List of usage examples for javax.crypto KeyGenerator init
public final void init(int keysize)
From source file:org.openintents.safe.CryptoHelper.java
/** * encrypt a string using a random session key * * @param plaintext/* w w w.ja v a2 s . com*/ * @return encrypted String * @throws Exception * @author Peli */ public String encryptWithSessionKey(String plaintext) throws CryptoHelperException { if (debug) { Log.i(TAG, "Encrypt with session key"); } status = false; // assume failure if (password == null) { String msg = "Must call setPassword before runing encrypt."; throw new CryptoHelperException(msg); } byte[] cipherSessionKey = {}; byte[] ciphertext = {}; // First create a session key SecretKey sessionKey = null; byte[] sessionKeyEncoded = null; String sessionKeyString = null; try { KeyGenerator keygen; keygen = KeyGenerator.getInstance("AES"); keygen.init(256); // needs 96 bytes //keygen.init(128); // needs 64 bytes sessionKey = keygen.generateKey(); sessionKeyEncoded = sessionKey.getEncoded(); sessionKeyString = new String(sessionKeyEncoded); } catch (NoSuchAlgorithmException e) { Log.e(TAG, "generateMasterKey(): " + e.toString()); } // Convert this to a Pbe key PBEKeySpec sessionPbeKeySpec = new PBEKeySpec(sessionKeyString.toCharArray()); SecretKey sessionPbeKey = null; try { sessionPbeKey = keyFac.generateSecret(sessionPbeKeySpec); } catch (InvalidKeySpecException e) { Log.e(TAG, "setPassword(): " + e.toString()); } // Encrypt the session key using the master key try { pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); cipherSessionKey = pbeCipher.doFinal(sessionKeyEncoded); } catch (IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException | InvalidKeyException e) { Log.e(TAG, "encryptWithSessionKey(): " + e.toString()); } // Now encrypt the text using the session key try { pbeCipher.init(Cipher.ENCRYPT_MODE, sessionPbeKey, pbeParamSpec); ciphertext = pbeCipher.doFinal(plaintext.getBytes()); status = true; } catch (IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException | InvalidKeyException e) { Log.e(TAG, "encryptWithSessionKey2(): " + e.toString()); } String stringCipherVersion = "A"; String stringCipherSessionKey = toHexString(cipherSessionKey); String stringCiphertext = toHexString(ciphertext); if (debug) { Log.i(TAG, "Length: " + stringCipherSessionKey.length() + ", " + stringCipherSessionKey); } StringBuilder sb = new StringBuilder( stringCipherVersion.length() + stringCipherSessionKey.length() + stringCiphertext.length()); sb.append(stringCipherVersion); sb.append(stringCipherSessionKey); sb.append(stringCiphertext); return sb.toString(); }
From source file:org.apache.ws.security.message.WSEncryptBody.java
private KeyGenerator getKeyGenerator() throws WSSecurityException { KeyGenerator keyGen = null; try {/*from w w w .j a va2 s. c om*/ /* * Assume AES as default, so initialize it */ keyGen = KeyGenerator.getInstance("AES"); if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) { keyGen = KeyGenerator.getInstance("DESede"); } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) { keyGen.init(128); } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) { keyGen.init(192); } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) { keyGen.init(256); } else { return null; } } catch (NoSuchAlgorithmException e) { throw new WSSecurityException(WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e); } return keyGen; }
From source file:org.openintents.safe.CryptoHelper.java
/** * encrypt a file using a random session key * * @param contentResolver is used to be able to read the stream * @param fileUri is the stream or file to read from * @return Uri to the created plaintext file * @throws Exception//w w w . j a va 2s .c o m * @author Peli */ public Uri encryptFileWithSessionKey(ContentResolver contentResolver, Uri fileUri) throws CryptoHelperException { if (debug) { Log.d(TAG, "Encrypt with session key"); } status = false; // assume failure if (password == null) { String msg = "Must call setPassword before runing encrypt."; throw new CryptoHelperException(msg); } String outputPath = ""; try { InputStream is; if (fileUri.getScheme().equals("file")) { is = new java.io.FileInputStream(fileUri.getPath()); outputPath = fileUri.getPath() + OISAFE_EXTENSION; } else { is = contentResolver.openInputStream(fileUri); outputPath = getTemporaryFileName(); } FileOutputStream os = new FileOutputStream(outputPath); byte[] cipherSessionKey = {}; // byte[] ciphertext = {}; // First create a session key SecretKey sessionKey = null; byte[] sessionKeyEncoded = null; // String sessionKeyString = null; try { KeyGenerator keygen; keygen = KeyGenerator.getInstance("AES"); keygen.init(256); // needs 96 bytes //keygen.init(128); // needs 64 bytes sessionKey = keygen.generateKey(); sessionKeyEncoded = sessionKey.getEncoded(); // sessionKeyString = new String(sessionKeyEncoded); } catch (NoSuchAlgorithmException e) { Log.e(TAG, "generateMasterKey(): " + e.toString()); return null; } // Encrypt the session key using the master key try { pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); cipherSessionKey = pbeCipher.doFinal(sessionKeyEncoded); status = true; } catch (IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException | InvalidKeyException e) { Log.e(TAG, "encryptWithSessionKey(): " + e.toString()); } if (!status) { return null; } status = false; String stringCipherVersion = "A"; byte[] bytesCipherVersion = stringCipherVersion.getBytes(); os.write(bytesCipherVersion, 0, bytesCipherVersion.length); os.write(cipherSessionKey, 0, cipherSessionKey.length); if (debug) { Log.d(TAG, "bytesCipherVersion.length: " + bytesCipherVersion.length); } if (debug) { Log.d(TAG, "cipherSessionKey.length: " + cipherSessionKey.length); } Trivium tri = new Trivium(); try { tri.setupKey(Trivium.MODE_ENCRYPT, sessionKeyEncoded, 0); tri.setupNonce(sessionKeyEncoded, 10); // Create the byte array to hold the data final int bytesLen = 4096; // buffer length byte[] bytesIn = new byte[bytesLen]; byte[] bytesOut = new byte[bytesLen]; int offset = 0; int numRead = 0; while ((numRead = is.read(bytesIn, 0, bytesLen)) >= 0) { tri.process(bytesIn, 0, bytesOut, 0, numRead); os.write(bytesOut, 0, numRead); offset += numRead; } // Ensure all the bytes have been read in if (offset < is.available()) { throw new IOException("Could not completely read file "); } // Close the input stream and return bytes is.close(); os.close(); // Securely delete the original file: SecureDelete.delete(new File(fileUri.getPath())); status = true; } catch (ESJException e) { Log.e(TAG, "Error encrypting file", e); } } catch (FileNotFoundException e) { Log.e(TAG, "File not found", e); } catch (IOException e) { Log.e(TAG, "IO Exception", e); } if (status == false) { return null; } return Uri.fromFile(new File(outputPath)); //Uri.parse("file://" + outputPath); // TODO: UUEncode }
From source file:org.apache.hadoop.mapreduce.JobSubmitter.java
/** * Internal method for submitting jobs to the system. * //from w w w.ja v a 2 s. c om * <p>The job submission process involves: * <ol> * <li> * Checking the input and output specifications of the job. * </li> * <li> * Computing the {@link InputSplit}s for the job. * </li> * <li> * Setup the requisite accounting information for the * {@link DistributedCache} of the job, if necessary. * </li> * <li> * Copying the job's jar and configuration to the map-reduce system * directory on the distributed file-system. * </li> * <li> * Submitting the job to the <code>JobTracker</code> and optionally * monitoring it's status. * </li> * </ol></p> * @param job the configuration to submit * @param cluster the handle to the Cluster * @throws ClassNotFoundException * @throws InterruptedException * @throws IOException */ JobStatus submitJobInternal(Job job, Cluster cluster) throws ClassNotFoundException, InterruptedException, IOException { //validate the jobs output specs checkSpecs(job); Configuration conf = job.getConfiguration(); addMRFrameworkToDistributedCache(conf); Path jobStagingArea = JobSubmissionFiles.getStagingDir(cluster, conf); //configure the command line options correctly on the submitting dfs InetAddress ip = InetAddress.getLocalHost(); if (ip != null) { submitHostAddress = ip.getHostAddress(); submitHostName = ip.getHostName(); conf.set(MRJobConfig.JOB_SUBMITHOST, submitHostName); conf.set(MRJobConfig.JOB_SUBMITHOSTADDR, submitHostAddress); } JobID jobId = submitClient.getNewJobID(); job.setJobID(jobId); Path submitJobDir = new Path(jobStagingArea, jobId.toString()); JobStatus status = null; try { conf.set(MRJobConfig.USER_NAME, UserGroupInformation.getCurrentUser().getShortUserName()); conf.set("hadoop.http.filter.initializers", "org.apache.hadoop.yarn.server.webproxy.amfilter.AmFilterInitializer"); conf.set(MRJobConfig.MAPREDUCE_JOB_DIR, submitJobDir.toString()); LOG.debug("Configuring job " + jobId + " with " + submitJobDir + " as the submit dir"); // get delegation token for the dir TokenCache.obtainTokensForNamenodes(job.getCredentials(), new Path[] { submitJobDir }, conf); populateTokenCache(conf, job.getCredentials()); // generate a secret to authenticate shuffle transfers if (TokenCache.getShuffleSecretKey(job.getCredentials()) == null) { KeyGenerator keyGen; try { int keyLen = CryptoUtils.isShuffleEncrypted(conf) ? conf.getInt(MRJobConfig.MR_ENCRYPTED_INTERMEDIATE_DATA_KEY_SIZE_BITS, MRJobConfig.DEFAULT_MR_ENCRYPTED_INTERMEDIATE_DATA_KEY_SIZE_BITS) : SHUFFLE_KEY_LENGTH; keyGen = KeyGenerator.getInstance(SHUFFLE_KEYGEN_ALGORITHM); keyGen.init(keyLen); } catch (NoSuchAlgorithmException e) { throw new IOException("Error generating shuffle secret key", e); } SecretKey shuffleKey = keyGen.generateKey(); TokenCache.setShuffleSecretKey(shuffleKey.getEncoded(), job.getCredentials()); } copyAndConfigureFiles(job, submitJobDir); Path submitJobFile = JobSubmissionFiles.getJobConfPath(submitJobDir); // Create the splits for the job LOG.debug("Creating splits at " + jtFs.makeQualified(submitJobDir)); int maps = writeSplits(job, submitJobDir); conf.setInt(MRJobConfig.NUM_MAPS, maps); LOG.info("number of splits:" + maps); // write "queue admins of the queue to which job is being submitted" // to job file. String queue = conf.get(MRJobConfig.QUEUE_NAME, JobConf.DEFAULT_QUEUE_NAME); AccessControlList acl = submitClient.getQueueAdmins(queue); conf.set(toFullPropertyName(queue, QueueACL.ADMINISTER_JOBS.getAclName()), acl.getAclString()); // removing jobtoken referrals before copying the jobconf to HDFS // as the tasks don't need this setting, actually they may break // because of it if present as the referral will point to a // different job. TokenCache.cleanUpTokenReferral(conf); if (conf.getBoolean(MRJobConfig.JOB_TOKEN_TRACKING_IDS_ENABLED, MRJobConfig.DEFAULT_JOB_TOKEN_TRACKING_IDS_ENABLED)) { // Add HDFS tracking ids ArrayList<String> trackingIds = new ArrayList<String>(); for (Token<? extends TokenIdentifier> t : job.getCredentials().getAllTokens()) { trackingIds.add(t.decodeIdentifier().getTrackingId()); } conf.setStrings(MRJobConfig.JOB_TOKEN_TRACKING_IDS, trackingIds.toArray(new String[trackingIds.size()])); } // Set reservation info if it exists ReservationId reservationId = job.getReservationId(); if (reservationId != null) { conf.set(MRJobConfig.RESERVATION_ID, reservationId.toString()); } // Write job file to submit dir writeConf(conf, submitJobFile); Limits.reset(conf); // // Now, actually submit the job (using the submit name) // printTokens(jobId, job.getCredentials()); status = submitClient.submitJob(jobId, submitJobDir.toString(), job.getCredentials()); if (status != null) { return status; } else { throw new IOException("Could not launch job"); } } finally { if (status == null) { LOG.info("Cleaning up the staging area " + submitJobDir); if (jtFs != null && submitJobDir != null) jtFs.delete(submitJobDir, true); } } }
From source file:com.feilong.tools.security.symmetric.SymmetricEncryption.java
/** * ?.//from w w w . j a v a 2s .co m * * @param _keyString * * @return Key * @throws NoSuchAlgorithmException * the no such algorithm exception * @see <a href="http://blog.csdn.net/hbcui1984/article/details/5753083">Linux?AES</a> * @see KeyGenerator * @see SecureRandom */ private Key getKey(String _keyString) throws NoSuchAlgorithmException { // KeyGenerator ????????? KeyGenerator ?? KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm); // SHA1PRNG: It is just ensuring the random number generated is as close to "truly random" as possible. // Easily guessable random numbers break encryption. // ???? (RNG) ??? //TODO SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); // SecureRandom??getInstance?setSeed // :windowslinux? // javax.crypto.BadPaddingException: Given final block not properly padded secureRandom.setSeed(_keyString.getBytes()); keyGenerator.init(secureRandom); Key _key = keyGenerator.generateKey(); keyGenerator = null; return _key; }
From source file:com.mirth.connect.server.controllers.DefaultConfigurationController.java
/** * Instantiates the encryptor and digester using the configuration properties. If the properties * are not found, reasonable defaults are used. * /* ww w . j av a 2 s. c om*/ * @param provider * The provider to use (ex. BC) * @param keyStore * The keystore from which to load the secret encryption key * @param keyPassword * The secret key password * @throws Exception */ private void configureEncryption(Provider provider, KeyStore keyStore, char[] keyPassword) throws Exception { SecretKey secretKey = null; if (!keyStore.containsAlias(SECRET_KEY_ALIAS)) { logger.debug("encryption key not found, generating new one"); KeyGenerator keyGenerator = KeyGenerator.getInstance(encryptionConfig.getEncryptionAlgorithm(), provider); keyGenerator.init(encryptionConfig.getEncryptionKeyLength()); secretKey = keyGenerator.generateKey(); KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(secretKey); keyStore.setEntry(SECRET_KEY_ALIAS, entry, new KeyStore.PasswordProtection(keyPassword)); } else { logger.debug("found encryption key in keystore"); secretKey = (SecretKey) keyStore.getKey(SECRET_KEY_ALIAS, keyPassword); } /* * Now that we have a secret key, store it in the encryption settings so that we can use it * to encryption things client side. */ encryptionConfig.setSecretKey(secretKey.getEncoded()); encryptor = new KeyEncryptor(); encryptor.setProvider(provider); encryptor.setKey(secretKey); encryptor.setFormat(Output.BASE64); digester = new Digester(); digester.setProvider(provider); digester.setAlgorithm(encryptionConfig.getDigestAlgorithm()); digester.setFormat(Output.BASE64); }
From source file:org.apache.hadoop.mapreduce.v2.app.MRAppMaster.java
/** * Obtain the tokens needed by the job and put them in the UGI * @param conf// w w w. j av a2 s . co m */ protected void initJobCredentialsAndUGI(Configuration conf) { try { this.currentUser = UserGroupInformation.getCurrentUser(); this.jobCredentials = ((JobConf) conf).getCredentials(); if (CryptoUtils.isEncryptedSpillEnabled(conf)) { int keyLen = conf.getInt(MRJobConfig.MR_ENCRYPTED_INTERMEDIATE_DATA_KEY_SIZE_BITS, MRJobConfig.DEFAULT_MR_ENCRYPTED_INTERMEDIATE_DATA_KEY_SIZE_BITS); KeyGenerator keyGen = KeyGenerator.getInstance(INTERMEDIATE_DATA_ENCRYPTION_ALGO); keyGen.init(keyLen); encryptedSpillKey = keyGen.generateKey().getEncoded(); } else { encryptedSpillKey = new byte[] { 0 }; } } catch (IOException e) { throw new YarnRuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new YarnRuntimeException(e); } }
From source file:com.datatorrent.lib.io.fs.AbstractFileOutputOperatorTest.java
@Test public void testChainFilters() throws NoSuchAlgorithmException, IOException { EvenOddHDFSExactlyOnceWriter writer = new EvenOddHDFSExactlyOnceWriter(); KeyGenerator keygen = KeyGenerator.getInstance("AES"); keygen.init(128); final SecretKey secretKey = keygen.generateKey(); byte[] iv = "TestParam16bytes".getBytes(); final IvParameterSpec ivps = new IvParameterSpec(iv); FilterStreamProvider.FilterChainStreamProvider<FilterOutputStream, OutputStream> chainStreamProvider = new FilterStreamProvider.FilterChainStreamProvider<FilterOutputStream, OutputStream>(); chainStreamProvider.addStreamProvider(new FilterStreamCodec.GZipFilterStreamProvider()); // The filter is to keep track of the offsets to handle multi member gzip issue with openjdk // http://bugs.java.com/bugdatabase/view_bug.do?bug_id=4691425 final CounterFilterStreamContext evenCounterContext = new CounterFilterStreamContext(); final CounterFilterStreamContext oddCounterContext = new CounterFilterStreamContext(); chainStreamProvider.addStreamProvider( new FilterStreamProvider.SimpleFilterReusableStreamProvider<CounterFilterOutputStream, OutputStream>() { @Override// w ww. j a v a2 s . c o m protected FilterStreamContext<CounterFilterOutputStream> createFilterStreamContext( OutputStream outputStream) throws IOException { if (evenCounterContext.isDoInit()) { evenCounterContext.init(outputStream); return evenCounterContext; } else { oddCounterContext.init(outputStream); return oddCounterContext; } } }); chainStreamProvider.addStreamProvider( new FilterStreamProvider.SimpleFilterReusableStreamProvider<CipherOutputStream, OutputStream>() { @Override protected FilterStreamContext<CipherOutputStream> createFilterStreamContext( OutputStream outputStream) throws IOException { try { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivps); return new FilterStreamCodec.CipherFilterStreamContext(outputStream, cipher); } catch (Exception e) { throw new IOException(e); } } }); writer.setFilterStreamProvider(chainStreamProvider); File evenFile = new File(testMeta.getDir(), EVEN_FILE); File oddFile = new File(testMeta.getDir(), ODD_FILE); List<Long> evenOffsets = new ArrayList<Long>(); List<Long> oddOffsets = new ArrayList<Long>(); writer.setFilePath(testMeta.getDir()); writer.setAlwaysWriteToTmp(false); writer.setup(testMeta.testOperatorContext); for (int i = 0; i < 10; ++i) { writer.beginWindow(i); for (int j = 0; j < 1000; ++j) { writer.input.put(i); } writer.endWindow(); if ((i % 2) == 1) { writer.beforeCheckpoint(i); evenOffsets.add(evenCounterContext.getCounter()); oddOffsets.add(oddCounterContext.getCounter()); } } writer.teardown(); /* evenOffsets.add(evenFile.length()); oddOffsets.add(oddFile.length()); */ checkCompressedFile(evenFile, evenOffsets, 0, 5, 1000, secretKey, iv); checkCompressedFile(oddFile, oddOffsets, 1, 5, 1000, secretKey, iv); }
From source file:org.geoserver.security.GeoServerSecurityManager.java
/** * Determines if strong encryption is available. * <p>//from ww w. ja va 2 s. c o m * This method does the determination by trying to encrypt a value with AES 256 Bit encryption. * </p> * * @return True if strong encryption avaialble, otherwise false. */ public boolean isStrongEncryptionAvailable() { if (strongEncryptionAvaialble != null) return strongEncryptionAvaialble; KeyGenerator kgen; try { kgen = KeyGenerator.getInstance("AES"); kgen.init(256); SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); cipher.doFinal("This is just an example".getBytes()); strongEncryptionAvaialble = true; LOGGER.info("Strong cryptograhpy is available"); } catch (InvalidKeyException e) { strongEncryptionAvaialble = false; LOGGER.warning("Strong cryptograhpy is NOT available" + "\nDownload and install of policy files recommended" + "\nfrom http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html"); } catch (Exception ex) { LOGGER.log(Level.WARNING, "Strong cryptograhpy is NOT available, unexpected error", ex); strongEncryptionAvaialble = false; //should not happen } return strongEncryptionAvaialble; }