private static byte[] hmacSha256(byte[] key, String value) { try { Mac mac = Mac.getInstance("HmacSHA256"); mac.init(new SecretKeySpec(key, "HmacSHA256")); return mac.doFinal(value.getBytes(StandardCharsets.UTF_8)); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new UnsupportedOperationException(e.getMessage(), e); } }
public static Mac createSha1Hmac(final byte[] keyBytes) throws SaslException { try { SecretKeySpec key = new SecretKeySpec(keyBytes, "HmacSHA1"); Mac mac = Mac.getInstance("HmacSHA1"); mac.init(key); return mac; } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new SaslException(e.getMessage(), e); } } }
public SimpleSSLSocketFactory() { try { final SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(null, // KeyManager not required new TrustManager[] { new DummyTrustManager() }, new java.security.SecureRandom()); factory = sslContext.getSocketFactory(); } catch (NoSuchAlgorithmException | KeyManagementException e) { Log.error(e.getMessage(), e); } }
@Override public void setConf(Configuration conf) { this.conf = conf; provider = conf.get(HADOOP_SECURITY_CRYPTO_JCE_PROVIDER_KEY); final String secureRandomAlg = conf.get( HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_KEY, HADOOP_SECURITY_JAVA_SECURE_RANDOM_ALGORITHM_DEFAULT); try { random = (provider != null) ? SecureRandom.getInstance(secureRandomAlg, provider) : SecureRandom.getInstance(secureRandomAlg); } catch (GeneralSecurityException e) { LOG.warn(e.getMessage()); random = new SecureRandom(); } }
/** * Decrypt private key * * @param passphrase To decrypt */ private byte[] decrypt(final byte[] key, final String passphrase) throws IOException { try { final Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); final byte[] expanded = this.toKey(passphrase); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(expanded, 0, 32, "AES"), new IvParameterSpec(new byte[16])); // initial vector=0 return cipher.doFinal(key); } catch (GeneralSecurityException e) { throw new IOException(e.getMessage(), e); } }
public AESSensitivePropertyProvider(String keyHex) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException { byte[] key = validateKey(keyHex); try { cipher = Cipher.getInstance(ALGORITHM, PROVIDER); // Only store the key if the cipher was initialized successfully this.key = new SecretKeySpec(key, "AES"); } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) { logger.error("Encountered an error initializing the {}: {}", IMPLEMENTATION_NAME, e.getMessage()); throw new SensitivePropertyProtectionException("Error initializing the protection cipher", e); } }
@Override public SSLSocket createSocket(Socket socket) throws SocketException { SSLContext sc; try { sc = SSLContext.getInstance(this.protocol); initSSLContext(sc); } catch (GeneralSecurityException e) { throw new SocketException(e.getMessage()); } try { return (SSLSocket) sc.getSocketFactory() .createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), true); } catch (IOException e) { throw new SocketException(e.getMessage()); } }
log.error("{} MessageCrypto initialization Failed {}", logCtx, e.getMessage());
private X509TrustManager getTrustManager() throws SaslException { try { return trustManagerFactory.create(); } catch (GeneralSecurityException e) { throw new SaslException(e.getMessage(), e); } } }
private ByteBuf decryptData(SecretKey dataKeySecret, MessageMetadata msgMetadata, ByteBuf payload) { // unpack iv and encrypted data ByteString ivString = msgMetadata.getEncryptionParam(); ivString.copyTo(iv, 0); GCMParameterSpec gcmParams = new GCMParameterSpec(tagLen, iv); ByteBuf targetBuf = null; try { cipher.init(Cipher.DECRYPT_MODE, dataKeySecret, gcmParams); ByteBuffer sourceNioBuf = payload.nioBuffer(payload.readerIndex(), payload.readableBytes()); int maxLength = cipher.getOutputSize(payload.readableBytes()); targetBuf = PooledByteBufAllocator.DEFAULT.buffer(maxLength, maxLength); ByteBuffer targetNioBuf = targetBuf.nioBuffer(0, maxLength); int decryptedSize = cipher.doFinal(sourceNioBuf, targetNioBuf); targetBuf.writerIndex(decryptedSize); } catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | ShortBufferException e) { log.error("{} Failed to decrypt message {}", logCtx, e.getMessage()); if (targetBuf != null) { targetBuf.release(); targetBuf = null; } } return targetBuf; }
public void setSecurityData(String theData) { String anError = null; if(theData != null && !theData.isEmpty()) { try { securityDescriptor = new Gson().fromJson(decrypt(theData), BridgeSecurityDescriptor.class); } catch (JsonSyntaxException e) { anError = e.getMessage(); } catch (GeneralSecurityException e) { anError = e.getMessage(); } catch (IOException e) { anError = e.getMessage(); } if(anError != null) log.warn("Cound not get security data, using default security (none): " + anError); } if(theData == null || anError != null) { securityDescriptor = new BridgeSecurityDescriptor(); } }
public DbKeyStoreSocketFactory() throws DbKeyStoreSocketException { KeyStore keys; char[] password; try { keys = KeyStore.getInstance("JKS"); password = getKeyStorePassword(); keys.load(getKeyStoreStream(), password); } catch (java.security.GeneralSecurityException gse) { throw new DbKeyStoreSocketException("Failed to load keystore: " + gse.getMessage()); } catch (java.io.FileNotFoundException fnfe) { throw new DbKeyStoreSocketException("Failed to find keystore file." + fnfe.getMessage()); } catch (java.io.IOException ioe) { throw new DbKeyStoreSocketException("Failed to read keystore file: " + ioe.getMessage()); } try { KeyManagerFactory keyfact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyfact.init(keys, password); TrustManagerFactory trustfact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustfact.init(keys); SSLContext ctx = SSLContext.getInstance("SSL"); ctx.init(keyfact.getKeyManagers(), trustfact.getTrustManagers(), null); _factory = ctx.getSocketFactory(); } catch (java.security.GeneralSecurityException gse) { throw new DbKeyStoreSocketException( "Failed to set up database socket factory: " + gse.getMessage()); } }
log.error("{} Failed to decrypt data key {} to decrypt messages {}", logCtx, keyName, e.getMessage()); return false;
throw new CryptoException(e.getMessage(), e);
log.error("{} Failed to encrypt data key {}. {}", logCtx, keyName, e.getMessage()); throw new PulsarClientException.CryptoException(e.getMessage());
public int read(byte[] b, int off, int len) throws IOException { int total = 0; if (available() <= 0) return -1; while (len > 0) { if (_chunk == null) { try { _chunk = nextChunk(); } catch (GeneralSecurityException e) { throw new EncryptedDocumentException(e.getMessage(), e); } } int count = (int)(chunkSize - (_pos & chunkMask)); int avail = available(); if (avail == 0) { return total; } count = Math.min(avail, Math.min(count, len)); System.arraycopy(_chunk, (int)(_pos & chunkMask), b, off, count); off += count; len -= count; _pos += count; if ((_pos & chunkMask) == 0) _chunk = null; total += count; } return total; }
builder.setSSLSocketFactory(sslsf); } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException ex) { LOG.error("Failed to init socket factory {}", ex.getMessage(), ex);
keyManager = keyManagerFactory.create(); } catch (GeneralSecurityException e) { throw new SaslException(e.getMessage(), e);
public void updateConfigFile() { log.debug("Save HA Bridge settings."); Path configPath = Paths.get(theBridgeSettings.getConfigfile()); JsonTransformer aRenderer = new JsonTransformer(); if(bridgeSecurity.isSettingsChanged()) { try { theBridgeSettings.setSecurityData(bridgeSecurity.getSecurityDescriptorData()); } catch (UnsupportedEncodingException e) { log.warn("could not get encoded security data: " + e.getMessage()); return; } catch (GeneralSecurityException e) { log.warn("could not get encoded security data: " + e.getMessage()); return; } bridgeSecurity.setSettingsChanged(false); } String jsonValue = aRenderer.render(theBridgeSettings); configWriter(jsonValue, configPath); _loadConfig(configPath); }
public void save(BridgeSettingsDescriptor newBridgeSettings) { log.debug("Save HA Bridge settings."); Path configPath = Paths.get(theBridgeSettings.getConfigfile()); JsonTransformer aRenderer = new JsonTransformer(); if(bridgeSecurity.isSettingsChanged()) { try { newBridgeSettings.setSecurityData(bridgeSecurity.getSecurityDescriptorData()); } catch (UnsupportedEncodingException e) { log.warn("could not get encoded security data: " + e.getMessage()); return; } catch (GeneralSecurityException e) { log.warn("could not get encoded security data: " + e.getMessage()); return; } bridgeSecurity.setSettingsChanged(false); } String jsonValue = aRenderer.render(newBridgeSettings); configWriter(jsonValue, configPath); _loadConfig(configPath); }