIPAddress()
          Get the local registered IP address for authentication purposes
protected  byte[] getMac(javax.servlet.http.HttpServletRequest req)
          Get the MAC (Message Authentication Code) on the HTTP request
 java.lang.String getRemoteIP()
           
protected  byte[] getResponseMac(org.apache.commons.httpclient.HttpMethod res)
          Get the MAC (Message Authentication Code) on the HTTP response
protected  java.lang.Long getResponseTimestamp(org.apache.commons.httpclient.HttpMethod method)
          Get the timestamp on the HTTP response
protected  java.lang.Long getTimestamp(javax.servlet.http.HttpServletRequest method)
          Get the timestamp on the HTTP request
protected  void setAlgorithmParameters(javax.servlet.http.HttpServletResponse response, java.security.AlgorithmParameters params)
          Set the algorithm parameters header on the HTTP response
 void setEncryptor(Encryptor encryptor)
           
protected  void setMac(javax.servlet.http.HttpServletResponse response, byte[] mac)
          Set the MAC on the HTTP response
 void setMacUtils(MACUtils macUtils)
           
 void setMessageTimeout(long messageTimeout)
           
 void setRemoteIP(java.lang.String remoteIP)
           
 void setRequestAlgorithmParameters(org.apache.commons.httpclient.HttpMethod method, java.security.AlgorithmParameters params)
          Set the algorithm parameters header on the method request
 void setRequestAuthentication(org.apache.commons.httpclient.HttpMethod method, byte[] message)
          Encrypt the http method request body
protected  void setRequestMac(org.apache.commons.httpclient.HttpMethod method, byte[] mac)
           
protected  void setRequestTimestamp(org.apache.commons.httpclient.HttpMethod method, long timestamp)
          Set the timestamp on the HTTP request
 void setResponseAuthentication(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, byte[] responseBody, java.security.AlgorithmParameters params)
          Sets authentication headers on the HTTP response.
protected  void setTimestamp(javax.servlet.http.HttpServletResponse res, long timestamp)
          Set the timestamp on the HTTP response
protected  boolean validateTimestamp(long timestamp)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static org.apache.commons.logging.Log logger

HEADER_ALGORITHM_PARAMETERS

protected static java.lang.String HEADER_ALGORITHM_PARAMETERS

HEADER_MAC

protected static java.lang.String HEADER_MAC

HEADER_TIMESTAMP

protected static java.lang.String HEADER_TIMESTAMP

encryptor

protected Encryptor encryptor

macUtils

protected MACUtils macUtils

messageTimeout

protected long messageTimeout

remoteIP

protected java.lang.String remoteIP

localIP

protected java.lang.String localIP
Constructor Detail

DefaultEncryptionUtils

public DefaultEncryptionUtils()
Method Detail

getRemoteIP

public java.lang.String getRemoteIP()

setRemoteIP

public void setRemoteIP(java.lang.String remoteIP)

getLocalIPAddress

protected java.lang.String getLocalIPAddress()
Get the local registered IP address for authentication purposes

Returns:

setMessageTimeout

public void setMessageTimeout(long messageTimeout)

setEncryptor

public void setEncryptor(Encryptor encryptor)

setMacUtils

public void setMacUtils(MACUtils macUtils)

setRequestMac

protected void setRequestMac(org.apache.commons.httpclient.HttpMethod method,
                             byte[] mac)

setMac

protected void setMac(javax.servlet.http.HttpServletResponse response,
                      byte[] mac)
Set the MAC on the HTTP response

Parameters:
response -
mac -

getMac

protected byte[] getMac(javax.servlet.http.HttpServletRequest req)
                 throws java.io.IOException
Get the MAC (Message Authentication Code) on the HTTP request

Parameters:
req -
Returns:
the MAC
Throws:
java.io.IOException

getResponseMac

protected byte[] getResponseMac(org.apache.commons.httpclient.HttpMethod res)
                         throws java.io.IOException
Get the MAC (Message Authentication Code) on the HTTP response

Parameters:
res -
Returns:
the MAC
Throws:
java.io.IOException

setRequestTimestamp

protected void setRequestTimestamp(org.apache.commons.httpclient.HttpMethod method,
                                   long timestamp)
Set the timestamp on the HTTP request

Parameters:
method -
timestamp - (ms, in UNIX time)

setTimestamp

protected void setTimestamp(javax.servlet.http.HttpServletResponse res,
                            long timestamp)
Set the timestamp on the HTTP response

Parameters:
res -
timestamp - (ms, in UNIX time)

getResponseTimestamp

protected java.lang.Long getResponseTimestamp(org.apache.commons.httpclient.HttpMethod method)
                                       throws java.io.IOException
Get the timestamp on the HTTP response

Parameters:
method -
Returns:
timestamp (ms, in UNIX time)
Throws:
java.io.IOException

getTimestamp

protected java.lang.Long getTimestamp(javax.servlet.http.HttpServletRequest method)
                               throws java.io.IOException
Get the timestamp on the HTTP request

Parameters:
method -
Returns:
timestamp (ms, in UNIX time)
Throws:
java.io.IOException

setRequestAlgorithmParameters

public void setRequestAlgorithmParameters(org.apache.commons.httpclient.HttpMethod method,
                                          java.security.AlgorithmParameters params)
                                   throws java.io.IOException
Set the algorithm parameters header on the method request

Specified by:
setRequestAlgorithmParameters in interface EncryptionUtils
Throws:
java.io.IOException

setAlgorithmParameters

protected void setAlgorithmParameters(javax.servlet.http.HttpServletResponse response,
                                      java.security.AlgorithmParameters params)
                               throws java.io.IOException
Set the algorithm parameters header on the HTTP response

Parameters:
response -
params -
Throws:
java.io.IOException

decodeAlgorithmParameters

protected java.security.AlgorithmParameters decodeAlgorithmParameters(org.apache.commons.httpclient.HttpMethod method)
                                                               throws java.io.IOException
Decode cipher algorithm parameters from the HTTP method

Parameters:
method -
Returns:
decoded algorithm parameters
Throws:
java.io.IOException

decodeAlgorithmParameters

protected java.security.AlgorithmParameters decodeAlgorithmParameters(javax.servlet.http.HttpServletRequest req)
                                                               throws java.io.IOException
Decode cipher algorithm parameters from the HTTP method

Parameters:
req -
Returns:
decoded algorithm parameters
Throws:
java.io.IOException

decryptResponseBody

public byte[] decryptResponseBody(org.apache.commons.httpclient.HttpMethod method)
                           throws java.io.IOException
Decrypt the response body of the http method

Specified by:
decryptResponseBody in interface EncryptionUtils
Returns:
decrypted response body
Throws:
java.io.IOException

decryptBody

public byte[] decryptBody(javax.servlet.http.HttpServletRequest req)
                   throws java.io.IOException
Decrypt the body of the http request

Specified by:
decryptBody in interface EncryptionUtils
Returns:
decrypted response body
Throws:
java.io.IOException

authenticateResponse

public boolean authenticateResponse(org.apache.commons.httpclient.HttpMethod method,
                                    java.lang.String remoteIP,
                                    byte[] decryptedBody)
Authenticate the http method response: validate the MAC, check that the remote IP is as expected and that the timestamp is recent.

Specified by:
authenticateResponse in interface EncryptionUtils
Returns:
true if the method reponse is authentic, false otherwise

authenticate

public boolean authenticate(javax.servlet.http.HttpServletRequest req,
                            byte[] decryptedBody)
Authenticate the http request: validate the MAC, check that the remote IP is as expected and that the timestamp is recent.

Specified by:
authenticate in interface EncryptionUtils
Returns:
true if the method request is authentic, false otherwise

setRequestAuthentication

public void setRequestAuthentication(org.apache.commons.httpclient.HttpMethod method,
                                     byte[] message)
                              throws java.io.IOException
Encrypt the http method request body

Specified by:
setRequestAuthentication in interface EncryptionUtils
Throws:
java.io.IOException

setResponseAuthentication

public void setResponseAuthentication(javax.servlet.http.HttpServletRequest httpRequest,
                                      javax.servlet.http.HttpServletResponse httpResponse,
                                      byte[] responseBody,
                                      java.security.AlgorithmParameters params)
                               throws java.io.IOException
Sets authentication headers on the HTTP response.

Specified by:
setResponseAuthentication in interface EncryptionUtils
Throws:
java.io.IOException

authenticate

protected boolean authenticate(byte[] expectedMAC,
                               MACUtils.MACInput macInput)

validateTimestamp

protected boolean validateTimestamp(long timestamp)


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.