Example usage for javax.crypto Mac doFinal

List of usage examples for javax.crypto Mac doFinal

Introduction

In this page you can find the example usage for javax.crypto Mac doFinal.

Prototype

public final byte[] doFinal(byte[] input) throws IllegalStateException 

Source Link

Document

Processes the given array of bytes and finishes the MAC operation.

Usage

From source file:com.orange.oidc.secproxy_service.KryptoUtils.java

static String encryptJWE(byte[] bytes, Key pubRsaKey, byte[] cek) {
    // Log.d("","encryptJWE");
    try {//w  w  w .j  a  v  a 2s. co  m
        // A.2.1
        // jwe header already computed as static
        // jweProtectedHeader;

        // A.2.2 Content Encryption Key (CEK)
        if (cek == null) {
            cek = generateRandomKey(256);
        }

        // Log.d("","cek: "+bytesToHex(cek));

        // A.2.3 Key Encryption
        String jweEncrypted64 = encryptRsaB64(cek, pubRsaKey);
        // Log.d("","jweEncrypted "+jweEncrypted64 );

        // A.2.4 Initialization Vector
        byte[] iv_key = generateRandomKey(128);

        // Log.d("","jweInitVector: "+bytesToHex(iv_key));
        String jweInitVector64 = encodeB64(iv_key);
        // Log.d("","jweInitVector64 "+jweInitVector64 );

        // A.2.5 Additional Authenticated Data
        byte[] aad = jweProtectedHeader.getBytes();

        // A.2.6. Content Encryption
        Cipher encrypt = Cipher.getInstance("AES/CBC/PKCS5Padding");

        // check cek result byte array
        if (cek == null || cek.length == 0 || (cek.length % 2) != 0)
            return null;
        int keySize = cek.length / 2;
        Log.d("", "Encryption AES: " + keySize * 8);

        byte aes_key[] = new byte[keySize];
        byte hmac_key[] = new byte[keySize];

        System.arraycopy(cek, 0, hmac_key, 0, keySize);
        System.arraycopy(cek, keySize, aes_key, 0, keySize);

        // Log.d("","hmac_key: "+bytesToHex(hmac_key));
        // Log.d("","aes_key: "+bytesToHex(aes_key));

        encrypt.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(aes_key, "AES"), new IvParameterSpec(iv_key));
        byte[] cryptedBytes = encrypt.doFinal(bytes);
        String cryptedBytes64 = encodeB64(cryptedBytes);

        // compute hmac
        long al = aad.length * 8;

        // concatenate aad, iv_key, cryptedBytes and al 
        byte[] hmacData = new byte[aad.length + iv_key.length + cryptedBytes.length + 8];
        int offset = 0;
        System.arraycopy(aad, offset, hmacData, 0, aad.length);
        offset += aad.length;
        System.arraycopy(iv_key, 0, hmacData, offset, iv_key.length);
        offset += iv_key.length;
        System.arraycopy(cryptedBytes, 0, hmacData, offset, cryptedBytes.length);
        offset += cryptedBytes.length;
        ByteBuffer buffer = ByteBuffer.allocate(8);
        buffer.putLong(al);
        System.arraycopy(buffer.array(), 0, hmacData, offset, 8);

        // hmac
        Mac hmac = Mac.getInstance("HmacSHA256", "SC");
        hmac.init(new SecretKeySpec(hmac_key, "HmacSHA256"));
        byte[] hmacValue = hmac.doFinal(hmacData);

        // authentication tag
        byte[] auth_tag = Arrays.copyOf(hmacValue, 16);
        String auth_tag64 = encodeB64(auth_tag);

        // A.2.7. Complete Representation
        String finalString = jweProtectedHeader + "." + jweEncrypted64 + "." + jweInitVector64 + "."
                + cryptedBytes64 + "." + auth_tag64;

        return finalString;

    } catch (Exception e) {
        e.printStackTrace();
    }

    return null;
}

From source file:com.mastfrog.acteur.twitter.TwitterSign.java

private static String computeSignature(String baseString, String keyString)
        throws GeneralSecurityException, UnsupportedEncodingException {
    SecretKey secretKey = null;//from  ww  w .jav  a 2s  .  c o  m

    byte[] keyBytes = keyString.getBytes();
    secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");

    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(secretKey);

    byte[] text = baseString.getBytes();

    //        return new String(Base64.getEncoder().encode(mac.doFinal(text))).trim();
    return new String(Base64.encodeBase64(mac.doFinal(text))).trim();
}

From source file:com.microsoft.tfs.jni.internal.ntlm.JavaNTLM.java

private static byte[] createLm2Response(final String username, final String password, final String domain,
        final NTLMType2Message type2) throws NTLMException {
    final byte[] ntlm2Hash = ntlm2Hash(username, password, domain);
    final byte[] clientNonce = createClientNonce();

    final byte[] challenges = new byte[type2.challenge.length + clientNonce.length];
    addBytes(challenges, 0, type2.challenge);
    addBytes(challenges, type2.challenge.length, clientNonce);

    // used HMAC-MD5 on the concatenated challenges w/ the NTLMv2 hash as a
    // key/*www .  ja va 2  s .  c om*/
    byte[] hashedChallenges;
    try {
        final Mac mac = Mac.getInstance("HmacMD5"); //$NON-NLS-1$
        mac.init(new SecretKeySpec(ntlm2Hash, "HmacMD5")); //$NON-NLS-1$
        hashedChallenges = mac.doFinal(challenges);
    } catch (final Exception e) {
        LOG.error("Could not load HmacMD5 for NTLM", e); //$NON-NLS-1$
        throw new NTLMException(e.getMessage());
    }

    // concatenate the hashed challenges with the client nonce
    final byte[] lm2Response = new byte[hashedChallenges.length + clientNonce.length];
    addBytes(lm2Response, 0, hashedChallenges);
    addBytes(lm2Response, hashedChallenges.length, clientNonce);

    return lm2Response;
}

From source file:com.microsoft.tfs.jni.internal.ntlm.JavaNTLM.java

private static byte[] ntlm2Hash(final String username, final String password, final String domain)
        throws NTLMException {
    // we must get the ntlmHash here, which depends on MD4 which
    // we sneakily implemented using Cryptix's implementation
    // this is a requirement for the ntlm2 response (unlike the
    // type3 ntlm response, which may work despite having no
    // ntlm message)
    final byte[] ntlmHash = ntlmHash(password);

    // we need the username and domain concatenated
    final byte[] usernameBytes = getBytes(username.toUpperCase(), "UTF-16LE"); //$NON-NLS-1$
    final byte[] domainBytes = getBytes(domain.toUpperCase(), "UTF-16LE"); //$NON-NLS-1$

    final byte[] usernameDomainBytes = new byte[usernameBytes.length + domainBytes.length];
    int i;/*from   ww  w  .j a  v a 2 s.  co  m*/
    for (i = 0; i < usernameBytes.length; i++) {
        usernameDomainBytes[i] = usernameBytes[i];
    }
    for (int j = 0; j < domainBytes.length; j++) {
        usernameDomainBytes[i + j] = domainBytes[j];
    }

    // ntlm2 hash is created by running HMAC-MD5 on the unicode
    // username and domain (uppercased), with the ntlmHash as a
    // key
    byte[] ntlm2Hash;
    try {
        final Mac mac = Mac.getInstance("HmacMD5"); //$NON-NLS-1$
        mac.init(new SecretKeySpec(ntlmHash, "HmacMD5")); //$NON-NLS-1$
        ntlm2Hash = mac.doFinal(usernameDomainBytes);
    } catch (final Exception e) {
        LOG.error("Could not load HmacMD5 for NTLM", e); //$NON-NLS-1$
        throw new NTLMException(e.getMessage());
    }

    return ntlm2Hash;
}

From source file:com.javaps.springboot.LicenseController.java

@RequestMapping(value = "/public/license", produces = "text/plain", method = RequestMethod.GET)
public String licenseIssue(@RequestParam(value = "ip") String clientIp) throws Exception {
    SecretKeySpec signingKey = new SecretKeySpec(licenseSecretKey.getBytes(), "HmacSHA1");
    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(signingKey);//from   w  w w.  j  a va  2s  . c o m

    byte[] rawHmac = mac.doFinal(clientIp.getBytes());
    return Base64.encodeBase64String(rawHmac);
}

From source file:com.microsoft.tfs.jni.internal.ntlm.JavaNTLM.java

private static byte[] createNtlm2Response(final String username, final String password, final String domain,
        final NTLMType2Message type2) throws NTLMException {
    final byte[] ntlm2Hash = ntlm2Hash(username, password, domain);

    final int targetInfoLen = type2.targetInfo != null ? type2.targetInfo.length : 0;
    final byte[] ntlm2Blob = new byte[40 + targetInfoLen];

    // construct the "blob"
    addBytes(ntlm2Blob, 0, new byte[] { 0x01, 0x01, 0x00, 0x00 }); // "blob" signature
    addLong(ntlm2Blob, 4, 0); // "reserved"
    addBytes(ntlm2Blob, 8, createTimestamp());
    addBytes(ntlm2Blob, 16, createClientNonce());
    addBytes(ntlm2Blob, 24, new byte[] { (byte) 0xad, (byte) 0xde, (byte) 0x15, (byte) 0xed }); // unknown

    if (targetInfoLen > 0) {
        addBytes(ntlm2Blob, 28, type2.targetInfo);
    }/*ww w  . ja  v a 2 s  .com*/

    // insert obligatory pixies reference here
    addBytes(ntlm2Blob, (28 + targetInfoLen),
            new byte[] { (byte) 0xad, (byte) 0xde, (byte) 0x15, (byte) 0xed }); // again unknown
    // the end? of the blob

    // concatenate the type 2 message's challenge with the blob
    final byte[] challengedBlob = new byte[type2.challenge.length + ntlm2Blob.length];
    addBytes(challengedBlob, 0, type2.challenge);
    addBytes(challengedBlob, type2.challenge.length, ntlm2Blob);

    // now we get the HMAC-MD5 of the blob using the ntlm2 hash as a key
    // ick.
    byte[] blobHash;
    try {
        final Mac mac = Mac.getInstance("HmacMD5"); //$NON-NLS-1$
        mac.init(new SecretKeySpec(ntlm2Hash, "HmacMD5")); //$NON-NLS-1$
        blobHash = mac.doFinal(challengedBlob);
    } catch (final Exception e) {
        LOG.error("Could not load HmacMD5 for NTLM", e); //$NON-NLS-1$
        throw new NTLMException(e.getMessage());
    }

    final byte[] ntlm2Response = new byte[blobHash.length + ntlm2Blob.length];

    // concatenate the blob with its hash
    addBytes(ntlm2Response, 0, blobHash);
    addBytes(ntlm2Response, blobHash.length, ntlm2Blob);

    return ntlm2Response;
}

From source file:com.javaps.springboot.LicenseController.java

@RequestMapping(value = "/public/license", produces = "text/plain", method = RequestMethod.POST)
public String licenseValidate(HttpServletRequest req, @RequestBody String license) throws Exception {
    String clientIp = req.getHeader("X-Forwarded-For"); //nginx???IP
    if (clientIp == null)
        clientIp = req.getRemoteAddr(); //?????
    //System.out.println("clientIp="+clientIp);
    SecretKeySpec signingKey = new SecretKeySpec(licenseSecretKey.getBytes(), "HmacSHA1");
    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(signingKey);//from w  ww .  j  a  va2  s .  c o m

    byte[] rawHmac = mac.doFinal(clientIp.getBytes());
    //System.out.println("license should be:"+Base64.encodeBase64String(rawHmac));
    if (!license.equals(Base64.encodeBase64String(rawHmac)))
        throw new Exception();

    return "OK";
}

From source file:com.k42b3.neodym.oauth.HMACSHA1.java

public String build(String baseString, String consumerSecret, String tokenSecret) throws Exception {
    String key = Oauth.urlEncode(consumerSecret) + "&" + Oauth.urlEncode(tokenSecret);

    Charset charset = Charset.defaultCharset();

    SecretKey sk = new SecretKeySpec(key.getBytes(charset), "HmacSHA1");

    Mac mac = Mac.getInstance("HmacSHA1");

    mac.init(sk);//from w ww . j av  a2  s. c o  m

    byte[] result = mac.doFinal(baseString.getBytes(charset));

    return Base64.encodeBase64String(result);
}

From source file:spring.travel.site.auth.Signer.java

public String sign(String data) throws AuthException {
    try {/*  w  w  w . ja  va 2s.  co  m*/
        SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), HMAC_SHA1_ALGORITHM);
        Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
        mac.init(signingKey);
        byte[] raw = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
        return toHex(raw);
    } catch (InvalidKeyException | NoSuchAlgorithmException e) {
        throw new AuthException("Failed signing data", e);
    }
}

From source file:com.algolia.search.saas.APIClient.java

static String hmac(String key, String msg) {
    Mac hmac;
    try {// w ww  .  ja  va2s .c  om
        hmac = Mac.getInstance("HmacSHA256");
    } catch (NoSuchAlgorithmException e) {
        throw new Error(e);
    }
    try {
        hmac.init(new SecretKeySpec(key.getBytes(), "HmacSHA256"));
    } catch (InvalidKeyException e) {
        throw new Error(e);
    }
    byte[] rawHmac = hmac.doFinal(msg.getBytes());
    byte[] hexBytes = new Hex().encode(rawHmac);
    return new String(hexBytes);
}