jboss - decrypt vault password

decrypt.java

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.nio.channels.FileChannel;
import java.security.*;
import java.security.KeyStore.Entry;
import java.util.Enumeration;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

public class decrypt {
	public static final String PASS_MASK_PREFIX = "MASK-";

	public static void main(String[] args) throws Exception {
		try {
		String decoded = decode("MASK-XXXXXXX-see-standalone-ha.xml", "123SALT", 50); // 50 is iteration count
		System.out.println(decoded);
		} catch(Exception ex) {
			throw ex;
		} 
	}


   public static String decode(String maskedString, String salt, int iterationCount) throws Exception
   {
      String pbeAlgo = "PBEwithMD5andDES";
      if (maskedString.startsWith(PASS_MASK_PREFIX))
      {
         // Create the PBE secret key 
         SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo);

         char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
         PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
         PBEKeySpec keySpec = new PBEKeySpec(password);
         SecretKey cipherKey = factory.generateSecret(keySpec);

         maskedString = maskedString.substring(PASS_MASK_PREFIX.length());
         String decodedValue = decode64(maskedString, pbeAlgo, cipherKey, cipherSpec);
         maskedString = decodedValue;
      }
      return maskedString;
   }	

   public static byte[] decode(byte[] secret, String cipherAlgorithm,
      SecretKey cipherKey, PBEParameterSpec cipherSpec)
      throws Exception
   {
      Cipher cipher = Cipher.getInstance(cipherAlgorithm);
      cipher.init(Cipher.DECRYPT_MODE, cipherKey, cipherSpec);
      byte[] decode = cipher.doFinal(secret);
      return decode;
   }

   public static String decode64(String secret, String cipherAlgorithm,
      SecretKey cipherKey, PBEParameterSpec cipherSpec)
      throws Exception
   {
      byte [] encoding;
      try {
         encoding = Base64Utils.fromb64(secret);
      }
      catch (IllegalArgumentException e) {
         // fallback when original string is was created with faulty version of Base64 
         encoding = Base64Utils.fromb64("0" + secret);
         // PicketBoxLogger.LOGGER.wrongBase64StringUsed("0" + secret);
      }
      byte[] decode = decode(encoding, cipherAlgorithm, cipherKey, cipherSpec);
      return new String(decode, "UTF-8");
   }

	public static class Base64Utils
	{

	   private static final String base64Str = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
	   private static final char[] base64Table = base64Str.toCharArray();
	   public static final String BASE64_ENCODING = "BASE64";
	   public static final String BASE16_ENCODING = "HEX";
	   public static final char PAD = '_';
	   public static final String REGEX = "^" + PAD + "{0,2}[" + base64Str + "]*$";

	   public static String tob64(byte[] buffer)
	   {
	      return tob64(buffer, false);
	   }

	   public static String tob64(byte[] buffer, boolean usePadding)
	   {
	      int len = buffer.length, pos = len % 3, c;
	      byte b0 = 0, b1 = 0, b2 = 0;
	      StringBuffer sb = new StringBuffer();

	      int i = 0;
	      if (usePadding)
	      {
	         for (i = pos; i != 0; i = (i + 1) % 3)
	         {
	            sb.append(PAD);
	         }
	         i = 0;
	      }
	      switch (pos)
	      {
	         case 2:
	            b1 = buffer[i++];
	            c = ((b0 & 3) << 4) | ((b1 & 0xf0) >>> 4);
	            sb.append(base64Table[c]);
	         case 1:
	            b2 = buffer[i++];
	            c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >>> 6);
	            sb.append(base64Table[c]);
	            c = b2 & 0x3f;
	            sb.append(base64Table[c]);
	            break;
	      }

	      while (pos < len)
	      {
	         b0 = buffer[pos++];
	         b1 = buffer[pos++];
	         b2 = buffer[pos++];
	         c = (b0 & 0xfc) >>> 2;
	         sb.append(base64Table[c]);
	         c = ((b0 & 3) << 4) | ((b1 & 0xf0) >>> 4);
	         sb.append(base64Table[c]);
	         c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >>> 6);
	         sb.append(base64Table[c]);
	         c = b2 & 0x3f;
	         sb.append(base64Table[c]);
	      }

	      return sb.toString();
	   }

	   public static byte[] fromb64(String str) throws NumberFormatException
	   {
	      if (str.length() == 0)
	      {
	         return new byte[0];
	      }

	      while (str.length() % 4 != 0)
	      {
	         str = PAD + str;
	      }
	      if (!str.matches(REGEX))
	      {
	         // throw PicketBoxMessages.MESSAGES.invalidBase64String(str);
	      	throw new RuntimeException("invalidBase64String: " + str);
	      }
	      ByteArrayOutputStream bos = new ByteArrayOutputStream((str.length() * 3) / 4);
	      for (int i = 0, n = str.length(); i < n;)
	      {
	         int pos0 = base64Str.indexOf(str.charAt(i++));
	         int pos1 = base64Str.indexOf(str.charAt(i++));
	         int pos2 = base64Str.indexOf(str.charAt(i++));
	         int pos3 = base64Str.indexOf(str.charAt(i++));
	         if (pos0 > -1)
	         {
	            bos.write(((pos1 & 0x30) >>> 4) | (pos0 << 2));
	         }
	         if (pos1 > -1)
	         {
	            bos.write(((pos2 & 0x3c) >>> 2) | ((pos1 & 0xf) << 4));
	         }
	         bos.write(((pos2 & 3) << 6) | pos3);
	      }
	      return bos.toByteArray();
	   }

	}   
}