View Javadoc
1   /**
2    * This Source Code Form is subject to the terms of the Mozilla Public
3    * License, v. 2.0. If a copy of the MPL was not distributed with this
4    * file, You can obtain one at http://mozilla.org/MPL/2.0/.
5    *
6    * If it is not possible or desirable to put the notice in a particular
7    * file, then You may include the notice in a location (such as a LICENSE
8    * file in a relevant directory) where a recipient would be likely to look
9    * for such a notice.
10   *
11   * 
12   */
13  /*  ---------------------------------------------------------------------------
14   *  U.S. Government, Department of the Army
15   *  Army Materiel Command
16   *  Research Development Engineering Command
17   *  Communications Electronics Research Development and Engineering Center
18   *  ---------------------------------------------------------------------------
19   */
20  package org.miloss.fgsms.recryptor;
21  
22  import java.sql.*;
23  import org.miloss.fgsms.common.AES;
24  import org.miloss.fgsms.common.Constants;
25  import org.miloss.fgsms.common.Utility;
26  
27  /**
28   * This tool is a migration tool that will allow system administrator to decrypt
29   * data from one encryption and encrypt with a new one. Knowledge of both keys
30   * is required
31   *
32   * @author AO
33   */
34  public class FgsmsRecryptor {
35  
36      /**
37       * @param args the command line arguments
38       */
39      public static void main(String[] args) throws Exception {
40          new FgsmsRecryptor().Start(args);
41      }
42  
43      private void Start(String[] args) throws Exception {
44          PrintUsage();
45          GetInputData();
46          EstimateRecords();
47          ProcessConfig();
48          ProcessPerformance();
49  
50      }
51      private Connection con = null;
52      Driver d = null;
53      private String oldkey = "";
54      private String newkey = "";
55      private String databaseurl_perf = "jdbc:postgresql://localhost:5432/fgsmsPerformance";
56      private String databaseurl_config = "jdbc:postgresql://localhost:5432/fgsmsConfig";
57      private String databasedriver = "org.postgresql.Driver";
58      private String databaseusername = "fgsms";
59      private String databasepassword = "";
60  
61      private void PrintUsage() {
62          System.out.println("This tool can be used to change encryption keys used by fgsms for storing data at rest in the database.");
63          System.out.println("Prerequists: ");
64          System.out.println("\tAll fgsms servers must be stopped");
65          System.out.println("\tThe Java Crypt Extensions must be installed on this machine's JRE/JDK");
66          System.out.println("\tYou must have credentials for the database server with sufficent access writes to fgsms's Configuration and Performance databases.");
67          System.out.println("\tYou must have possess the existing key");
68          System.out.println("\tYou can provide the new key, or i can generate one for you");
69          System.out.println("\tAfter completion, the key file must be revised and all instances of fgsms.Common.jar must be replaced on all fgsms servers (agents are not affected)");
70          System.out.println("\tYou can possess the password used for fgsms's agents");
71          System.out.println("\t(Note: agents running on the fgsms server will need to have the encrypted passwords recryted.) Agents running on other machines are a different story");
72      }
73  
74      private void GetInputData() {
75          System.out.print("Enter old key: ");
76          oldkey = System.console().readLine();
77          System.out.print("Enter new key: ");
78          newkey = System.console().readLine();
79          boolean ok = true;
80          if (AES.validateKey(oldkey)) {
81              System.out.println("Old key validated");
82          } else {
83              ok = false;
84              System.out.println("Old key is invalid");
85          }
86          if (AES.validateKey(newkey)) {
87              System.out.println("New key validated");
88          } else {
89              System.out.println("New key is invalid");
90              ok = false;
91          }
92          System.out.print("Database Config URL: [" + databaseurl_config + "]: ");
93          String x = "";
94          x = System.console().readLine();
95          if (!Utility.stringIsNullOrEmpty(x)) {
96              databaseurl_config = x;
97          }
98          System.out.print("Database Perf URL: [" + databaseurl_perf + "]: ");
99          x = "";
100         x = System.console().readLine();
101         if (!Utility.stringIsNullOrEmpty(x)) {
102             databaseurl_perf = x;
103         }
104         System.out.print("Database driver: [" + databasedriver + "]: ");
105         x = System.console().readLine();
106         if (!Utility.stringIsNullOrEmpty(x)) {
107             databasedriver = x;
108         }
109         System.out.print("Database username: [" + databaseusername + "]: ");
110         x = System.console().readLine();
111         if (!Utility.stringIsNullOrEmpty(x)) {
112             databaseusername = x;
113         }
114         System.out.print("Database password: ");
115         x = System.console().readLine();
116         if (!Utility.stringIsNullOrEmpty(x)) {
117             databaseusername = x;
118         }
119 
120         if (!ok) {
121             System.exit(1);
122         }
123     }
124 
125     private void ProcessPerformance() throws Exception {
126         int x = 0;
127         Driver d = (Driver) Class.forName(databasedriver).newInstance();
128         Connection con = DriverManager.getConnection(
129                 databaseurl_perf,
130                 databaseusername, databasepassword);
131         Connection con2 = DriverManager.getConnection(
132                 databaseurl_perf,
133                 databaseusername, databasepassword);
134         PreparedStatement com = con.prepareStatement("select reportcontents,reportid from arsjobs");
135         ResultSet rs = com.executeQuery();
136         while (rs.next()) {
137             byte[] bits = rs.getBytes(1);
138             PreparedStatement com2 = con2.prepareStatement("Update arsjobs set reportcontents=? where reportid=?");
139             com2.setString(2, rs.getString(2));
140             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
141             com2.executeUpdate();
142             com2.close();
143             x++;
144         }
145 
146         com.close();
147         System.out.println("reports updated " + x);
148         x = 0;
149 
150         com = con.prepareStatement("select requestheaders,transactionid from rawdata where requestheaders is not null");
151         rs = com.executeQuery();
152         while (rs.next()) {
153             byte[] bits = rs.getBytes(1);
154             PreparedStatement com2 = con2.prepareStatement("Update rawdata set requestheaders=? where transactionid=?");
155             com2.setString(2, rs.getString(2));
156             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
157             com2.executeUpdate();
158             com2.close();
159             x++;
160         }
161         com.close();
162         System.out.println("transaction request headers" + x);
163         x = 0;
164 
165         com = con.prepareStatement("select responseheaders,transactionid from rawdata where responseheaders is not null");
166         rs = com.executeQuery();
167         while (rs.next()) {
168             byte[] bits = rs.getBytes(1);
169             PreparedStatement com2 = con2.prepareStatement("Update rawdata set responseheaders=? where transactionid=?");
170             com2.setString(2, rs.getString(2));
171             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
172             com2.executeUpdate();
173             com2.close();
174             x++;
175         }
176         com.close();
177         System.out.println("transaction responseheaders" + x);
178         x = 0;
179 
180         com = con.prepareStatement("select requestxml,transactionid from rawdata where requestxml is not null");
181         rs = com.executeQuery();
182         while (rs.next()) {
183             byte[] bits = rs.getBytes(1);
184             PreparedStatement com2 = con2.prepareStatement("Update rawdata set requestxml=? where transactionid=?");
185             com2.setString(2, rs.getString(2));
186             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
187             com2.executeUpdate();
188             com2.close();
189             x++;
190         }
191         com.close();
192         System.out.println("transaction requestxml" + x);
193         x = 0;
194 
195         com = con.prepareStatement("select responsexml,transactionid from rawdata where responsexml is not null");
196         rs = com.executeQuery();
197         while (rs.next()) {
198             byte[] bits = rs.getBytes(1);
199             PreparedStatement com2 = con2.prepareStatement("Update rawdata set responsexml=? where transactionid=?");
200             com2.setString(2, rs.getString(2));
201             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
202             com2.executeUpdate();
203             com2.close();
204             x++;
205         }
206         com.close();
207         System.out.println("transaction responsexml" + x);
208         x = 0;
209 
210         con.close();
211         con2.close();
212     }
213 
214     private void ProcessConfig() throws Exception {
215 
216         int x = 0;
217         Driver d = (Driver) Class.forName(databasedriver).newInstance();
218         Connection con = DriverManager.getConnection(
219                 databaseurl_config,
220                 databaseusername, databasepassword);
221         Connection con2 = DriverManager.getConnection(
222                 databaseurl_config,
223                 databaseusername, databasepassword);
224         PreparedStatement com = con.prepareStatement("select pwdcol, uri from bueller");
225         ResultSet rs = com.executeQuery();
226         while (rs.next()) {
227             byte[] bits = rs.getBytes(1);
228             PreparedStatement com2 = con2.prepareStatement("Update bueller set  pwdcol=? where uri=?");
229             com2.setString(2, rs.getString(2));
230             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
231             com2.executeUpdate();
232             com2.close();
233             x++;
234         }
235 
236         rs.close();
237         com.close();
238         System.out.println("bueller passwords updated " + x);
239         x = 0;
240 
241         con.prepareStatement("select * from settings where isencrypted = true");
242         rs = com.executeQuery();
243         while (rs.next()) {
244             byte[] bits = rs.getBytes("valuecol");
245             PreparedStatement com2 = con2.prepareStatement("Update settings set  valuecol=? where keycol=? and namecol=? ");
246 
247             com2.setString(2, rs.getString("keycol"));
248             com2.setString(2, rs.getString("namecol"));
249             com2.setBytes(1, AES.EN(AES.DE(new String(bits, Constants.CHARSET), oldkey), newkey).getBytes(Constants.CHARSET));
250             com2.executeUpdate();
251             com2.close();
252             x++;
253         }
254         rs.close();
255         com.close();
256         System.out.println("encrypted settings updated " + x);
257         x = 0;
258 
259         con.close();
260         con2.close();
261     }
262 
263     private void EstimateRecords() {
264     }
265 }