diff --git a/doc/src/asciidoc/book.adoc b/doc/src/asciidoc/book.adoc index 5fedf138df..809bcccecd 100644 --- a/doc/src/asciidoc/book.adoc +++ b/doc/src/asciidoc/book.adoc @@ -46,6 +46,7 @@ include::module_qrest.adoc[] include::module_freemarker_decorator.adoc[] include::module_groovy.adoc[] include::module_cryptoservice.adoc[] +include::module_cryptoserver.adoc[] == Simulators diff --git a/doc/src/asciidoc/module_cryptoserver.adoc b/doc/src/asciidoc/module_cryptoserver.adoc new file mode 100644 index 0000000000..629f0d1ffa --- /dev/null +++ b/doc/src/asciidoc/module_cryptoserver.adoc @@ -0,0 +1,55 @@ +=== Crypto Server + +The `cryptoserver` module offers a REST (qrest based) API to encrypt and decrypt using the `cryptoservice`. + +It supports the following operations + +==== encrypt + +* Path: `/encrypt` +* Body: + +[source,json] +------------- +{ + "text" : "The quick brown fox jumps over the lazy dog 0123456789" +} +------------- + + +Sample response: + +[source,json] +------------- +{ + "kid": "d7e82270-7041-4434-8cf9-c4d0f26f620d", + "cryptogram": "rp5uz7QMjRaEqPIbXzOZNI6bLuWYcdP0sH3I0FSKpRk2bBTUdldlZLShz6T42MIG5E4km36Xz/G8rH7mtZlVjE7OSizQzOC14h9/TNLLiRA=" +} +------------- + + +==== decrypt + +* Path: `/decrypt` +* Body: + +[source,json] +------------- +{ + "kid": "d7e82270-7041-4434-8cf9-c4d0f26f620d", + "cryptogram": "rp5uz7QMjRaEqPIbXzOZNI6bLuWYcdP0sH3I0FSKpRk2bBTUdldlZLShz6T42MIG5E4km36Xz/G8rH7mtZlVjE7OSizQzOC14h9/TNLLiRA=" +} +------------- + +[source,json] +------------- +{ + "text" : "The quick brown fox jumps over the lazy dog 0123456789" +} +------------- + +[NOTE] +====== +The node running `cryptoserver` has to be `unlocked` (see <> module). +====== + diff --git a/doc/src/asciidoc/module_cryptoservice.adoc b/doc/src/asciidoc/module_cryptoservice.adoc index 3965d7583e..7838af9470 100644 --- a/doc/src/asciidoc/module_cryptoservice.adoc +++ b/doc/src/asciidoc/module_cryptoservice.adoc @@ -1,11 +1,12 @@ +[[cryptoservice]] === Crypto Service The `cryptoservice` module uses AES-256 to encrypt sensitive data, such as primary account numbers and protects the encryption key using PGP. At start-up time, and at regular intervals, the crypto service generates a -new AES-256 key, encrypts it using PGP using one or more recipient ids, and -stores the resulting encrypted message in the sysconfig table, using the +new AES-256 key, encrypts it using PGP using one or more recipient ids (custodians), +and stores the resulting encrypted message in the sysconfig table, using the "key." prefix, and a unique key UUID, i.e.: [source] @@ -143,6 +144,21 @@ directory. If you `ssh` to a running Q2 to reach the CLI, then you can ignore this tip. ===== + +For testing purposes, it is possible to set the `unlock-password` property in the +crypto service configuration QBean, i.e.: + +[source,xml] +------------ + +------------ + +[NOTE] +====== +This is of course highly insecure, the whole PGP based crypto service scheme makes +no sense at all when unlocking the private key in such a way. +====== + ==== Using GnuPG to generate keys * Generate key diff --git a/modules/cryptoserver/build.gradle b/modules/cryptoserver/build.gradle new file mode 100644 index 0000000000..3217ddd27e --- /dev/null +++ b/modules/cryptoserver/build.gradle @@ -0,0 +1,18 @@ +description = 'jPOS-EE :: Crypto Server' + +dependencies { + testCompile libraries.junit + testCompile libraries.restAssured + compile project(':modules:qrest') + compile project(':modules:cryptoservice') + compile project(':modules:db-mysql') + compile project(':modules:logback') +} + +apply from: "${rootProject.projectDir}/jpos-app.gradle" + +test { + dependsOn('installApp') + workingDir = "build/install/cryptoserver" +} + diff --git a/modules/cryptoserver/src/dist/bin/bsh b/modules/cryptoserver/src/dist/bin/bsh new file mode 100755 index 0000000000..c74e991f10 --- /dev/null +++ b/modules/cryptoserver/src/dist/bin/bsh @@ -0,0 +1,5 @@ +#!/bin/sh +cd `dirname $0`/.. || exit 1 +CLASSPATH=classes:$CLASSPATH +CLASSPATH=`echo @jarname@ lib/*.jar | tr ' ' ':'`:$CLASSPATH +exec java -cp $CLASSPATH bsh.Interpreter $* diff --git a/modules/cryptoserver/src/dist/bin/q2 b/modules/cryptoserver/src/dist/bin/q2 new file mode 100755 index 0000000000..93be6741e6 --- /dev/null +++ b/modules/cryptoserver/src/dist/bin/q2 @@ -0,0 +1,29 @@ +#!/bin/sh + +cd `dirname $0`/.. || exit 1 +rm -f deploy/shutdown.xml + +if [ -f jpos.pid ] && ps -p $(cat jpos.pid) > /dev/null 2>&1 +then + echo "Process $(cat jpos.pid) is running" +else + rm -f jpos.pid + exec java -server \ + -Xmx1G \ + -Xloggc:log/gc.log \ + -XX:+PrintGCDetails \ + -XX:+PrintGCDateStamps \ + -XX:+UseGCLogFileRotation \ + -XX:NumberOfGCLogFiles=5 \ + -XX:GCLogFileSize=2M \ + -XX:NumberOfGCLogFiles=5 \ + -Djava.net.preferIPv4Stack=true \ + -Dcom.sun.management.jmxremote \ + -XX:+ExplicitGCInvokesConcurrentAndUnloadsClasses \ + -XX:+UseConcMarkSweepGC \ + -XX:+AggressiveOpts \ + -XX:+ParallelRefProcEnabled \ + -XX:+TieredCompilation \ + -jar jposee-@jarname@ --pid-file='jpos.pid' "$@" +fi + diff --git a/modules/cryptoserver/src/dist/bin/start b/modules/cryptoserver/src/dist/bin/start new file mode 100755 index 0000000000..d5b08b2566 --- /dev/null +++ b/modules/cryptoserver/src/dist/bin/start @@ -0,0 +1,5 @@ +#!/bin/sh + +cd `dirname $0` +echo Starting Q2 +nohup ./q2 > /dev/null 2>&1 & diff --git a/modules/cryptoserver/src/dist/bin/stop b/modules/cryptoserver/src/dist/bin/stop new file mode 100755 index 0000000000..6bb2b10151 --- /dev/null +++ b/modules/cryptoserver/src/dist/bin/stop @@ -0,0 +1,4 @@ +#!/bin/sh + +echo Stopping Q2 +echo '' > `dirname $0`/../deploy/shutdown.xml diff --git a/modules/cryptoserver/src/dist/cfg/db.properties b/modules/cryptoserver/src/dist/cfg/db.properties new file mode 100644 index 0000000000..c1560e1cc7 --- /dev/null +++ b/modules/cryptoserver/src/dist/cfg/db.properties @@ -0,0 +1,27 @@ +# +# jPOS Project [http://jpos.org] +# Copyright (C) 2000-2012 Alejandro P. Revilla +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# + +hibernate.connection.username=jpos +hibernate.connection.password=password + +# hibernate.hbm2ddl.auto=validate +# +hibernate.connection.url=jdbc:mysql://localhost/jposee?autoReconnect=true +hibernate.connection.driver_class=com.mysql.jdbc.Driver +hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect +# diff --git a/modules/cryptoserver/src/dist/cfg/keyring.priv b/modules/cryptoserver/src/dist/cfg/keyring.priv new file mode 100644 index 0000000000..5b291b27c5 --- /dev/null +++ b/modules/cryptoserver/src/dist/cfg/keyring.priv @@ -0,0 +1,59 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQPGBFnLCHcBCADQ+LkQ0bYQwLVXPvwcr6H8ZMxfGYgI0Q8eT97djx6LFfwbLu2o +30kEu6xlnJPFHWhhk/eyeIel/2+d/E61ZFSJEE2M9q96w3mWIK/Jq495lPCS2SH+ ++b8UKwhkJ6+n/rB5gWRo+bkgS0FcPNYFIxKNP0yHWrjojLkTVpCtLnOx4+noUjfl +TxnU5h8G1dKXELgPXIdDH81A4t0ciXtqbfB3pJ6UittVvGLMvNProicePMHyAR6f +0VjZp+0Pa1uixMKXTgX2Uzs+qH+yJJiFxJ2ZrgaFMNrmn2r9/netVQKyy8lqeNqv +A1McXcV1JpVpmoMPPM7Rm5radqw0qNXxjCgNABEBAAH+BwMCOWvckXYU09HT9ugX +3FzZ+O/E957nxXrIwO3+Rad4SfnBlTwuMfGuCu0gtp4kRqO/bG+x1gPtER57OTiy +7dsfl6zqYSXRP338qL1o4v8K2ecR9DcADBCYpNldQUrBg3BXFGxjlFrzw7y3F/j6 +DAGR+MaVL+zxd96LZCVM8eZLgcqs11yRc8m3tTsWmAeFSUF8x5g7f3K29kh4bzxn +KsflPb9WxcfS2xDXRzOqaYXMdrO/KExrDdW1lzmBfsqDxUbAC+NsxIyLI/Q4c7E2 +m3AK9sQIUmBKeNoEWrzHJ9lu7drEKJP5IETHs3rMOyIKlXhjj0evvCbRbELHfJjQ ++8pE1qO/Q0ycz2N1nF4328illp5yYnQ2vlOB4Yp1QbwC29Us7az9JvZqSxz7PI4a +FUv5sVsoEG4oVt6cY7IFQR6PEdh/ZtpRwQVRIPQKFzS2a8+PKNi0YZaQEDLqu3by +N/7nRt1kz5U9YHPtVFH7WkQS60dkQidyjJZxLBqf+jYgt+zQTPGI4rTnUVIpYmhN +Jc9Wbghy+kEtzthpQwOHTs2iA69sn+A5UeV4CjMonEUjSRU/C3eptYPl/LYf0nul +goAkcCWVJHopmiJyN9I3WFIRKyf5d6pW0Pyj8xeR2rnENtXhT+7CyoH6LSMO7N50 +w92sdqe6R2GSsJ5Rey11lsPej6BKhpG8b8RpDVSu3ggTE2hlx/rq85zuqbis9u6m +qxKmX3coeW/SdFULNzwiZzgv7QJzXiT6R0lc9fThQPCEHC8wTljlmorvqPGDrg++ +OqRH8ooLurL3T3jMMJ9st1mFfalTTs5l1HQM0IwEvOj6uhosPJDu/DXnOxIr8lv/ +wYMkgWy8Ld3/BlHga6uKkEnMLjiKdQESY/ra/4Jkdb3bSwuVi0Rh6KGmoOEVOip2 ++g4mMCYcM2TstBlqUE9TIERlbW8gPGRlbW9AanBvcy5vcmc+iQFOBBMBCAA4FiEE +0Ej/l+a+H3ixWWsEo3DoatNjoGkFAlnLCHcCGwMFCwkIBwIGFQgJCgsCBBYCAwEC +HgECF4AACgkQo3DoatNjoGncVAgAoBA4DYZ33t8zYAvjudvu4bv7ly2gEEJlkomq +l54nJDIj4y+ecnuUrwEAurk3X4i9eC0Iu3AKja4FVTCPvuYvAMgqIUi50FCnOG03 +WJk07oVFlLVySMFPgnrySjtdLUFqPvYNEUuATeK6gQxGBdkFAzcJuB91mkL/P7ib +yBWxtcbK9MFHz3htS9o+BMT+B9+AnqbAD/i+2UzjGGGZlnBgduTsU9eQRE2ipD6/ +3lE8wnx2sjueyljByWWBtrsXqDgfqlcqXxehRwyvgczV/VKTAq80TjX1Spg+uC0W +QgTeDXT/PHu1WNTwjrHVE7GfWBu+PAwxkfammDhxCIap94TBup0DxgRZywh3AQgA +6WHneouKQh9neQANmwJImM5LlweYcsINj+0EoBJ+rtaEJY3F2KYGBg2o9EBZX3sa ++aMUlLeO5qyCIbAVgJ+pz3x8n1K4J8wCjySu0M1m1DUDbMdImJboN0VB7NpBM+SV +w838vX8AXed3JHk+NSdf9n3IRYaU4XwLuJ7qdXLs7PXphxf0mDoa5rE/z7dJZnkV +SjQOgVwVOQEaOA6FJ9X6G+4tufAXu26JgMIjUaAvSJX1yMw2zxJP9O/M2i0SDcIj +VKEk/nUDvG4FYe9+NFj0XFZr0cF5nNiigmdnyNDc9sO9+pM8MPVfnVy8d1u7lsWK +KGmEIjY5Ebx7STQlH5DR/QARAQAB/gcDAuAZZCSJNoVi03CymDAOIUfnVOdIfVG4 +HQ/F4D6tiO71myRKXRS2CSnznwNFQ6GEmqHLJ/7wfsU7clTR31wgZaE7IsJrEFED +kfoYfFFV3WyX8YmzcmGQInF2cUO+5HvYEnQbLWWOKYhoO7GWsnbBiGR5+jT+haxT +9KMQ0QQqg/8CVmLJ8F1e4hfkj2JR/Xx2QaST4nkhmBq5l0apRxta9tzXkZlC1uIi +hmjJqLNbNiq1ttej9+J+TQ7bbGRopEpbEaTEtdxT+UJr15av098g5O2BZYYWsq/D +9mKiLygK5vReIsIqy1LfnfNnrOfz2/d/rRC/EtBKSoX6x6i5DfPhu322h9AQxS/U +p0Zi8QKim+zyYafL3doIuvlzQCKBjjm1rrmB6BbKcgA1B86QjJOTGrvzWU2l+0UM +80ll597nZ0fUHQ6QXITc1XX39jc4hRxhlOZC5PBR6RLkQ5OQs898rJjnBN4w5pQS +v4FIf+aBnNUFcin599TZtikopLpqsU05YQLgFt6itIvok2UB0ZEXFfcAFU2zRqNQ +Ga/8IRKsmusyYsc47rE+qbe48hYkkNOUCwi4ne8S+Nq5DNk0VfTuzOvvfDs7s+V1 +97CSa0dGQ1ydSQnFpD5JoXYmV4DnR2UFOZDbu2T6cHYElKF9rnJRgEHr+K7QwZS4 +bCzduuUfV23QHGvU6Q10udacAkx/FKjU6EZ5Yk2w/aMQMQw2EVvn8x2MYJ2htqya +pgYQcIaCmrb0+olflcymFux/5go7RepdFV46xySe5hBUPnOxkgFzgyZqQPweFj9n +9YfsxGLaqyKi/x06+/gLA17uxTBDwK0xnMAdVNCvcJFago0Xp90pkbZ+EYHpyiab +bCYWIq1KW1Zz3w5nNBK0au+E1KSbQsiYycUHv5ufLNqVXrhDf/JElPL3hRV1FIkB +NgQYAQgAIBYhBNBI/5fmvh94sVlrBKNw6GrTY6BpBQJZywh3AhsMAAoJEKNw6GrT +Y6BpWMAH/2d1EaqsTJ0jfknBGAwgGO2m7nWVaLA9HI2dgU+v54SRWUdzBLgEksot +NwSMaN4tt8vUfCwl+nRTqERJMKiPaqebYUsY+lw0en6O9XRLOTTZOlSgV72604dC +INp8vTvweHamiLO6pWVKvJNPvg4Imd4V7dVP8ljN5KdYDTutaf5VBL/W/jXEr+Vn +dqUsZn3b6hC/Bhz1CHoxSxHeac+hshs2rTd/MsQ2a7Nr/cHwKOzt0yG5OrvIIlH7 +NrJ4DSWdh0wAd7g3lHNb8wfkSyYYfmVM6P01oS/MWrJBx7kwesLpG9SCwLsVcoQv +0NBAG1MtMl42vS/VXuuoooevvRdJTYE= +=7g5a +-----END PGP PRIVATE KEY BLOCK----- diff --git a/modules/cryptoserver/src/dist/cfg/keyring.pub b/modules/cryptoserver/src/dist/cfg/keyring.pub new file mode 100644 index 0000000000..9b9db98a94 --- /dev/null +++ b/modules/cryptoserver/src/dist/cfg/keyring.pub @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFnLCHcBCADQ+LkQ0bYQwLVXPvwcr6H8ZMxfGYgI0Q8eT97djx6LFfwbLu2o +30kEu6xlnJPFHWhhk/eyeIel/2+d/E61ZFSJEE2M9q96w3mWIK/Jq495lPCS2SH+ ++b8UKwhkJ6+n/rB5gWRo+bkgS0FcPNYFIxKNP0yHWrjojLkTVpCtLnOx4+noUjfl +TxnU5h8G1dKXELgPXIdDH81A4t0ciXtqbfB3pJ6UittVvGLMvNProicePMHyAR6f +0VjZp+0Pa1uixMKXTgX2Uzs+qH+yJJiFxJ2ZrgaFMNrmn2r9/netVQKyy8lqeNqv +A1McXcV1JpVpmoMPPM7Rm5radqw0qNXxjCgNABEBAAG0GWpQT1MgRGVtbyA8ZGVt +b0BqcG9zLm9yZz6JAU4EEwEIADgWIQTQSP+X5r4feLFZawSjcOhq02OgaQUCWcsI +dwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCjcOhq02OgadxUCACgEDgN +hnfe3zNgC+O52+7hu/uXLaAQQmWSiaqXnickMiPjL55ye5SvAQC6uTdfiL14LQi7 +cAqNrgVVMI++5i8AyCohSLnQUKc4bTdYmTTuhUWUtXJIwU+CevJKO10tQWo+9g0R +S4BN4rqBDEYF2QUDNwm4H3WaQv8/uJvIFbG1xsr0wUfPeG1L2j4ExP4H34CepsAP ++L7ZTOMYYZmWcGB25OxT15BETaKkPr/eUTzCfHayO57KWMHJZYG2uxeoOB+qVypf +F6FHDK+BzNX9UpMCrzRONfVKmD64LRZCBN4NdP88e7VY1PCOsdUTsZ9YG748DDGR +9qaYOHEIhqn3hMG6uQENBFnLCHcBCADpYed6i4pCH2d5AA2bAkiYzkuXB5hywg2P +7QSgEn6u1oQljcXYpgYGDaj0QFlfexr5oxSUt47mrIIhsBWAn6nPfHyfUrgnzAKP +JK7QzWbUNQNsx0iYlug3RUHs2kEz5JXDzfy9fwBd53ckeT41J1/2fchFhpThfAu4 +nup1cuzs9emHF/SYOhrmsT/Pt0lmeRVKNA6BXBU5ARo4DoUn1fob7i258Be7bomA +wiNRoC9IlfXIzDbPEk/078zaLRINwiNUoST+dQO8bgVh7340WPRcVmvRwXmc2KKC +Z2fI0Nz2w736kzww9V+dXLx3W7uWxYooaYQiNjkRvHtJNCUfkNH9ABEBAAGJATYE +GAEIACAWIQTQSP+X5r4feLFZawSjcOhq02OgaQUCWcsIdwIbDAAKCRCjcOhq02Og +aVjAB/9ndRGqrEydI35JwRgMIBjtpu51lWiwPRyNnYFPr+eEkVlHcwS4BJLKLTcE +jGjeLbfL1HwsJfp0U6hESTCoj2qnm2FLGPpcNHp+jvV0Szk02TpUoFe9utOHQiDa +fL078Hh2poizuqVlSryTT74OCJneFe3VT/JYzeSnWA07rWn+VQS/1v41xK/lZ3al +LGZ92+oQvwYc9Qh6MUsR3mnPobIbNq03fzLENmuza/3B8Cjs7dMhuTq7yCJR+zay +eA0lnYdMAHe4N5RzW/MH5EsmGH5lTOj9NaEvzFqyQce5MHrC6RvUgsC7FXKEL9DQ +QBtTLTJeNr0v1V7rqKKHr70XSU2B +=nioc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/modules/cryptoserver/src/dist/cfg/logback.xml b/modules/cryptoserver/src/dist/cfg/logback.xml new file mode 100644 index 0000000000..08d842dda9 --- /dev/null +++ b/modules/cryptoserver/src/dist/cfg/logback.xml @@ -0,0 +1,12 @@ + + + + + + + + + + true + + diff --git a/modules/cryptoserver/src/dist/deploy/00_logger.xml b/modules/cryptoserver/src/dist/deploy/00_logger.xml new file mode 100644 index 0000000000..290f1476a2 --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/00_logger.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/modules/cryptoserver/src/dist/deploy/02_logback.xml b/modules/cryptoserver/src/dist/deploy/02_logback.xml new file mode 100644 index 0000000000..f0ef39d60c --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/02_logback.xml @@ -0,0 +1,3 @@ + + + diff --git a/modules/cryptoserver/src/dist/deploy/25_crypto_service.xml b/modules/cryptoserver/src/dist/deploy/25_crypto_service.xml new file mode 100644 index 0000000000..3355345301 --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/25_crypto_service.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/modules/cryptoserver/src/dist/deploy/30_cryptoserver_txnmgr.xml b/modules/cryptoserver/src/dist/deploy/30_cryptoserver_txnmgr.xml new file mode 100644 index 0000000000..6239fd5443 --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/30_cryptoserver_txnmgr.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Encrypt", + "description": "Encrypt command", + "type": "object", + "properties": { + "text": { + "type": "string" + } + }, + "additionalProperties" : false, + "required": [ "text" ] + } + + + + + + + + + + + { + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Decrypt", + "description": "Decrypt command", + "type": "object", + "properties": { + "kid": { + "type": "string" + }, + "cryptogram": { + "type": "string" + } + }, + "additionalProperties" : false, + "required": [ "kid", "cryptogram" ] + } + + + + + + + + diff --git a/modules/cryptoserver/src/dist/deploy/50_qrest.xml b/modules/cryptoserver/src/dist/deploy/50_qrest.xml new file mode 100644 index 0000000000..bfa5124b10 --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/50_qrest.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/modules/cryptoserver/src/dist/deploy/99_sysmon.xml b/modules/cryptoserver/src/dist/deploy/99_sysmon.xml new file mode 100644 index 0000000000..9404242860 --- /dev/null +++ b/modules/cryptoserver/src/dist/deploy/99_sysmon.xml @@ -0,0 +1,7 @@ + + + 3600000 + true + + + diff --git a/modules/cryptoserver/src/dist/log/q2.log b/modules/cryptoserver/src/dist/log/q2.log new file mode 100644 index 0000000000..e69de29bb2 diff --git a/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Decrypt.java b/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Decrypt.java new file mode 100644 index 0000000000..e2d94c39aa --- /dev/null +++ b/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Decrypt.java @@ -0,0 +1,81 @@ +/* + * jPOS Project [http://jpos.org] + * Copyright (C) 2000-2018 jPOS Software SRL + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package org.jpos.cryptoserver.participant; + +import java.io.Serializable; +import java.util.*; + +import com.fasterxml.jackson.databind.ObjectMapper; +import io.netty.handler.codec.http.*; +import io.netty.util.CharsetUtil; +import org.jpos.core.Configurable; +import org.jpos.core.Configuration; +import org.jpos.core.ConfigurationException; +import org.jpos.crypto.CryptoService; +import org.jpos.qrest.Mapper; +import org.jpos.qrest.Response; +import org.jpos.transaction.Context; +import org.jpos.transaction.TransactionParticipant; +import org.jpos.util.NameRegistrar; + +import static org.jpos.qrest.Constants.REQUEST; +import static org.jpos.qrest.Constants.RESPONSE; + +public class Decrypt implements TransactionParticipant, Configurable { + private CryptoService cs; + private static ObjectMapper mapper = Mapper.getMapper(); + private static Base64.Decoder decoder = Base64.getDecoder(); + private static UUID jobId = UUID.randomUUID(); + + @Override + public int prepare(long id, Serializable context) { + Context ctx = (Context) context; + if (cs.isLocked()) { + ctx.put (RESPONSE, new Response(HttpResponseStatus.SERVICE_UNAVAILABLE, "Service unavailable - unlock required")); + return FAIL; + } + + FullHttpRequest request = ctx.get(REQUEST); + try { + String jsonStr = request.content().toString(CharsetUtil.UTF_8); + ctx.log (jsonStr); + @SuppressWarnings("unchecked") + Map m = (Map) mapper.readValue(jsonStr, Map.class); + UUID keyId = UUID.fromString(m.get("kid")); + byte[] encoded = decoder.decode(m.get("cryptogram")); + byte[] b = cs.aesDecrypt(jobId, keyId, encoded); + Map r = new LinkedHashMap<>(); + r.put ("text", new String(b)); + Response response = new Response(HttpResponseStatus.OK, r); + ctx.put(RESPONSE, response); + } catch (Exception e) { + ctx.log(e); + return FAIL; + } + return PREPARED | NO_JOIN | READONLY; + } + + public void setConfiguration (Configuration cfg) throws ConfigurationException { + try { + cs = NameRegistrar.get(cfg.get("crypto-service", "crypto-service")); + } catch (NameRegistrar.NotFoundException e) { + throw new ConfigurationException(e.getMessage()); + } + } +} diff --git a/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Encrypt.java b/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Encrypt.java new file mode 100644 index 0000000000..da1441e007 --- /dev/null +++ b/modules/cryptoserver/src/main/java/org/jpos/cryptoserver/participant/Encrypt.java @@ -0,0 +1,78 @@ +/* + * jPOS Project [http://jpos.org] + * Copyright (C) 2000-2018 jPOS Software SRL + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package org.jpos.cryptoserver.participant; + +import java.io.IOException; +import java.io.Serializable; +import java.util.*; + +import com.fasterxml.jackson.databind.ObjectMapper; +import io.netty.handler.codec.http.*; +import io.netty.util.CharsetUtil; +import org.jpos.core.Configurable; +import org.jpos.core.Configuration; +import org.jpos.core.ConfigurationException; +import org.jpos.crypto.CryptoService; +import org.jpos.crypto.SecureData; +import org.jpos.qrest.Mapper; +import org.jpos.qrest.Response; +import org.jpos.transaction.Context; +import org.jpos.transaction.TransactionParticipant; +import org.jpos.util.NameRegistrar; + +import static org.jpos.qrest.Constants.REQUEST; +import static org.jpos.qrest.Constants.RESPONSE; + +public class Encrypt implements TransactionParticipant, Configurable { + private CryptoService cs; + private static ObjectMapper mapper = Mapper.getMapper(); + private static Base64.Encoder encoder = Base64.getEncoder(); + + @Override + public int prepare(long id, Serializable context) { + Context ctx = (Context) context; + FullHttpRequest request = ctx.get(REQUEST); + try { + String jsonStr = request.content().toString(CharsetUtil.UTF_8); + ctx.log (jsonStr); + @SuppressWarnings("unchecked") + Map m = (Map) mapper.readValue(jsonStr, Map.class); + + SecureData sd = cs.aesEncrypt(m.get("text").getBytes()); + + Map r = new LinkedHashMap<>(); + r.put ("kid", sd.getId()); + r.put ("cryptogram", encoder.encodeToString(sd.getEncoded())); + Response response = new Response(HttpResponseStatus.OK, r); + ctx.put(RESPONSE, response); + } catch (Exception e) { + ctx.log(e); + return FAIL; + } + return PREPARED | NO_JOIN | READONLY; + } + + public void setConfiguration (Configuration cfg) throws ConfigurationException { + try { + cs = NameRegistrar.get(cfg.get("crypto-service", "crypto-service")); + } catch (NameRegistrar.NotFoundException e) { + throw new ConfigurationException(e.getMessage()); + } + } +} diff --git a/settings.gradle b/settings.gradle index ac354b2fc7..86856c2931 100644 --- a/settings.gradle +++ b/settings.gradle @@ -36,7 +36,8 @@ include ':modules:core', ':modules:binlog', ':modules:binlog-quartz', ':modules:cryptoservice', - ':modules:qrest' + ':modules:qrest', + ':modules:cryptoserver' rootProject.name = 'jposee'