refactored a AES-128 key generation function

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@18382 71c3de6d-444a-0410-be80-ed276b4c234a

refactored a AES-128 key generation function
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@18382 71c3de6d-444a-0410-be80-ed276b4c234a
0539131e · kohsuke · d4fb0fd5 · 0539131e · 0539131e · 0539131e
3 changed file
--- a/core/src/main/java/hudson/Util.java
+++ b/core/src/main/java/hudson/Util.java
@@ -16,6 +16,8 @@ import org.apache.commons.lang.time.FastDateFormat;
 import org.kohsuke.stapler.Stapler;
 import org.jvnet.animal_sniffer.IgnoreJRERequirement;

+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -30,6 +32,7 @@ import java.io.Writer;
 import java.io.PrintStream;
 import java.io.InputStreamReader;
 import java.io.FileInputStream;
+import java.io.UnsupportedEncodingException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.net.URI;
@@ -458,6 +461,26 @@ public class Util {
        }
    }

+    /**
+     * Covnerts a string into 128-bit AES key.
+     * @since 1.308
+     */
+    public static SecretKey toAes128Key(String s) {
+        try {
+            // turn secretKey into 256 bit hash
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            digest.reset();
+            digest.update(s.getBytes("UTF-8"));
+
+            // Due to the stupid US export restriction JDK only ships 128bit version.
+            return new SecretKeySpec(digest.digest(),0,128/8, "AES");
+        } catch (NoSuchAlgorithmException e) {
+            throw new Error(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new Error(e);
+        }
+    }
+
    public static String toHexString(byte[] data, int start, int len) {
        StringBuilder buf = new StringBuilder();
        for( int i=0; i<len; i++ ) {

--- a/core/src/main/java/hudson/model/Hudson.java
+++ b/core/src/main/java/hudson/model/Hudson.java
@@ -156,8 +156,11 @@ import java.io.InputStream;
 import java.io.Serializable;
 import java.io.PrintStream;
 import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.security.SecureRandom;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.text.NumberFormat;
 import java.text.ParseException;
 import java.text.Collator;
@@ -197,6 +200,8 @@ import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.nio.charset.Charset;
 import javax.servlet.RequestDispatcher;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.SecretKey;

 import groovy.lang.GroovyShell;

@@ -685,6 +690,14 @@ public final class Hudson extends Node implements ItemGroup<TopLevelItem>, Stapl
        return secretKey;
    }

+    /**
+     * Gets {@linkplain #getSecretKey() the secret key} as a key for AES-128.
+     * @since 1.308
+     */
+    public SecretKey getSecretKeyAsAES128() {
+        return Util.toAes128Key(secretKey);
+    }
+
    /**
     * Gets the SCM descriptor by name. Primarily used for making them web-visible.
     */

--- a/core/src/main/java/hudson/util/Secret.java
+++ b/core/src/main/java/hudson/util/Secret.java
@@ -30,14 +30,13 @@ import com.thoughtworks.xstream.io.HierarchicalStreamReader;
 import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
 import com.trilead.ssh2.crypto.Base64;
 import hudson.model.Hudson;
+import hudson.Util;

 import javax.crypto.SecretKey;
 import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
 import java.io.UnsupportedEncodingException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.security.MessageDigest;

 /**
 * Glorified {@link String} that uses encryption in the persisted form, to avoid accidental exposure of a secret.
@@ -80,15 +79,8 @@ public final class Secret {
     */
    private static SecretKey getKey() throws UnsupportedEncodingException, GeneralSecurityException {
        String secret = SECRET;
-        if(secret==null)    secret = Hudson.getInstance().getSecretKey();
-
-        // turn secretKey into 256 bit hash
-        MessageDigest digest = MessageDigest.getInstance("SHA-256");
-        digest.reset();
-        digest.update(secret.getBytes("UTF-8"));
-
-        // Due to the stupid US export restriction JDK only ships 128bit version.
-        return new SecretKeySpec(digest.digest(),0,128/8, "AES");
+        if(secret==null)    return Hudson.getInstance().getSecretKeyAsAES128();
+        return Util.toAes128Key(secret);
    }

    /**