cipher.jsp

<%
String password = "";
String encrypted = "";
if( request.getParameter("password") != null) {
	password = request.getParameter("password");
	encrypted = CipherAES128.encryptWithPrefix(password);
}


String encryptedPassword = "";
String decrypted = "";

if( request.getParameter("encryptedPassword") != null) {
	encryptedPassword = request.getParameter("encryptedPassword");
	decrypted = CipherAES128.decrypt(encryptedPassword);
}


%>

<html>
	<head>
		<meta http-equiv="content-type" content="text/html; charset=utf-8" />		
		<link href="./css/sharedStyles.css" type="text/css"	rel="stylesheet" />
		<link href="./css/uniqueStyles.css" type="text/css"	rel="stylesheet" />
		<link href="favicon.ico" rel="shortcut icon">
		<title>Crypter un mot de passe (AES128)</title>		
	</head>
	<body >
		<div id="totalPageWrapper">
			<div id="pageWrapper">
				<div class="gateway" id="content">
					<img src='./img/banner_logo.jpg' />
					<center>
						<h2>Saisie des paramètres</h2>

						<form method="post" action="cipher.jsp">
							<table>
								<tr>
									<td align="right"><strong>Mot de passe à Crypter</strong></td>
									<td><input type="text" size="35" name="password" value="<%=password%>"></td>
								</tr>
								<tr>
									<td align="right"><strong>Valider</strong></td>
									<td><input type="submit" name="Crypter" value="OK"></td>
								</tr>
							</table>
						</form>

						<%
						if( !"".equals(encrypted) ) {
							out.println("La valeur cryptée est " + encrypted);
						}
						%>

						<br/>
						<br/>
						<br/>
						<br/>
						<form method="post" action="cipher.jsp">
							<table>
								<tr>
									<td align="right"><strong>Mot de passe à Décrypter</strong></td>
									<td><input type="text" size="35" name="encryptedPassword" value="<%=encryptedPassword%>"></td>
								</tr>
								<tr>
									<td align="right"><strong>Valider</strong></td>
									<td><input type="submit" name="Decrypter" value="OK"></td>
								</tr>
							</table>
						</form>

						<%
						if( !"".equals(decrypted) ) {
							out.println("La valeur décryptée est " + decrypted);
						}
						%>


					</center>


				</div>
			</div>
		</div>
	</body>
</html>

CipherAES128.java

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class CipherAES128 {

    /**
     * logger !
     */
    private static final Logger logger = LogManager.getLogger(CipherAES128.class);

    private static final String key = "AbCdEfGhIjK12345"; // 128 bit key 
    private static final String random = "ThisIsASecretKey"; // => en config pour changer les valeurs bien sur

    public static  final String prefix = "AES128:";


    public static String encrypt(String value){
        return encrypt(key, random, value);
    }

    public static String encryptWithPrefix(String value) {
        return encryptWithPrefix(key, random, value);
    }

    public static String encryptWithPrefix(String key1, String key2, String value) {
        return String.format("%s%s", prefix, encrypt(key1, key2, value));
    }

    public static String decrypt(String value) {
        return decrypt(key, random, value);
    }

    /**
     * Encrypt with a AES128 bits key
     *
     * @param key1  a 128bits key
     * @param key2  a randomness source
     * @param value the value to encrypt
     * @return the encrypt value:
     */
    public static String encrypt(String key1, String key2, String value) {
        String encryptedString = null;
        try {
            IvParameterSpec iv = new IvParameterSpec(key2.getBytes("UTF-8"));

            SecretKeySpec skeySpec = new SecretKeySpec(key1.getBytes("UTF-8"),
                    "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
            byte[] encrypted = cipher.doFinal(value.getBytes());
            encryptedString = Base64.encodeBase64String(encrypted);
            logger.debug("encrypted string: {}", encryptedString);

        } catch (Exception ex) {
            logger.error(ex.getMessage());
        }
        return encryptedString;
    }

    public static String decrypt(String key1, String key2, String encrypted) {
        String decrypted = null;
        try {
            // check for prefix
            if( encrypted!= null && encrypted.startsWith(prefix)) {
                encrypted = encrypted.substring(prefix.length());
            }
            IvParameterSpec iv = new IvParameterSpec(key2.getBytes("UTF-8"));

            SecretKeySpec skeySpec = new SecretKeySpec(key1.getBytes("UTF-8"),
                    "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
            byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));
            decrypted = new String(original);
            logger.debug("decrypted string: {}", decrypted);

        } catch (Exception ex) {
            logger.error(ex.getMessage());
        }
        return decrypted;
    }



}

CipherAESTest.java

import org.junit.Assert;
import org.junit.Test;

/**
 * Created by aferrand on 01/07/2015.
 */
public class CipherAESTest {


    String key1 = "AbCdEfGhIjK12345"; // 128 bit key
    String key2 = "ThisIsASecretKey";
    String hello = "Hello World";

    @Test
    public void CipherAES128() {
        CipherAES128 exists = new CipherAES128();
    }

    @Test
    public void testEncryptDecrypt() {
        Assert.assertEquals(hello, CipherAES128.decrypt(key1, key2,
                CipherAES128.encrypt(key1, key2, hello)));
    }

    @Test
    public void testEncrypt() {
        String encrypted = CipherAES128.encrypt(key1, key2, hello);
        System.out.println("Encrypted is " + encrypted);
        Assert.assertEquals("nzgKJz2fR2wivhpCc3tfIg==", encrypted);
    }

    @Test
    public void testEncryptWithPrefix() {
        String encrypted = CipherAES128.encryptWithPrefix(hello);
        System.out.println("Encrypted is " + encrypted);
        Assert.assertEquals("AES128:nzgKJz2fR2wivhpCc3tfIg==", encrypted);
    }

    @Test
    public void testDecrypt() {
        String decrypted = CipherAES128.decrypt(key1, key2, "nzgKJz2fR2wivhpCc3tfIg==");
        System.out.println("Decrypted is " + decrypted);
        Assert.assertEquals(hello, decrypted);

    }

    @Test
    public void testDecryptWithPrefix() {
        String decrypted = CipherAES128.decrypt(key1, key2, "AES128:nzgKJz2fR2wivhpCc3tfIg==");
        System.out.println("Decrypted is " + decrypted);
        Assert.assertEquals(hello, decrypted);

    }

    @Test
    public void testEncDecIntern() {
        Assert.assertEquals(hello, CipherAES128.decrypt(CipherAES128.encrypt(hello)));
    }

    @Test
    public void testEncryptIntern() {
        String encrypted = CipherAES128.encrypt(hello);
        System.out.println("Encrypted is " + encrypted);
        Assert.assertEquals("nzgKJz2fR2wivhpCc3tfIg==", encrypted);
    }

    @Test
    public void testDecryptIntern() {
        String decrypted = CipherAES128.decrypt("nzgKJz2fR2wivhpCc3tfIg==");
        System.out.println("Decrypted is " + decrypted);
        Assert.assertEquals(hello, decrypted);
    }

    @Test
    public void testEncryptException() {
        String key = "123";
        Assert.assertNull(CipherAES128.encrypt(key, key, hello));
    }

    @Test
    public void testDecryptException() {
        String key = "123";
        Assert.assertNull(CipherAES128.decrypt(key, key, hello));
    }

}

replication.txt

Dans le fichier com.esrifrance.arcopole.replication.ReplicationService.java

Ligne 116 le mot de passe est recupéré. on le decrypt avant utiilsation si le prefix est touvé:
	String password = fmkLdap.getPassword();
	if( password.startsWith(CipherAES128.prefix) ) {
		password = CipherAES128.decrypt(password);
	}