Getting EncryptedData out from Identity Manager 7.1

Was working with a client wanting to do bulk imports with Sun Identity Manager 7.1 Service Provider Edition. They wanted to speed up User Provisioning by creating an LDIF to import direct into their Directory Instance, and not use the SPML interface and could not figure out how to encrypt the secret answers so that Identity Manager could decrypt them.

It seemed a good challenge and would through in some learning to boot, so I decided to try and reverse engineer the code. JAD helped a lot there, and soon enough I discovered the secrets to how the Encryption mechanism worked and quickly discovered that I would need to create a copy of a known class, and get 2 XML objects from the data store.

The class in question was com.waveset.security.authn.ServerKeyStoreand the 2 XML objects needed where

  1. The Current Encryption Key being used
  2. The Miscellaneous object

The reason as to why ServerKeyStore was rewritten is due to the original code trying to connect to the Repository to get the necessary XML objects. The replacement code has these objects set manually, and therefore overrides allows me to fool the EncryptData class into using the values I have gained.

The Current EncryptionKey object holds an encrypted value using the PBEWithMD5AndDES cipher, and the Miscellaneous object holds Key to the Encryption Key. The EncryptionKey is pretty easy to import, as it can take a String to instantiate, Miscellaneous requires you to convert to an XML DOM and then extract an Element to use to instantiate itself.

The code is below, and there is an example given which should return dixon.

A lot of this could be changed to get the data directly from the Database, but for ease of use I have extracted the details manually.

[sourcecode language='java']
package com.darkedges.data;

import java.lang.reflect.InvocationTargetException;

import com.waveset.util.EncryptedData;
import com.waveset.util.WavesetException;

public class EncryptData {

	public static void main(String[] args) throws SecurityException,
			NoSuchMethodException, IllegalArgumentException,
			IllegalAccessException, InvocationTargetException, WavesetException {
		try {
			EncryptedData data = new EncryptedData();
			data
					.fromString("753B4AA4FD8AC224:-3951121B:11B967AC1B9:-7FFC|5DUTsMglZvA=");
			System.out.println(data.decryptToString());
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
}
[/sourcecode]
[sourcecode language='java']
package com.waveset.security.authn;

import java.io.IOException;
import java.io.StringReader;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

import com.waveset.object.EncryptionKey;
import com.waveset.object.Miscellaneous;
import com.waveset.util.EncryptedData;
import com.waveset.util.Encryptor;
import com.waveset.util.WavesetException;

public class ServerKeyStore {
	private static EncryptionKey ek;
	private static Miscellaneous misc;
	private static byte _keyEncryptionKey[];
	static {
		try {
			ek = new EncryptionKey(
					"");
			misc = getMiscData();
		} catch (WavesetException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ParserConfigurationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SAXException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		;

	}

	public ServerKeyStore() {
	}

	public static void getKey(String keyId) throws WavesetException {
		EncryptedData.setKey(getKeyBytes(keyId));
	}

	private static byte[] getKeyBytes(String keyId) throws WavesetException {
		return ek.getValue().decrypt();
	}

	public static String getCurrentKeyId() throws WavesetException {
		return ek.getName();
	}

	public static void getKeyEncryptionKey() throws WavesetException {
		EncryptedData
				.setKeyEncryptionKey(Encryptor.generateKey("PBEWithMD5AndDES", misc.getData().decryptToString()));
	}

	public static Miscellaneous getMiscData() throws ParserConfigurationException,
			SAXException, IOException, WavesetException {
		String xml = "";
		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
		DocumentBuilder db = factory.newDocumentBuilder();
		InputSource inStream = new InputSource();

		inStream.setCharacterStream(new StringReader(xml));
		Document doc = db.parse(inStream);
		NodeList nodeList = doc.getElementsByTagName("Miscellaneous");
		Element element = (org.w3c.dom.Element) nodeList.item(0);
		return new Miscellaneous(element);
	}
}
[/sourcecode]
Loading Google+ Comments ...