/** * Helper to create an instance of CryptoAES. * * @param conf The current configuration. * @param cryptoCipherMeta The metadata for create CryptoAES. * @return The instance of CryptoAES. * @throws IOException if create CryptoAES failed */ public static CryptoAES createCryptoAES(RPCProtos.CryptoCipherMeta cryptoCipherMeta, Configuration conf) throws IOException { Properties properties = new Properties(); // the property for cipher class properties.setProperty(CryptoCipherFactory.CLASSES_KEY, conf.get("hbase.rpc.crypto.encryption.aes.cipher.class", "org.apache.commons.crypto.cipher.JceCipher")); // create SaslAES for client return new CryptoAES(cryptoCipherMeta.getTransformation(), properties, cryptoCipherMeta.getInKey().toByteArray(), cryptoCipherMeta.getOutKey().toByteArray(), cryptoCipherMeta.getInIv().toByteArray(), cryptoCipherMeta.getOutIv().toByteArray()); } }
private void readNextRpcPacket() throws IOException { LOG.debug("reading next wrapped RPC packet"); DataInputStream dis = new DataInputStream(in); int rpcLen = dis.readInt(); byte[] rpcBuf = new byte[rpcLen]; dis.readFully(rpcBuf); // unwrap with Crypto AES rpcBuf = cryptoAES.unwrap(rpcBuf, 0, rpcBuf.length); if (LOG.isDebugEnabled()) { LOG.debug("unwrapping token of length:" + rpcBuf.length); } unwrappedRpcBuffer = ByteBuffer.wrap(rpcBuf); } }
@Override public void write(byte[] buf, int off, int len) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("wrapping token of length:" + len); } // wrap with Crypto AES byte[] wrapped = cryptoAES.wrap(buf, off, len); DataOutputStream dob = new DataOutputStream(out); dob.writeInt(wrapped.length); dob.write(wrapped, 0, wrapped.length); dob.flush(); } }
public CryptoAES(String transformation, Properties properties, byte[] inKey, byte[] outKey, byte[] inIv, byte[] outIv) throws IOException { checkTransformation(transformation); // encryptor encryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec outKEYSpec = new SecretKeySpec(outKey, "AES"); IvParameterSpec outIVSpec = new IvParameterSpec(outIv); encryptor.init(Cipher.ENCRYPT_MODE, outKEYSpec, outIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize encryptor", e); } // decryptor decryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec inKEYSpec = new SecretKeySpec(inKey, "AES"); IvParameterSpec inIVSpec = new IvParameterSpec(inIv); decryptor.init(Cipher.DECRYPT_MODE, inKEYSpec, inIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize decryptor", e); } integrity = new Integrity(outKey, inKey); }
public CryptoAES(String transformation, Properties properties, byte[] inKey, byte[] outKey, byte[] inIv, byte[] outIv) throws IOException { checkTransformation(transformation); // encryptor encryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec outKEYSpec = new SecretKeySpec(outKey, "AES"); IvParameterSpec outIVSpec = new IvParameterSpec(outIv); encryptor.init(Cipher.ENCRYPT_MODE, outKEYSpec, outIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize encryptor", e); } // decryptor decryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec inKEYSpec = new SecretKeySpec(inKey, "AES"); IvParameterSpec inIVSpec = new IvParameterSpec(inIv); decryptor.init(Cipher.DECRYPT_MODE, inKEYSpec, inIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize decryptor", e); } integrity = new Integrity(outKey, inKey); }
@Override protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception { byte[] bytes = new byte[msg.readableBytes()]; msg.readBytes(bytes); ctx.fireChannelRead(Unpooled.wrappedBuffer(cryptoAES.unwrap(bytes, 0, bytes.length))); } }
protected BufferChain wrapWithSasl(BufferChain bc) throws IOException { if (!this.connection.useSasl) return bc; // Looks like no way around this; saslserver wants a byte array. I have to make it one. // THIS IS A BIG UGLY COPY. byte [] responseBytes = bc.getBytes(); byte [] token; // synchronization may be needed since there can be multiple Handler // threads using saslServer or Crypto AES to wrap responses. if (connection.useCryptoAesWrap) { // wrap with Crypto AES synchronized (connection.cryptoAES) { token = connection.cryptoAES.wrap(responseBytes, 0, responseBytes.length); } } else { synchronized (connection.saslServer) { token = connection.saslServer.wrap(responseBytes, 0, responseBytes.length); } } if (RpcServer.LOG.isTraceEnabled()) { RpcServer.LOG.trace("Adding saslServer wrapped token of size " + token.length + " as call response."); } ByteBuffer[] responseBufs = new ByteBuffer[2]; responseBufs[0] = ByteBuffer.wrap(Bytes.toBytes(token.length)); responseBufs[1] = ByteBuffer.wrap(token); return new BufferChain(responseBufs); }
cryptoAES = new CryptoAES(transformation, properties, inKey, outKey, inIv, outIv);
public CryptoAES(String transformation, Properties properties, byte[] inKey, byte[] outKey, byte[] inIv, byte[] outIv) throws IOException { checkTransformation(transformation); // encryptor encryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec outKEYSpec = new SecretKeySpec(outKey, "AES"); IvParameterSpec outIVSpec = new IvParameterSpec(outIv); encryptor.init(Cipher.ENCRYPT_MODE, outKEYSpec, outIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize encryptor", e); } // decryptor decryptor = Utils.getCipherInstance(transformation, properties); try { SecretKeySpec inKEYSpec = new SecretKeySpec(inKey, "AES"); IvParameterSpec inIVSpec = new IvParameterSpec(inIv); decryptor.init(Cipher.DECRYPT_MODE, inKEYSpec, inIVSpec); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IOException("Failed to initialize decryptor", e); } integrity = new Integrity(outKey, inKey); }
if (useCryptoAesWrap) { plaintextData = cryptoAES.unwrap(b, 0, b.length); } else { plaintextData = saslServer.unwrap(b, 0, b.length);
@Override public void write(byte[] buf, int off, int len) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("wrapping token of length:" + len); } // wrap with Crypto AES byte[] wrapped = cryptoAES.wrap(buf, off, len); DataOutputStream dob = new DataOutputStream(out); dob.writeInt(wrapped.length); dob.write(wrapped, 0, wrapped.length); dob.flush(); } }
/** * Helper to create an instance of CryptoAES. * * @param conf The current configuration. * @param cryptoCipherMeta The metadata for create CryptoAES. * @return The instance of CryptoAES. * @throws IOException if create CryptoAES failed */ public static CryptoAES createCryptoAES(RPCProtos.CryptoCipherMeta cryptoCipherMeta, Configuration conf) throws IOException { Properties properties = new Properties(); // the property for cipher class properties.setProperty(CryptoCipherFactory.CLASSES_KEY, conf.get("hbase.rpc.crypto.encryption.aes.cipher.class", "org.apache.commons.crypto.cipher.JceCipher")); // create SaslAES for client return new CryptoAES(cryptoCipherMeta.getTransformation(), properties, cryptoCipherMeta.getInKey().toByteArray(), cryptoCipherMeta.getOutKey().toByteArray(), cryptoCipherMeta.getInIv().toByteArray(), cryptoCipherMeta.getOutIv().toByteArray()); } }
private void readNextRpcPacket() throws IOException { LOG.debug("reading next wrapped RPC packet"); DataInputStream dis = new DataInputStream(in); int rpcLen = dis.readInt(); byte[] rpcBuf = new byte[rpcLen]; dis.readFully(rpcBuf); // unwrap with Crypto AES rpcBuf = cryptoAES.unwrap(rpcBuf, 0, rpcBuf.length); if (LOG.isDebugEnabled()) { LOG.debug("unwrapping token of length:" + rpcBuf.length); } unwrappedRpcBuffer = ByteBuffer.wrap(rpcBuf); } }
@Override public void flush(ChannelHandlerContext ctx) throws Exception { if (queue.isEmpty()) { return; } ByteBuf buf = null; try { ChannelPromise promise = ctx.newPromise(); int readableBytes = queue.readableBytes(); buf = queue.remove(readableBytes, promise); byte[] bytes = new byte[readableBytes]; buf.readBytes(bytes); byte[] wrapperBytes = cryptoAES.wrap(bytes, 0, bytes.length); ChannelPromise lenPromise = ctx.newPromise(); ctx.write(ctx.alloc().buffer(4).writeInt(wrapperBytes.length), lenPromise); ChannelPromise contentPromise = ctx.newPromise(); ctx.write(Unpooled.wrappedBuffer(wrapperBytes), contentPromise); PromiseCombiner combiner = new PromiseCombiner(); combiner.addAll(lenPromise, contentPromise); combiner.finish(promise); ctx.flush(); } finally { if (buf != null) { ReferenceCountUtil.safeRelease(buf); } } }
/** * Helper to create an instance of CryptoAES. * * @param conf The current configuration. * @param cryptoCipherMeta The metadata for create CryptoAES. * @return The instance of CryptoAES. * @throws IOException if create CryptoAES failed */ public static CryptoAES createCryptoAES(RPCProtos.CryptoCipherMeta cryptoCipherMeta, Configuration conf) throws IOException { Properties properties = new Properties(); // the property for cipher class properties.setProperty(CryptoCipherFactory.CLASSES_KEY, conf.get("hbase.rpc.crypto.encryption.aes.cipher.class", "org.apache.commons.crypto.cipher.JceCipher")); // create SaslAES for client return new CryptoAES(cryptoCipherMeta.getTransformation(), properties, cryptoCipherMeta.getInKey().toByteArray(), cryptoCipherMeta.getOutKey().toByteArray(), cryptoCipherMeta.getInIv().toByteArray(), cryptoCipherMeta.getOutIv().toByteArray()); } }
@Override protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception { byte[] bytes = new byte[msg.readableBytes()]; msg.readBytes(bytes); ctx.fireChannelRead(Unpooled.wrappedBuffer(cryptoAES.unwrap(bytes, 0, bytes.length))); } }
@Override public void write(byte[] buf, int off, int len) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("wrapping token of length:" + len); } // wrap with Crypto AES byte[] wrapped = cryptoAES.wrap(buf, off, len); DataOutputStream dob = new DataOutputStream(out); dob.writeInt(wrapped.length); dob.write(wrapped, 0, wrapped.length); dob.flush(); } }
private void readNextRpcPacket() throws IOException { LOG.debug("reading next wrapped RPC packet"); DataInputStream dis = new DataInputStream(in); int rpcLen = dis.readInt(); byte[] rpcBuf = new byte[rpcLen]; dis.readFully(rpcBuf); // unwrap with Crypto AES rpcBuf = cryptoAES.unwrap(rpcBuf, 0, rpcBuf.length); if (LOG.isDebugEnabled()) { LOG.debug("unwrapping token of length:" + rpcBuf.length); } unwrappedRpcBuffer = ByteBuffer.wrap(rpcBuf); } }
@Override public void flush(ChannelHandlerContext ctx) throws Exception { if (queue.isEmpty()) { return; } ByteBuf buf = null; try { ChannelPromise promise = ctx.newPromise(); int readableBytes = queue.readableBytes(); buf = queue.remove(readableBytes, promise); byte[] bytes = new byte[readableBytes]; buf.readBytes(bytes); byte[] wrapperBytes = cryptoAES.wrap(bytes, 0, bytes.length); ChannelPromise lenPromise = ctx.newPromise(); ctx.write(ctx.alloc().buffer(4).writeInt(wrapperBytes.length), lenPromise); ChannelPromise contentPromise = ctx.newPromise(); ctx.write(Unpooled.wrappedBuffer(wrapperBytes), contentPromise); PromiseCombiner combiner = new PromiseCombiner(); combiner.addAll(lenPromise, contentPromise); combiner.finish(promise); ctx.flush(); } finally { if (buf != null) { ReferenceCountUtil.safeRelease(buf); } } }
@Override protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception { byte[] bytes = new byte[msg.readableBytes()]; msg.readBytes(bytes); ctx.fireChannelRead(Unpooled.wrappedBuffer(cryptoAES.unwrap(bytes, 0, bytes.length))); } }