Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.nifi.processors.standard.util.crypto; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.processor.exception.ProcessException; import org.apache.nifi.processor.io.StreamCallback; import org.apache.nifi.processors.standard.EncryptContent.Encryptor; import org.apache.nifi.security.util.EncryptionMethod; import org.apache.nifi.security.util.KeyDerivationFunction; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.NoSuchAlgorithmException; public class KeyedEncryptor implements Encryptor { private EncryptionMethod encryptionMethod; private SecretKey key; private byte[] iv; private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128; private static boolean isUnlimitedStrengthCryptographyEnabled; // Evaluate an unlimited strength algorithm to determine if we support the capability we have on the system static { try { isUnlimitedStrengthCryptographyEnabled = (Cipher .getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH); } catch (NoSuchAlgorithmException e) { // if there are issues with this, we default back to the value established isUnlimitedStrengthCryptographyEnabled = false; } } public KeyedEncryptor(final EncryptionMethod encryptionMethod, final SecretKey key) { this(encryptionMethod, key == null ? new byte[0] : key.getEncoded(), new byte[0]); } public KeyedEncryptor(final EncryptionMethod encryptionMethod, final SecretKey key, final byte[] iv) { this(encryptionMethod, key == null ? new byte[0] : key.getEncoded(), iv); } public KeyedEncryptor(final EncryptionMethod encryptionMethod, final byte[] keyBytes) { this(encryptionMethod, keyBytes, new byte[0]); } public KeyedEncryptor(final EncryptionMethod encryptionMethod, final byte[] keyBytes, final byte[] iv) { super(); try { if (encryptionMethod == null) { throw new IllegalArgumentException( "Cannot instantiate a keyed encryptor with null encryption method"); } if (!encryptionMethod.isKeyedCipher()) { throw new IllegalArgumentException( "Cannot instantiate a keyed encryptor with encryption method " + encryptionMethod.name()); } this.encryptionMethod = encryptionMethod; if (keyBytes == null || keyBytes.length == 0) { throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with empty key"); } if (!CipherUtility.isValidKeyLengthForAlgorithm(keyBytes.length * 8, encryptionMethod.getAlgorithm())) { throw new IllegalArgumentException( "Cannot instantiate a keyed encryptor with key of length " + keyBytes.length); } String cipherName = CipherUtility.parseCipherFromAlgorithm(encryptionMethod.getAlgorithm()); this.key = new SecretKeySpec(keyBytes, cipherName); this.iv = iv; } catch (Exception e) { throw new ProcessException(e); } } public static int getMaxAllowedKeyLength(final String algorithm) { if (StringUtils.isEmpty(algorithm)) { return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } String parsedCipher = CipherUtility.parseCipherFromAlgorithm(algorithm); try { return Cipher.getMaxAllowedKeyLength(parsedCipher); } catch (NoSuchAlgorithmException e) { // Default algorithm max key length on unmodified JRE return DEFAULT_MAX_ALLOWED_KEY_LENGTH; } } public static boolean supportsUnlimitedStrength() { return isUnlimitedStrengthCryptographyEnabled; } @Override public StreamCallback getEncryptionCallback() throws ProcessException { return new EncryptCallback(); } @Override public StreamCallback getDecryptionCallback() throws ProcessException { return new DecryptCallback(); } private class DecryptCallback implements StreamCallback { public DecryptCallback() { } @Override public void process(final InputStream in, final OutputStream out) throws IOException { // Initialize cipher provider KeyedCipherProvider cipherProvider = (KeyedCipherProvider) CipherProviderFactory .getCipherProvider(KeyDerivationFunction.NONE); // Generate cipher try { Cipher cipher; // The IV could have been set by the constructor, but if not, read from the cipher stream if (iv.length == 0) { iv = cipherProvider.readIV(in); } cipher = cipherProvider.getCipher(encryptionMethod, key, iv, false); CipherUtility.processStreams(cipher, in, out); } catch (Exception e) { throw new ProcessException(e); } } } private class EncryptCallback implements StreamCallback { public EncryptCallback() { } @Override public void process(final InputStream in, final OutputStream out) throws IOException { // Initialize cipher provider KeyedCipherProvider cipherProvider = (KeyedCipherProvider) CipherProviderFactory .getCipherProvider(KeyDerivationFunction.NONE); // Generate cipher try { Cipher cipher = cipherProvider.getCipher(encryptionMethod, key, iv, true); cipherProvider.writeIV(cipher.getIV(), out); CipherUtility.processStreams(cipher, in, out); } catch (Exception e) { throw new ProcessException(e); } } } }