tamalsaha · February 6, 2017 22:43
diff --git a/aes.java b/aes.java
 package aes;

 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import java.nio.file.FileSystems;
 import java.nio.file.Files;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;

 public class Aes {

    public static SecretKey toAes128Key(String s) {
        try {
            // turn secretKey into 256 bit hash
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            digest.reset();
            digest.update(s.getBytes("UTF-8"));
            byte[] b = digest.digest();
            System.out.println(">>>>>>> " + Base64.getEncoder().encodeToString(b));

            // Due to the stupid US export restriction JDK only ships 128bit version.
            return new SecretKeySpec(b, 0, 128 / 8, "AES");
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
            throw new Error(e);
        }
    }

    public static byte[] toByteArray(InputStream input) throws IOException {
        ByteArrayOutputStream buffer = new ByteArrayOutputStream();
        int nRead;
        byte[] data = new byte[16384];
        while ((nRead = input.read(data, 0, data.length)) != -1) {
            buffer.write(data, 0, nRead);
        }
        buffer.flush();
        return buffer.toByteArray();
    }

    private static final byte[] MAGIC = "::::MAGIC::::".getBytes();
    /**
     * Verifies that the given byte[] has the MAGIC trailer, to verify the integrity of the decryption process.
     */
    private static byte[] verifyMagic(byte[] payload) {
        int payloadLen = payload.length-MAGIC.length;
        if (payloadLen<0)   return null;    // obviously broken

        for (int i=0; i<MAGIC.length; i++) {
            if (payload[payloadLen+i]!=MAGIC[i])
                return null;    // broken
        }
        byte[] truncated = new byte[payloadLen];
        System.arraycopy(payload,0,truncated,0,truncated.length);
        return truncated;
    }

    public static void main(String[] args) throws Exception {
        String d = "/home/tamal/AppsCode/Source/ci/ci-phabricator-jenkins-plugin/work/secrets/";
        FileSystems.getDefault().getPath(d, "master.key");

        String masterSecret = Files.readAllLines(FileSystems.getDefault().getPath(d, "master.key")).get(0);
        System.out.println(masterSecret);
        SecretKey masterKey = toAes128Key(masterSecret);
        System.out.println(masterKey.getFormat());
        
        Cipher sym = Cipher.getInstance("AES");
        sym.init(Cipher.DECRYPT_MODE, masterKey);
        System.out.println(sym.getParameters());

        CipherInputStream cis = new CipherInputStream(new FileInputStream(new File(d, "hudson.util.Secret")), sym);
        byte[] bytes = toByteArray(cis);
        byte[] b = verifyMagic(bytes);

        System.out.println(bytes.length);
        System.out.println(b.length);
    }
 }
	package aes;

	import java.io.ByteArrayOutputStream;
	import java.io.File;
	import java.io.FileInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.UnsupportedEncodingException;
	import java.nio.file.FileSystems;
	import java.nio.file.Files;
	import java.security.MessageDigest;
	import java.security.NoSuchAlgorithmException;
	import java.util.Base64;
	import javax.crypto.Cipher;
	import javax.crypto.CipherInputStream;
	import javax.crypto.SecretKey;
	import javax.crypto.spec.SecretKeySpec;

	public class Aes {

	public static SecretKey toAes128Key(String s) {
	try {
	// turn secretKey into 256 bit hash
	MessageDigest digest = MessageDigest.getInstance("SHA-256");
	digest.reset();
	digest.update(s.getBytes("UTF-8"));
	byte[] b = digest.digest();
	System.out.println(">>>>>>> " + Base64.getEncoder().encodeToString(b));

	// Due to the stupid US export restriction JDK only ships 128bit version.
	return new SecretKeySpec(b, 0, 128 / 8, "AES");
	} catch (NoSuchAlgorithmException \| UnsupportedEncodingException e) {
	throw new Error(e);
	}
	}

	public static byte[] toByteArray(InputStream input) throws IOException {
	ByteArrayOutputStream buffer = new ByteArrayOutputStream();
	int nRead;
	byte[] data = new byte[16384];
	while ((nRead = input.read(data, 0, data.length)) != -1) {
	buffer.write(data, 0, nRead);
	}
	buffer.flush();
	return buffer.toByteArray();
	}

	private static final byte[] MAGIC = "::::MAGIC::::".getBytes();
	/**
	* Verifies that the given byte[] has the MAGIC trailer, to verify the integrity of the decryption process.
	*/
	private static byte[] verifyMagic(byte[] payload) {
	int payloadLen = payload.length-MAGIC.length;
	if (payloadLen<0) return null; // obviously broken

	for (int i=0; i<MAGIC.length; i++) {
	if (payload[payloadLen+i]!=MAGIC[i])
	return null; // broken
	}
	byte[] truncated = new byte[payloadLen];
	System.arraycopy(payload,0,truncated,0,truncated.length);
	return truncated;
	}

	public static void main(String[] args) throws Exception {
	String d = "/home/tamal/AppsCode/Source/ci/ci-phabricator-jenkins-plugin/work/secrets/";
	FileSystems.getDefault().getPath(d, "master.key");

	String masterSecret = Files.readAllLines(FileSystems.getDefault().getPath(d, "master.key")).get(0);
	System.out.println(masterSecret);
	SecretKey masterKey = toAes128Key(masterSecret);
	System.out.println(masterKey.getFormat());

	Cipher sym = Cipher.getInstance("AES");
	sym.init(Cipher.DECRYPT_MODE, masterKey);
	System.out.println(sym.getParameters());

	CipherInputStream cis = new CipherInputStream(new FileInputStream(new File(d, "hudson.util.Secret")), sym);
	byte[] bytes = toByteArray(cis);
	byte[] b = verifyMagic(bytes);

	System.out.println(bytes.length);
	System.out.println(b.length);
	}
	}