private void assertInitialized() { if (!initialized) { throw new OSecurityException(ENCRYPTION_NOT_INITIALIZED_ERROR); } }
private void assertCiphertextSizeIsValid(int size) { if (size < MIN_CIPHERTEXT_SIZE) { throw new OSecurityException(format(INVALID_CIPHERTEXT_SIZE_ERROR, MIN_CIPHERTEXT_SIZE, size)); } }
private void assertNonBlocking(SecureRandom secureRandom) { ExecutorService executor = Executors.newSingleThreadExecutor(); try { executor.submit(() -> secureRandom.nextInt()).get(1, TimeUnit.MINUTES); } catch (InterruptedException | ExecutionException e) { throw new IllegalStateException(e); } catch (TimeoutException e) { throw new OSecurityException(BLOCKING_SECURE_RANDOM_ERROR); } finally { executor.shutdownNow(); } }
public byte[] encryptOrDecrypt(final int mode, final byte[] input, final int offset, final int length) throws Exception { if (!initialized) throw new OSecurityException("DES encryption algorithm is not available"); cipher.init(mode, theKey); final byte[] content; if (offset == 0 && length == input.length) { content = input; } else { content = new byte[length]; System.arraycopy(input, offset, content, 0, length); } return cipher.doFinal(content); } }
public byte[] encryptOrDecrypt(final int mode, final byte[] input, final int offset, final int length) throws Exception { if (!initialized) throw new OSecurityException("AES encryption algorithm is not available"); Cipher cipher = Cipher.getInstance(TRANSFORMATION); cipher.init(mode, theKey); final byte[] content; if (offset == 0 && length == input.length) { content = input; } else { content = new byte[length]; System.arraycopy(input, offset, content, 0, length); } return cipher.doFinal(content); } }
private static Cipher getCipherInstance() { try { return Cipher.getInstance(TRANSFORMATION); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { throw OException.wrapException(new OSecurityException(NO_SUCH_CIPHER), e); } }
/** * Uses the specified SecretKey as the private key and sets key algorithm from the SecretKey. */ public OSymmetricKey(final SecretKey secretKey) throws OSecurityException { if (secretKey == null) throw new OSecurityException("OSymmetricKey(SecretKey) secretKey is null"); this.secretKey = secretKey; this.secretKeyAlgorithm = secretKey.getAlgorithm(); }
/** * Returns the internal SecretKey as a Base64 String. */ public String getBase64Key() { if (secretKey == null) throw new OSecurityException("OSymmetricKey.getBase64Key() SecretKey is null"); return convertToBase64(secretKey.getEncoded()); }
protected void create() { try { SecureRandom secureRandom = new SecureRandom(); //** This is actually not needed and will block for a long time on many operating systems. // byte[] salt = secureRandom.generateSeed(saltLength); byte[] salt = new byte[saltLength]; secureRandom.nextBytes(salt); KeySpec keySpec = new PBEKeySpec(seedPhrase.toCharArray(), salt, iteration, keySize); SecretKeyFactory factory = SecretKeyFactory.getInstance(seedAlgorithm); SecretKey tempKey = factory.generateSecret(keySpec); secretKey = new SecretKeySpec(tempKey.getEncoded(), secretKeyAlgorithm); } catch (Exception ex) { throw new OSecurityException("OSymmetricKey.create() Exception: " + ex); } }
throw new OSecurityException("OSymmetricKey.saveToKeystore() OutputStream is null"); if (ksPasswd == null) throw new OSecurityException("OSymmetricKey.saveToKeystore() Keystore Password is required"); if (keyAlias == null) throw new OSecurityException("OSymmetricKey.saveToKeystore() Key Alias is required"); if (keyPasswd == null) throw new OSecurityException("OSymmetricKey.saveToKeystore() Key Password is required"); throw OException.wrapException(new OSecurityException("OSymmetricKey.saveToKeystore() Exception: " + ex.getMessage()), ex);
/** * Sets the SecretKey based on the specified algorithm and Base64 key specified. */ public OSymmetricKey(final String algorithm, final String base64Key) throws OSecurityException { this.secretKeyAlgorithm = algorithm; try { final byte[] keyBytes = OSymmetricKey.convertFromBase64(base64Key); this.secretKey = new SecretKeySpec(keyBytes, secretKeyAlgorithm); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.OSymmetricKey() Exception: " + ex.getMessage()), ex); } }
public OEncryption getEncryption(final String name, final String iOptions) { OEncryption encryption = instances.get(name); if (encryption == null) { final Class<? extends OEncryption> encryptionClass; if (name == null) encryptionClass = ONothingEncryption.class; else encryptionClass = classes.get(name); if (encryptionClass != null) { try { encryption = encryptionClass.newInstance(); encryption.configure(iOptions); } catch (Exception e) { throw OException.wrapException(new OSecurityException("Cannot instantiate encryption algorithm '" + name + "'"), e); } } else throw new OSecurityException("Encryption with name '" + name + "' is absent"); } return encryption; }
/** * This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]). * * @param value The String to be encoded to Base64 then encrypted. * * @return A Base64-encoded JSON document. */ public String encrypt(final String value) { try { return encrypt(value.getBytes("UTF8")); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage()), ex); } }
/** * This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]). * * @param transform The cipher transformation to use. * @param value The String to be encoded to Base64 then encrypted. * * @return A Base64-encoded JSON document. */ public String encrypt(final String transform, final String value) { try { return encrypt(transform, value.getBytes("UTF8")); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage()), ex); } }
public OCompression getCompression(final String name, final String iOptions) { if (name.length() == 0) return ONothingCompression.INSTANCE; OCompression compression = compressions.get(name); if (compression == null) { final Class<? extends OCompression> compressionClass; if (name == null) compressionClass = ONothingCompression.class; else compressionClass = compressionClasses.get(name); if (compressionClass != null) { try { compression = compressionClass.newInstance(); compression.configure(iOptions); } catch (Exception e) { throw OException.wrapException(new OSecurityException("Cannot instantiate compression algorithm '" + name + "'"), e); } } else throw new OSecurityException("Compression with name '" + name + "' is absent"); } return compression; }
/** * Saves the internal SecretKey to the specified OutputStream as a Base64 String. */ public void saveToStream(final OutputStream os) { if (os == null) throw new OSecurityException("OSymmetricKey.saveToStream() OutputStream is null"); try { final OutputStreamWriter osw = new OutputStreamWriter(os); try { final BufferedWriter writer = new BufferedWriter(osw); try { writer.write(getBase64Key()); } finally { writer.close(); } } finally { os.close(); } } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.saveToStream() Exception: " + ex.getMessage()), ex); } }
/** * This method decrypts the Base64-encoded JSON document using the specified algorithm and cipher transformation. * * @param encodedJSON The Base64-encoded JSON document. * * @return The decrypted array of bytes as a UTF8 String or null if not successful. */ public String decryptAsString(final String encodedJSON) { try { byte[] decrypted = decrypt(encodedJSON); return new String(decrypted, "UTF8"); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.decryptAsString() Exception: " + ex.getMessage()), ex); } }
private SecretKey createKey(String base64EncodedKey) { if (base64EncodedKey == null) { throw new OSecurityException(format(MISSING_KEY_ERROR, OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey())); } try { final byte[] keyBytes = Base64.getDecoder().decode(base64EncodedKey.getBytes()); validateKeySize(keyBytes.length); return new SecretKeySpec(keyBytes, ALGORITHM_NAME); } catch (IllegalArgumentException e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException(INVALID_KEY_ERROR), e); } }
throw new OSecurityException("OSymmetricKey.encrypt() SecretKey is null"); if (transform == null) throw new OSecurityException("OSymmetricKey.encrypt() Cannot determine cipher transformation"); throw OException.wrapException(new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage()), ex);
private byte[] getPbkdf2(final String iPassword, final byte[] salt, final int iterations, final int bytes, final String algorithm) { String cacheKey = null; final String hashedPassword = createSHA256(iPassword + new String(salt)); if (SALT_CACHE != null) { // SEARCH IN CACHE FIRST cacheKey = hashedPassword + "|" + Arrays.toString(salt) + "|" + iterations + "|" + bytes; final byte[] encoded = SALT_CACHE.get(cacheKey); if (encoded != null) return encoded; } final PBEKeySpec spec = new PBEKeySpec(iPassword.toCharArray(), salt, iterations, bytes * 8); final SecretKeyFactory skf; try { skf = SecretKeyFactory.getInstance(algorithm); final byte[] encoded = skf.generateSecret(spec).getEncoded(); if (SALT_CACHE != null) { // SAVE IT IN CACHE SALT_CACHE.put(cacheKey, encoded); } return encoded; } catch (Exception e) { throw OException.wrapException(new OSecurityException("Cannot create a key with '" + algorithm + "' algorithm"), e); } }