Posted By:
Anonymous
Posted On:
Friday, August 18, 2006 12:25 PM
Hi everybody! I am working on troubleshooting an encryption/decryption program which is currently in production. The JDK version is 1.3.1. The encryption program takes a payload string which is a combination of several parameters (each parameter is URL encoded) and generates an encrypted URL following the steps below: // // Steps for creating an encrypted URL: // // 1 - Calculate the checksum // 2 - Concatenate the checksum and payload // 3 - URL Encode // 4 - Compress the string using zipIt (GZIP) // 5 - Encrypt using Blowfish and SunJCE // 6 - Base 64 encode // 7 - URL encode // 8 - Return the complete string The program wor
More>>
Hi everybody!
I am working on troubleshooting an encryption/decryption program which is currently in production.
The JDK version is 1.3.1.
The encryption program takes a payload string which is a combination of several parameters (each parameter is URL encoded) and generates an encrypted URL following the steps below:
//
// Steps for creating an encrypted URL:
//
// 1 - Calculate the checksum
// 2 - Concatenate the checksum and payload
// 3 - URL Encode
// 4 - Compress the string using zipIt (GZIP)
// 5 - Encrypt using Blowfish and SunJCE
// 6 - Base 64 encode
// 7 - URL encode
// 8 - Return the complete string
The program works as long as the caller calls it once.
But, if the program is called in a loop, sometimes the output is invalid (5% of the time). And this is totally random and is not driven by any of the parameter values being passed in.
I am pasting relevant sections of the code. Could anybody help me with this to see what could be causing it?
Thanks in advance!
ss
public class PDFWebApiDelegate {
public PDFWebApiDelegate() {
}
public static String encryptPayload (String payload, String authKey)
{
try {
BlowFishUtil bfUtil = new BlowFishUtil();
String sCheckSum = getMD5Checksum(payload);
String encodeBuffer = sCheckSum + payload;
encodeBuffer = URLEncoder.encode(encodeBuffer);
byte[] aryEncodeBuf = zipIt(encodeBuffer);
aryEncodeBuf = bfUtil.encryptSecretKey(authKey.getBytes(),aryEncodeBuf);
encodeBuffer = Base64.encodeBytes(aryEncodeBuf);
encodeBuffer = URLEncoder.encode(encodeBuffer);
return encodeBuffer;
}
catch (Exception e) {
return null;
}
}
public static String decryptPayload (String payload, String authKey)
{
try {
String decodeBuffer = "";
BlowFishUtil bfUtil = new BlowFishUtil();
decodeBuffer = URLDecoder.decode(payload);
decodeBuffer = Base64.decodeToString(decodeBuffer);
byte[] aryDecodeBuf = bfUtil.decryptSecretKey(authKey.getBytes(), decodeBuffer.getBytes());
aryDecodeBuf = unzipIt(aryDecodeBuf);
String sBuf = new String(aryDecodeBuf);
sBuf = URLDecoder.decode(sBuf);
int iPos = sBuf.indexOf("gh=");
if (iPos>=0) {
String sURLCheckSum = sBuf.substring(0,iPos);
sBuf = sBuf.substring(iPos,sBuf.length());
String sCheckSum = getMD5Checksum(sBuf);
if (!sCheckSum.equals(sURLCheckSum)) {
}
}
return new String(sBuf);
}
catch (Exception e) {
return null;
}
}
private static String getMD5Checksum( String mess )
{
String hexHashCode = "";
String hashCode = "";
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] message = mess.getBytes("UTF-8");
md.update( message );
byte[] hash = md.digest();
for ( int i=0; i
< hash.length; i++ ){
int x = hash[i] & 0xFF;
if (x
< 0x10) {
hexHashCode += "0";
}
hexHashCode += (Integer.toHexString(x));
hashCode += hash[i]+" _ ";
}
}
catch (Exception e) {
e.printStackTrace();
return "error";
}
return hexHashCode;
}
private static byte[] zipIt ( String parameterString )
{
byte[] zipped;
try {
ByteArrayOutputStream catcher = new ByteArrayOutputStream();
GZIPOutputStream gzipOut = new GZIPOutputStream( catcher );
byte[] bytesToZip = parameterString.getBytes();
gzipOut.write( bytesToZip, 0, bytesToZip.length );
gzipOut.close();
return catcher.toByteArray();
}
catch ( Exception ioe ) {
ioe.printStackTrace();
return "error".getBytes();
}
}
private static byte[] unzipIt ( byte[] buffer ) {
ByteArrayOutputStream outBuffer = new ByteArrayOutputStream();
ByteArrayInputStream inBuffer = new ByteArrayInputStream(buffer);
try {
GZIPInputStream gzip = new GZIPInputStream(inBuffer);
byte[] tmpBuffer = new byte[256];
int n;
while ((n = gzip.read(tmpBuffer)) >= 0) {
outBuffer.write(tmpBuffer, 0, n);
}
return outBuffer.toByteArray();
}
catch (Exception e) {
return null;
}
}
}
Here is the encryption module. The key is a fixed 56 byte value.
// encryptSecretKey - uses javax.crypto.SecretKey to encrypt a java.util.String. It returns
// this string as a byte array.
//
public static byte[] encryptSecretKey(byte[] keyBytes, byte[] unencrypted)
{
try {
Provider sunJce = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJce);
SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] myEncrypt = cipher.doFinal(unencrypted);
return myEncrypt;
}
catch (Exception e) {
e.printStackTrace();
return null;
}
}
//
// decryptSecretKey - uses a java.crypto.SecretKey to decrypt a byte array of encrypted characters
//
public static byte[] decryptSecretKey(byte[] keyBytes, byte[] encrypted)
{
try {
Provider sunJCE = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJCE);
SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, "Blowfish");
Cipher cipher = javax.crypto.Cipher.getInstance("Blowfish");
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
catch (Exception e) {
return null;
}
}
<<Less
