Skip to content

Commit

Permalink
Check if supported crypto key length is > 128 (security policy adopte…
Browse files Browse the repository at this point in the history
…d in Oracel JDK)
  • Loading branch information
ManfredKarrer committed Oct 19, 2016
1 parent 9a3cc19 commit 2f5c1a9
Show file tree
Hide file tree
Showing 7 changed files with 74 additions and 52 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/*
* This file is part of Bitsquare.
*
* Bitsquare is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Bitsquare is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Bitsquare. If not, see <http://www.gnu.org/licenses/>.
*/

package io.bitsquare.common.util;

public class LimitedKeyStrengthException extends Exception {
public LimitedKeyStrengthException() {
super("Default crypto policy has not been changed. Only weak keys with length 128 are allowed by the default policy.");
}
}
47 changes: 7 additions & 40 deletions common/src/main/java/io/bitsquare/common/util/Utilities.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,13 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.crypto.Cipher;
import java.awt.*;
import java.io.*;
import java.lang.reflect.Field;
import java.net.URI;
import java.net.URLConnection;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.NoSuchAlgorithmException;
import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.*;

Expand Down Expand Up @@ -408,42 +406,11 @@ public boolean shouldSkipClass(Class<?> clazz) {
}
}

// See: https://stackoverflow.com/questions/1179672/how-to-avoid-installing-unlimited-strength-jce-policy-files-when-deploying-an
public static void removeCryptographyRestrictions() {
if (!isRestrictedCryptography()) {
log.debug("Cryptography restrictions removal not needed");
return;
}
try {
final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");

final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");
isRestrictedField.setAccessible(true);
isRestrictedField.set(null, false);

final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
defaultPolicyField.setAccessible(true);
final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null);

final Field perms = cryptoPermissions.getDeclaredField("perms");
perms.setAccessible(true);
((Map<?, ?>) perms.get(defaultPolicy)).clear();

final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
instance.setAccessible(true);
defaultPolicy.add((Permission) instance.get(null));

log.debug("Successfully removed cryptography restrictions");
} catch (Exception e) {
log.warn("Failed to remove cryptography restrictions", e);
}
}

public static boolean isRestrictedCryptography() {
// This simply matches the Oracle JRE, but not OpenJDK.
return "Java(TM) SE Runtime Environment".equals(System.getProperty("java.runtime.name"));
public static void checkCryptoPolicySetup() throws NoSuchAlgorithmException, LimitedKeyStrengthException {
if (Cipher.getMaxAllowedKeyLength("AES") > 128)
log.debug("Congratulations, you have unlimited key length support!");
else
throw new LimitedKeyStrengthException();
}

public static String toTruncatedString(Object message, int maxLenght) {
Expand Down
15 changes: 11 additions & 4 deletions gui/src/main/java/io/bitsquare/app/BitsquareApp.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import io.bitsquare.common.CommonOptionKeys;
import io.bitsquare.common.UserThread;
import io.bitsquare.common.handlers.ResultHandler;
import io.bitsquare.common.util.LimitedKeyStrengthException;
import io.bitsquare.common.util.Profiler;
import io.bitsquare.common.util.Utilities;
import io.bitsquare.filter.FilterManager;
Expand Down Expand Up @@ -74,6 +75,7 @@

import java.io.IOException;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
Expand Down Expand Up @@ -118,6 +120,8 @@ public void start(Stage stage) throws IOException {
UserThread.setExecutor(Platform::runLater);
UserThread.setTimerClass(UITimer.class);

shutDownHandler = this::stop;

// setup UncaughtExceptionHandler
Thread.UncaughtExceptionHandler handler = (thread, throwable) -> {
// Might come from another thread
Expand All @@ -136,12 +140,15 @@ public void start(Stage stage) throws IOException {
Thread.setDefaultUncaughtExceptionHandler(handler);
Thread.currentThread().setUncaughtExceptionHandler(handler);

if (Utilities.isRestrictedCryptography())
Utilities.removeCryptographyRestrictions();
try {
Utilities.checkCryptoPolicySetup();
} catch (NoSuchAlgorithmException | LimitedKeyStrengthException e) {
e.printStackTrace();
UserThread.execute(() -> showErrorPopup(e, true));
}

Security.addProvider(new BouncyCastleProvider());

shutDownHandler = this::stop;

try {
// Guice
bitsquareAppModule = new BitsquareAppModule(env, primaryStage);
Expand Down
10 changes: 8 additions & 2 deletions headless/src/main/java/io/bitsquare/headless/Headless.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import io.bitsquare.common.CommonOptionKeys;
import io.bitsquare.common.UserThread;
import io.bitsquare.common.handlers.ResultHandler;
import io.bitsquare.common.util.LimitedKeyStrengthException;
import io.bitsquare.common.util.Utilities;
import io.bitsquare.p2p.P2PService;
import io.bitsquare.p2p.P2PServiceListener;
Expand All @@ -25,6 +26,7 @@
import org.springframework.core.env.Environment;

import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Security;

public class Headless {
Expand Down Expand Up @@ -66,8 +68,12 @@ public Headless() {
Thread.setDefaultUncaughtExceptionHandler(handler);
Thread.currentThread().setUncaughtExceptionHandler(handler);

if (Utilities.isRestrictedCryptography())
Utilities.removeCryptographyRestrictions();
try {
Utilities.checkCryptoPolicySetup();
} catch (NoSuchAlgorithmException | LimitedKeyStrengthException e) {
e.printStackTrace();
UserThread.execute(this::shutDown);
}
Security.addProvider(new BouncyCastleProvider());


Expand Down
10 changes: 8 additions & 2 deletions monitor/src/main/java/io/bitsquare/monitor/Monitor.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import io.bitsquare.common.CommonOptionKeys;
import io.bitsquare.common.UserThread;
import io.bitsquare.common.handlers.ResultHandler;
import io.bitsquare.common.util.LimitedKeyStrengthException;
import io.bitsquare.common.util.Utilities;
import io.bitsquare.p2p.P2PService;
import io.bitsquare.p2p.P2PServiceListener;
Expand All @@ -25,6 +26,7 @@
import org.springframework.core.env.Environment;

import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Security;

public class Monitor {
Expand Down Expand Up @@ -67,8 +69,12 @@ public Monitor() {
Thread.setDefaultUncaughtExceptionHandler(handler);
Thread.currentThread().setUncaughtExceptionHandler(handler);

if (Utilities.isRestrictedCryptography())
Utilities.removeCryptographyRestrictions();
try {
Utilities.checkCryptoPolicySetup();
} catch (NoSuchAlgorithmException | LimitedKeyStrengthException e) {
e.printStackTrace();
UserThread.execute(this::shutDown);
}
Security.addProvider(new BouncyCastleProvider());


Expand Down
10 changes: 8 additions & 2 deletions seednode/src/main/java/io/bitsquare/seednode/SeedNode.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import io.bitsquare.common.CommonOptionKeys;
import io.bitsquare.common.UserThread;
import io.bitsquare.common.handlers.ResultHandler;
import io.bitsquare.common.util.LimitedKeyStrengthException;
import io.bitsquare.common.util.Utilities;
import io.bitsquare.p2p.BootstrapListener;
import io.bitsquare.p2p.P2PService;
Expand All @@ -25,6 +26,7 @@
import org.springframework.core.env.Environment;

import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Security;

public class SeedNode {
Expand Down Expand Up @@ -65,8 +67,12 @@ public SeedNode() {
Thread.setDefaultUncaughtExceptionHandler(handler);
Thread.currentThread().setUncaughtExceptionHandler(handler);

if (Utilities.isRestrictedCryptography())
Utilities.removeCryptographyRestrictions();
try {
Utilities.checkCryptoPolicySetup();
} catch (NoSuchAlgorithmException | LimitedKeyStrengthException e) {
e.printStackTrace();
UserThread.execute(this::shutDown);
}
Security.addProvider(new BouncyCastleProvider());


Expand Down
10 changes: 8 additions & 2 deletions statistics/src/main/java/io/bitsquare/statistics/Statistics.java
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import io.bitsquare.common.CommonOptionKeys;
import io.bitsquare.common.UserThread;
import io.bitsquare.common.handlers.ResultHandler;
import io.bitsquare.common.util.LimitedKeyStrengthException;
import io.bitsquare.common.util.Utilities;
import io.bitsquare.locale.CurrencyUtil;
import io.bitsquare.p2p.BootstrapListener;
Expand All @@ -28,6 +29,7 @@
import org.springframework.core.env.Environment;

import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Security;

public class Statistics {
Expand Down Expand Up @@ -70,8 +72,12 @@ public Statistics() {
Thread.setDefaultUncaughtExceptionHandler(handler);
Thread.currentThread().setUncaughtExceptionHandler(handler);

if (Utilities.isRestrictedCryptography())
Utilities.removeCryptographyRestrictions();
try {
Utilities.checkCryptoPolicySetup();
} catch (NoSuchAlgorithmException | LimitedKeyStrengthException e) {
e.printStackTrace();
UserThread.execute(this::shutDown);
}
Security.addProvider(new BouncyCastleProvider());


Expand Down

0 comments on commit 2f5c1a9

Please sign in to comment.