Browse Source

Remove CipherUtils.

We haven't used this in the N years it's existed, and it uses
scary MD5/DES stuff.

Change-Id: I3934d3cc769980527f03b16a5c273f76fc89cdfb
Reviewed-on: http://gerrit.dmdirc.com/3948
Reviewed-by: Greg Holmes <greg@dmdirc.com>
Automatic-Compile: DMDirc Build Manager
pull/1/head
Chris Smith 9 years ago
parent
commit
13b6b419d9

+ 0
- 225
src/com/dmdirc/config/CipherUtils.java View File

@@ -1,225 +0,0 @@
1
-/*
2
- * Copyright (c) 2006-2014 DMDirc Developers
3
- *
4
- * Permission is hereby granted, free of charge, to any person obtaining a copy
5
- * of this software and associated documentation files (the "Software"), to deal
6
- * in the Software without restriction, including without limitation the rights
7
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
- * copies of the Software, and to permit persons to whom the Software is
9
- * furnished to do so, subject to the following conditions:
10
- *
11
- * The above copyright notice and this permission notice shall be included in
12
- * all copies or substantial portions of the Software.
13
- *
14
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20
- * SOFTWARE.
21
- */
22
-
23
-package com.dmdirc.config;
24
-
25
-import com.dmdirc.interfaces.config.AggregateConfigProvider;
26
-import com.dmdirc.interfaces.config.IdentityController;
27
-import com.dmdirc.logger.ErrorLevel;
28
-import com.dmdirc.logger.Logger;
29
-
30
-import java.io.IOException;
31
-import java.io.UnsupportedEncodingException;
32
-import java.nio.charset.Charset;
33
-import java.security.InvalidAlgorithmParameterException;
34
-import java.security.InvalidKeyException;
35
-import java.security.MessageDigest;
36
-import java.security.NoSuchAlgorithmException;
37
-import java.security.spec.AlgorithmParameterSpec;
38
-import java.security.spec.InvalidKeySpecException;
39
-import java.security.spec.KeySpec;
40
-
41
-import javax.crypto.BadPaddingException;
42
-import javax.crypto.Cipher;
43
-import javax.crypto.IllegalBlockSizeException;
44
-import javax.crypto.NoSuchPaddingException;
45
-import javax.crypto.SecretKey;
46
-import javax.crypto.SecretKeyFactory;
47
-import javax.crypto.spec.PBEKeySpec;
48
-import javax.crypto.spec.PBEParameterSpec;
49
-
50
-import com.migcomponents.migbase64.Base64;
51
-
52
-/**
53
- * Helper class to encrypt and decrypt strings, requests passwords if needed.
54
- */
55
-public abstract class CipherUtils {
56
-
57
-    /** Salt. */
58
-    private static final byte[] SALT = {
59
-        (byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
60
-        (byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03,};
61
-    /** Iteration count. */
62
-    private static final int ITERATIONS = 19;
63
-    /** Number of auth attempts before failing the attempt. */
64
-    private static final int AUTH_TRIES = 4;
65
-    /** The identity controller to use for reading/writing settings. */
66
-    private final IdentityController identityController;
67
-    /** Encryption cipher. */
68
-    private Cipher ecipher;
69
-    /** Decryption cipher. */
70
-    private Cipher dcipher;
71
-    /** User password. */
72
-    private String password;
73
-
74
-    /**
75
-     * Creates a new instance of {@link CipherUtils}.
76
-     *
77
-     * @param identityController The controller to use to read/write settings.
78
-     */
79
-    public CipherUtils(final IdentityController identityController) {
80
-        this.identityController = identityController;
81
-    }
82
-
83
-    /**
84
-     * Encrypts a string using the stored settings. Will return null if the automatic user
85
-     * authentication fails - use checkauth and auth.
86
-     *
87
-     * @param str String to encrypt
88
-     *
89
-     * @return Encrypted string
90
-     */
91
-    public String encrypt(final String str) {
92
-        if (!checkAuthed()) {
93
-            if (auth()) {
94
-                createCiphers();
95
-            } else {
96
-                return null;
97
-            }
98
-        }
99
-        try {
100
-            return Base64.encodeToString(ecipher.doFinal(str.getBytes("UTF8")), false);
101
-        } catch (BadPaddingException | IllegalBlockSizeException | UnsupportedEncodingException e) {
102
-            Logger.userError(ErrorLevel.LOW, "Unable to decrypt string: " + e.getMessage());
103
-        }
104
-
105
-        return null;
106
-    }
107
-
108
-    /**
109
-     * Encrypts a string using the stored settings. Will return null if the automatic user
110
-     * authentication fails - use checkauth and auth.
111
-     *
112
-     * @param str String to decrypt
113
-     *
114
-     * @return Decrypted string
115
-     */
116
-    public String decrypt(final String str) {
117
-        if (!checkAuthed()) {
118
-            if (auth()) {
119
-                createCiphers();
120
-            } else {
121
-                return null;
122
-            }
123
-        }
124
-        try {
125
-            return new String(dcipher.doFinal(Base64.decode(str)));
126
-        } catch (BadPaddingException | IllegalBlockSizeException e) {
127
-            Logger.userError(ErrorLevel.LOW, "Unable to decrypt string: " + e.getMessage());
128
-        }
129
-        return null;
130
-    }
131
-
132
-    /**
133
-     * Performs a SHA-512 hash.
134
-     *
135
-     * @param data String to hashed
136
-     *
137
-     * @return hashed string
138
-     */
139
-    public String hash(final String data) {
140
-        try {
141
-            return new String(MessageDigest.getInstance("SHA-512")
142
-                    .digest(data.getBytes("UTF8")), Charset.forName("UTF-8"));
143
-        } catch (NoSuchAlgorithmException | IOException e) {
144
-            Logger.userError(ErrorLevel.LOW, "Unable to hash string");
145
-        }
146
-        return null;
147
-    }
148
-
149
-    /**
150
-     * Checks if a user is authed.
151
-     *
152
-     * @return true if authed, false otherwise
153
-     */
154
-    public boolean checkAuthed() {
155
-        return dcipher != null && ecipher != null;
156
-    }
157
-
158
-    /**
159
-     * creates ciphers.
160
-     */
161
-    protected void createCiphers() {
162
-        try {
163
-            final KeySpec keySpec = new PBEKeySpec(
164
-                    password.toCharArray(), SALT, ITERATIONS);
165
-            final SecretKey key = SecretKeyFactory.
166
-                    getInstance("PBEWithMD5AndDES").generateSecret(keySpec);
167
-            ecipher = Cipher.getInstance(key.getAlgorithm());
168
-            dcipher = Cipher.getInstance(key.getAlgorithm());
169
-            final AlgorithmParameterSpec paramSpec = new PBEParameterSpec(SALT, ITERATIONS);
170
-            ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
171
-            dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
172
-        } catch (InvalidAlgorithmParameterException | InvalidKeySpecException |
173
-                NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
174
-            Logger.userError(ErrorLevel.LOW, "Unable to create ciphers");
175
-            ecipher = null;
176
-            dcipher = null;
177
-        }
178
-    }
179
-
180
-    /**
181
-     * Auths a user and sets the password.
182
-     *
183
-     * @return true if auth was successful, false otherwise.
184
-     */
185
-    public boolean auth() {
186
-        final AggregateConfigProvider configManager = identityController.getGlobalConfiguration();
187
-
188
-        String passwordHash = null;
189
-        String prompt = "Please enter your password";
190
-        int tries = 1;
191
-        if (configManager.hasOptionString("encryption", "password")) {
192
-            password = configManager.getOption("encryption", "password");
193
-        } else {
194
-            if (configManager.hasOptionString("encryption", "passwordHash")) {
195
-                passwordHash = configManager.getOption("encryption", "passwordHash");
196
-            }
197
-
198
-            while ((password == null || password.isEmpty()) && tries < AUTH_TRIES) {
199
-                password = getPassword(prompt);
200
-                if (passwordHash == null) {
201
-                    passwordHash = hash(password);
202
-                    identityController.getUserSettings()
203
-                            .setOption("encryption", "passwordHash", passwordHash);
204
-                }
205
-                if (!hash(password).equals(passwordHash)) {
206
-                    prompt = "<html>Password mis-match<br>Please re-enter "
207
-                            + "your password</html>";
208
-                    tries++;
209
-                    password = null;
210
-                }
211
-            }
212
-        }
213
-        return tries != AUTH_TRIES;
214
-    }
215
-
216
-    /**
217
-     * Requests the encryption password from the user.
218
-     *
219
-     * @param prompt The prompt to show
220
-     *
221
-     * @return The user-specified password
222
-     */
223
-    protected abstract String getPassword(final String prompt);
224
-
225
-}

+ 0
- 66
test/com/dmdirc/config/CipherUtilsTest.java View File

@@ -1,66 +0,0 @@
1
-/*
2
- * Copyright (c) 2006-2014 DMDirc Developers
3
- *
4
- * Permission is hereby granted, free of charge, to any person obtaining a copy
5
- * of this software and associated documentation files (the "Software"), to deal
6
- * in the Software without restriction, including without limitation the rights
7
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
- * copies of the Software, and to permit persons to whom the Software is
9
- * furnished to do so, subject to the following conditions:
10
- *
11
- * The above copyright notice and this permission notice shall be included in
12
- * all copies or substantial portions of the Software.
13
- *
14
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20
- * SOFTWARE.
21
- */
22
-
23
-package com.dmdirc.config;
24
-
25
-import com.dmdirc.harness.TestCipherUtils;
26
-import com.dmdirc.interfaces.config.AggregateConfigProvider;
27
-import com.dmdirc.interfaces.config.ConfigProvider;
28
-import com.dmdirc.interfaces.config.IdentityController;
29
-
30
-import org.junit.Before;
31
-import org.junit.Test;
32
-import org.junit.runner.RunWith;
33
-import org.mockito.Mock;
34
-import org.mockito.runners.MockitoJUnitRunner;
35
-
36
-import static org.junit.Assert.*;
37
-import static org.mockito.Mockito.*;
38
-
39
-@RunWith(MockitoJUnitRunner.class)
40
-public class CipherUtilsTest {
41
-
42
-    @Mock private IdentityController identityController;
43
-    @Mock private AggregateConfigProvider configManager;
44
-    @Mock private ConfigProvider configProvider;
45
-
46
-    @Before
47
-    public void setup() {
48
-        when(identityController.getGlobalConfiguration()).thenReturn(configManager);
49
-        when(identityController.getUserSettings()).thenReturn(configProvider);
50
-    }
51
-
52
-    @Test
53
-    public void testEncryptDecrypt() {
54
-        final String source = "DMDirc unit test {}!";
55
-        final CipherUtils utils = new TestCipherUtils(identityController);
56
-
57
-        final String encrypted = utils.encrypt(source);
58
-        assertNotNull(encrypted);
59
-
60
-        final String decrypted = utils.decrypt(encrypted);
61
-        assertNotNull(decrypted);
62
-
63
-        assertEquals(source, decrypted);
64
-    }
65
-
66
-}

+ 0
- 40
test/com/dmdirc/harness/TestCipherUtils.java View File

@@ -1,40 +0,0 @@
1
-/*
2
- * Copyright (c) 2006-2014 DMDirc Developers
3
- *
4
- * Permission is hereby granted, free of charge, to any person obtaining a copy
5
- * of this software and associated documentation files (the "Software"), to deal
6
- * in the Software without restriction, including without limitation the rights
7
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
- * copies of the Software, and to permit persons to whom the Software is
9
- * furnished to do so, subject to the following conditions:
10
- *
11
- * The above copyright notice and this permission notice shall be included in
12
- * all copies or substantial portions of the Software.
13
- *
14
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20
- * SOFTWARE.
21
- */
22
-
23
-package com.dmdirc.harness;
24
-
25
-import com.dmdirc.config.CipherUtils;
26
-import com.dmdirc.interfaces.config.IdentityController;
27
-
28
-public class TestCipherUtils extends CipherUtils {
29
-
30
-    public TestCipherUtils(final IdentityController identityController) {
31
-        super(identityController);
32
-    }
33
-
34
-    /** {@inheritDoc} */
35
-    @Override
36
-    protected String getPassword(final String prompt) {
37
-        return "mypassword";
38
-    }
39
-
40
-}

Loading…
Cancel
Save