/** * Gets a hex encoded random string. * * @param numBytes number of bytes of randomness. */ public static String getRandomString(int numBytes) { return new String(Hex.encodeHex(getRandomBytes(numBytes))); }
public String wrap(Map<String, String> in) throws BlobCrypterException { Preconditions.checkArgument(!in.containsKey(TIMESTAMP_KEY), "No '%s' key allowed for BlobCrypter", TIMESTAMP_KEY); try { byte[] encoded = serializeAndTimestamp(in); byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded); byte[] hmac = Crypto.hmacSha1(hmacKey, cipherText); byte[] b64 = Base64.encodeBase64URLSafe(Crypto.concat(cipherText, hmac)); return new String(b64, UTF8); } catch (UnsupportedEncodingException e) { throw new BlobCrypterException(e); } catch (GeneralSecurityException e) { throw new BlobCrypterException(e); } }
public void claimToken() { // consumer taking the token state = State.APPROVED; sessionHandle = Crypto.getRandomString(8); }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return Bytes.concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
@Test public void testAes128Cbc() throws Exception { byte[] key = Crypto.getRandomBytes(Crypto.CIPHER_KEY_LEN); for (byte i=0; i < 50; i++) { byte[] orig = new byte[i]; for (byte j=0; j < i; j++) { orig[j] = j; } byte[] cipherText = Crypto.aes128cbcEncrypt(key, orig); byte[] plainText = Crypto.aes128cbcDecrypt(key, cipherText); assertArrayEquals("Array of length " + i, orig, plainText); } }
public String wrap(Map<String, String> in) throws BlobCrypterException { try { byte[] encoded = serialize(in); byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded); byte[] hmac = Crypto.hmacSha(hmacKey, cipherText,hmacType.getName()); byte[] b64 = Base64.encodeBase64URLSafe(Bytes.concat(cipherText, hmac)); return CharsetUtil.newUtf8String(b64); } catch (GeneralSecurityException e) { throw new BlobCrypterException(e); } }
public Map<String, String> unwrap(String in) throws BlobCrypterException { try { byte[] bin = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(in)); byte[] hmac = new byte[hmacType.getLength()]; byte[] cipherText = new byte[bin.length-hmacType.getLength()]; System.arraycopy(bin, 0, cipherText, 0, cipherText.length); System.arraycopy(bin, cipherText.length, hmac, 0, hmac.length); Crypto.hmacShaVerify(hmacKey, cipherText, hmac, hmacType.getName()); byte[] plain = Crypto.aes128cbcDecrypt(cipherKey, cipherText); Map<String, String> out = deserialize(plain); return out; } catch (GeneralSecurityException e) { throw new BlobCrypterException("Invalid token signature", e); } catch (ArrayIndexOutOfBoundsException e) { throw new BlobCrypterException("Invalid token format", e); } catch (NegativeArraySizeException e) { throw new BlobCrypterException("Invalid token format", e); } }
/** * HMAC sha1 * * @param key the key must be at least 8 bytes in length. * @param in byte array to HMAC. * @return the hash * * @throws GeneralSecurityException */ public static byte[] hmacSha(byte[] key, byte[] in) throws GeneralSecurityException { return hmacSha(key, in, HMAC_TYPE); }
public void authorizeToken(OAuthEntry entry, String userId) { Preconditions.checkNotNull(entry); entry.setAuthorized(true); entry.setUserId(Preconditions.checkNotNull(userId)); if (entry.isCallbackUrlSigned()) { entry.setCallbackToken(Crypto.getRandomDigits(CALLBACK_TOKEN_LENGTH)); } }
public Map<String, String> unwrap(String in, int maxAgeSec) throws BlobCrypterException { try { byte[] bin = Base64.decodeBase64(in.getBytes("UTF-8")); byte[] hmac = new byte[Crypto.HMAC_SHA1_LEN]; byte[] cipherText = new byte[bin.length-Crypto.HMAC_SHA1_LEN]; System.arraycopy(bin, 0, cipherText, 0, cipherText.length); System.arraycopy(bin, cipherText.length, hmac, 0, hmac.length); Crypto.hmacSha1Verify(hmacKey, cipherText, hmac); byte[] plain = Crypto.aes128cbcDecrypt(cipherKey, cipherText); Map<String, String> out = deserialize(plain); checkTimestamp(out, maxAgeSec); return out; } catch (GeneralSecurityException e) { throw new BlobCrypterException("Invalid token signature", e); } catch (ArrayIndexOutOfBoundsException e) { throw new BlobCrypterException("Invalid token format", e); } catch (NegativeArraySizeException e) { throw new BlobCrypterException("Invalid token format", e); } catch (UnsupportedEncodingException e) { throw new BlobCrypterException(e); } }
/** * AES-128-CBC decryption. The IV is assumed to be the first 16 bytes * of the cipher text. * * @param key * @param cipherText * * @return the plain text * * @throws GeneralSecurityException */ public static byte[] aes128cbcDecrypt(byte[] key, byte[] cipherText) throws GeneralSecurityException { byte iv[] = new byte[CIPHER_BLOCK_SIZE]; System.arraycopy(cipherText, 0, iv, 0, iv.length); return aes128cbcDecryptWithIv(key, iv, cipherText, iv.length); }
@Test public void testHmacSha1Verify() throws Exception { String key = "abcd1234"; String val = "your mother is a hedgehog"; byte[] expected = { -21, 2, 47, -101, 9, -40, 18, 43, 76, 117, -51, 115, -122, -91, 39, 26, -18, 122, 30, 90, }; Crypto.hmacSha1Verify(key.getBytes(), val.getBytes(), expected); }
@Test public void testHmacSha1() throws Exception { String key = "abcd1234"; String val = "your mother is a hedgehog"; byte[] expected = { -21, 2, 47, -101, 9, -40, 18, 43, 76, 117, -51, 115, -122, -91, 39, 26, -18, 122, 30, 90, }; byte[] hmac = Crypto.hmacSha1(key.getBytes(), val.getBytes()); assertArrayEquals(expected, hmac); }
@Test public void testAes128Cbc() throws Exception { byte[] key = Crypto.getRandomBytes(Crypto.CIPHER_KEY_LEN); for (byte i=0; i < 50; i++) { byte[] orig = new byte[i]; for (byte j=0; j < i; j++) { orig[j] = j; } byte[] cipherText = Crypto.aes128cbcEncrypt(key, orig); byte[] plainText = Crypto.aes128cbcDecrypt(key, cipherText); assertArrayEquals("Array of length " + i, orig, plainText); } }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return Bytes.concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
public String wrap(Map<String, String> in) throws BlobCrypterException { try { byte[] encoded = serialize(in); byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded); byte[] hmac = Crypto.hmacSha(hmacKey, cipherText,hmacType.getName()); byte[] b64 = Base64.encodeBase64URLSafe(Bytes.concat(cipherText, hmac)); return CharsetUtil.newUtf8String(b64); } catch (GeneralSecurityException e) { throw new BlobCrypterException(e); } }
public Map<String, String> unwrap(String in) throws BlobCrypterException { try { byte[] bin = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(in)); byte[] hmac = new byte[hmacType.getLength()]; byte[] cipherText = new byte[bin.length-hmacType.getLength()]; System.arraycopy(bin, 0, cipherText, 0, cipherText.length); System.arraycopy(bin, cipherText.length, hmac, 0, hmac.length); Crypto.hmacShaVerify(hmacKey, cipherText, hmac, hmacType.getName()); byte[] plain = Crypto.aes128cbcDecrypt(cipherKey, cipherText); Map<String, String> out = deserialize(plain); return out; } catch (GeneralSecurityException e) { throw new BlobCrypterException("Invalid token signature", e); } catch (ArrayIndexOutOfBoundsException e) { throw new BlobCrypterException("Invalid token format", e); } catch (NegativeArraySizeException e) { throw new BlobCrypterException("Invalid token format", e); } }
/** * HMAC sha1 * * @param key the key must be at least 8 bytes in length. * @param in byte array to HMAC. * @return the hash * * @throws GeneralSecurityException */ public static byte[] hmacSha(byte[] key, byte[] in) throws GeneralSecurityException { return hmacSha(key, in, HMAC_TYPE); }