1 /*
   2  * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 7160837
  27  * @summary Make sure Cipher IO streams doesn't call extra doFinal if close()
  28  * is called multiple times.  Additionally, verify the input and output streams
  29  * match with encryption and decryption with non-stream crypto.
  30  * @modules java.xml.bind
  31  * @compile -addmods java.xml.bind CipherStreamClose.java
  32  * @run main/othervm -addmods java.xml.bind CipherStreamClose
  33  */
  34 
  35 import java.io.*;
  36 import java.security.DigestOutputStream;
  37 import java.security.DigestInputStream;
  38 import java.security.MessageDigest;
  39 import java.util.Arrays;
  40 
  41 import javax.crypto.Cipher;
  42 import javax.crypto.CipherOutputStream;
  43 import javax.crypto.CipherInputStream;
  44 import javax.crypto.SecretKey;
  45 import javax.crypto.spec.SecretKeySpec;
  46 import javax.xml.bind.DatatypeConverter;
  47 
  48 public class CipherStreamClose {
  49     private static final String message = "This is the sample message";
  50     static boolean debug = false;
  51 
  52     /*
  53      * This method does encryption by cipher.doFinal(), and not with
  54      * CipherOutputStream
  55      */
  56     public static byte[] blockEncrypt(String message, SecretKey key)
  57         throws Exception {
  58 
  59         byte[] data;
  60         Cipher encCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
  61         encCipher.init(Cipher.ENCRYPT_MODE, key);
  62         try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
  63             try (ObjectOutputStream oos = new ObjectOutputStream(bos)) {
  64                 oos.writeObject(message);
  65             }
  66             data = bos.toByteArray();
  67         }
  68 
  69         if (debug) {
  70             System.out.println(DatatypeConverter.printHexBinary(data));
  71         }
  72         return encCipher.doFinal(data);
  73 
  74     }
  75 
  76     /*
  77      * This method does decryption by cipher.doFinal(), and not with
  78      * CipherIntputStream
  79      */
  80     public static Object blockDecrypt(byte[] data, SecretKey key)
  81         throws Exception {
  82 
  83         Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");
  84         c.init(Cipher.DECRYPT_MODE, key);
  85         data = c.doFinal(data);
  86         try (ByteArrayInputStream bis = new ByteArrayInputStream(data)) {
  87             try (ObjectInputStream ois = new ObjectInputStream(bis)) {
  88                 return ois.readObject();
  89             }
  90         }
  91     }
  92 
  93     public static byte[] streamEncrypt(String message, SecretKey key,
  94         MessageDigest digest)
  95         throws Exception {
  96 
  97         byte[] data;
  98         Cipher encCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
  99         encCipher.init(Cipher.ENCRYPT_MODE, key);
 100         try (ByteArrayOutputStream bos = new ByteArrayOutputStream();
 101             DigestOutputStream dos = new DigestOutputStream(bos, digest);
 102             CipherOutputStream cos = new CipherOutputStream(dos, encCipher)) {
 103             try (ObjectOutputStream oos = new ObjectOutputStream(cos)) {
 104                 oos.writeObject(message);
 105             }
 106             data = bos.toByteArray();
 107         }
 108 
 109         if (debug) {
 110             System.out.println(DatatypeConverter.printHexBinary(data));
 111         }
 112         return data;
 113     }
 114 
 115     public static Object streamDecrypt(byte[] data, SecretKey key,
 116         MessageDigest digest) throws Exception {
 117 
 118         Cipher decCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
 119         decCipher.init(Cipher.DECRYPT_MODE, key);
 120         digest.reset();
 121         try (ByteArrayInputStream bis = new ByteArrayInputStream(data);
 122             DigestInputStream dis = new DigestInputStream(bis, digest);
 123             CipherInputStream cis = new CipherInputStream(dis, decCipher)) {
 124 
 125             try (ObjectInputStream ois = new ObjectInputStream(cis)) {
 126                 return ois.readObject();
 127             }
 128         }
 129     }
 130 
 131     public static void main(String[] args) throws Exception {
 132         MessageDigest digest = MessageDigest.getInstance("SHA1");
 133         SecretKeySpec key = new SecretKeySpec(
 134             DatatypeConverter.parseHexBinary(
 135             "12345678123456781234567812345678"), "AES");
 136 
 137         // Run 'message' through streamEncrypt
 138         byte[] se = streamEncrypt(message, key, digest);
 139         // 'digest' already has the value from the stream, just finish the op
 140         byte[] sd = digest.digest();
 141         digest.reset();
 142         // Run 'message' through blockEncrypt
 143         byte[] be = blockEncrypt(message, key);
 144         // Take digest of encrypted blockEncrypt result
 145         byte[] bd = digest.digest(be);
 146         // Verify both returned the same value
 147         if (!Arrays.equals(sd, bd)) {
 148             System.err.println("Stream: "+DatatypeConverter.printHexBinary(se)+
 149                 "\t Digest: "+DatatypeConverter.printHexBinary(sd));
 150             System.err.println("Block : "+DatatypeConverter.printHexBinary(be)+
 151                 "\t Digest: "+DatatypeConverter.printHexBinary(bd));
 152             throw new Exception("stream & block encryption does not match");
 153         }
 154 
 155         digest.reset();
 156         // Sanity check: Decrypt separately from stream to verify operations
 157         String bm = (String) blockDecrypt(be, key);
 158         if (message.compareTo(bm) != 0) {
 159             System.err.println("Expected: "+message+"\nBlock:    "+bm);
 160             throw new Exception("Block decryption does not match expected");
 161         }
 162 
 163         // Have decryption and digest included in the object stream
 164         String sm = (String) streamDecrypt(se, key, digest);
 165         if (message.compareTo(sm) != 0) {
 166             System.err.println("Expected: "+message+"\nStream:   "+sm);
 167             throw new Exception("Stream decryption does not match expected.");
 168         }
 169     }
 170 }