Added generator for Crypto Handle Repository secret.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 21 Feb 2003 06:06:27 +0000 (06:06 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 21 Feb 2003 06:06:27 +0000 (06:06 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@492 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

.classpath
lib/ant-1.5.1.jar [new file with mode: 0755]
lib/ant-optional-1.5.1.jar [new file with mode: 0755]
src/edu/internet2/middleware/shibboleth/utils/HandleRepositorySecretGenerator.java [new file with mode: 0755]

index d8bf3a7..8b316dd 100644 (file)
@@ -20,7 +20,8 @@
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/xml-apis-2.4.1.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/xmlParserAPIs-2.2.1.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/xmlsec-1.0.5.jar"/>
-    <classpathentry kind="lib" path="lib/xercesImpl-2.2.1.jar"
-        rootpath="" sourcepath="/Shibboleth/lib/xercesImpl-2.2.1-src.jar"/>
+    <classpathentry kind="lib" path="lib/xercesImpl-2.2.1.jar" sourcepath="/Shibboleth/lib/xercesImpl-2.2.1-src.jar"/>
+    <classpathentry kind="lib" path="lib/ant-1.5.1.jar"/>
+    <classpathentry kind="lib" path="lib/ant-optional-1.5.1.jar"/>
     <classpathentry kind="output" path="webApplication\WEB-INF\classes"/>
 </classpath>
diff --git a/lib/ant-1.5.1.jar b/lib/ant-1.5.1.jar
new file mode 100755 (executable)
index 0000000..7cf87e8
Binary files /dev/null and b/lib/ant-1.5.1.jar differ
diff --git a/lib/ant-optional-1.5.1.jar b/lib/ant-optional-1.5.1.jar
new file mode 100755 (executable)
index 0000000..1128e1d
Binary files /dev/null and b/lib/ant-optional-1.5.1.jar differ
diff --git a/src/edu/internet2/middleware/shibboleth/utils/HandleRepositorySecretGenerator.java b/src/edu/internet2/middleware/shibboleth/utils/HandleRepositorySecretGenerator.java
new file mode 100755 (executable)
index 0000000..017b5ef
--- /dev/null
@@ -0,0 +1,143 @@
+/* 
+ * The Shibboleth License, Version 1. 
+ * Copyright (c) 2002 
+ * University Corporation for Advanced Internet Development, Inc. 
+ * All rights reserved
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice, this 
+ * list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice, 
+ * this list of conditions and the following disclaimer in the documentation 
+ * and/or other materials provided with the distribution, if any, must include 
+ * the following acknowledgment: "This product includes software developed by 
+ * the University Corporation for Advanced Internet Development 
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
+ * may appear in the software itself, if and wherever such third-party 
+ * acknowledgments normally appear.
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor 
+ * Internet2, nor the University Corporation for Advanced Internet Development, 
+ * Inc., nor UCAID may be used to endorse or promote products derived from this 
+ * software without specific prior written permission. For written permission, 
+ * please contact shibboleth@shibboleth.org
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2, 
+ * UCAID, or the University Corporation for Advanced Internet Development, nor 
+ * may Shibboleth appear in their name, without prior written permission of the 
+ * University Corporation for Advanced Internet Development.
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package edu.internet2.middleware.shibboleth.utils;
+
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
+
+import sun.misc.BASE64Encoder;
+import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.Task;
+
+/**
+ * Generates a Triple DES key and sticks it in the default location for use by 
+ * the <code>CryptoHandleRepository</code>
+ * 
+ * @author Walter Hoehn (wassa@columbia.edu)
+ */
+public class HandleRepositorySecretGenerator extends Task {
+
+       private String keyStorePath;
+       private String keyStorePassword;
+       private String keyStoreKeyAlias;
+       private String keyStoreKeyPassword;
+
+       public void execute() throws BuildException {
+               try {
+                       if (keyStorePath == null
+                               || keyStorePassword == null
+                               || keyStoreKeyAlias == null
+                               || keyStoreKeyPassword == null) {
+                               throw new BuildException("Missing required parameter.");
+                       }
+                       log("Generating secret.");
+                       SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
+                       byte[] pseudoRand = new byte[24];
+                       new SecureRandom().nextBytes(pseudoRand);
+                       SecretKey secret = keyFactory.generateSecret(new DESedeKeySpec(pseudoRand));
+
+                       log("Writing keystore.");
+                       KeyStore keyStore = KeyStore.getInstance("JCEKS");
+                       keyStore.load(null, keyStorePassword.toCharArray());
+                       keyStore.setKeyEntry(keyStoreKeyAlias, secret, keyStoreKeyPassword.toCharArray(), null);
+                       keyStore.store(new FileOutputStream(keyStorePath), keyStorePassword.toCharArray());
+
+               } catch (GeneralSecurityException e) {
+                       throw new BuildException("Unable to generate secret: " + e);
+               } catch (IOException e) {
+                       throw new BuildException("Unable to store secret in keystore: " + e);
+               }
+       }
+
+       /**
+        * Sets the keyStoreKeyAlias.
+        * @param keyStoreKeyAlias The keyStoreKeyAlias to set
+        */
+       public void setKeyStoreKeyAlias(String keyStoreKeyAlias) {
+               this.keyStoreKeyAlias = keyStoreKeyAlias;
+       }
+
+       /**
+        * Sets the keyStoreKeyPassword.
+        * @param keyStoreKeyPassword The keyStoreKeyPassword to set
+        */
+       public void setKeyStoreKeyPassword(String keyStoreKeyPassword) {
+               this.keyStoreKeyPassword = keyStoreKeyPassword;
+       }
+
+       /**
+        * Sets the keyStorePassword.
+        * @param keyStorePassword The keyStorePassword to set
+        */
+       public void setKeyStorePassword(String keyStorePassword) {
+               this.keyStorePassword = keyStorePassword;
+       }
+
+       /**
+        * Sets the keyStorePath.
+        * @param keyStorePath The keyStorePath to set
+        */
+       public void setKeyStorePath(String keyStorePath) {
+               this.keyStorePath = keyStorePath;
+       }
+
+}