项目:lams
文件:KeyStoreCredentialResolver.java
/**
* Build a credential instance from the key store entry.
*
* @param keyStoreEntry the key store entry to process
* @param entityID the entityID to include in the credential
* @param usage the usage type to include in the credential
* @return the new credential instance,appropriate to the type of key store entry being processed
* @throws SecurityException throw if there is a problem building a credential from the key store entry
*/
protected Credential buildCredential(KeyStore.Entry keyStoreEntry,String entityID,UsageType usage)
throws SecurityException {
log.debug("Building credential from keystore entry for entityID {},usage type {}",entityID,usage);
Credential credential = null;
if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
credential = processprivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry,keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
credential = processtrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry,keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) {
credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry,keystoreUsage);
} else {
throw new SecurityException("KeyStore entry was of an unsupported type: "
+ keyStoreEntry.getClass().getName());
}
return credential;
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials,context.getMaterialDescription());
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to decrypt envelope key",ex);
}
}
} else {
return null;
}
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
public CurrentMaterials(Entry encryptionEntry,Entry signingEntry) {
super();
this.encryptionEntry = encryptionEntry;
this.signingEntry = signingEntry;
if (encryptionEntry instanceof SecretKeyEntry) {
if (signingEntry instanceof SecretKeyEntry) {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),((SecretKeyEntry) signingEntry).getSecretKey(),description);
} else {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),entry2Pair(signingEntry),description);
}
} else {
this.symRawMaterials = null;
}
}
项目:dCache-Cloud
文件:KeyStoreHelper.java
public static boolean storeKey(String name,SecretKey key) {
if (ks == null)
return false;
try {
KeyStore.Entry entry = new SecretKeyEntry(key);
ks.setEntry(name,entry,pp);
// closeStore();
return true;
} catch (KeyStoreException e) {
e.printstacktrace();
}
return false;
}
项目:lams
文件:KeyStoreCredentialResolver.java
/**
* Build a Credential from a keystore secret key entry.
*
* @param secretKeyEntry the entry being processed
* @param entityID the entityID to set
* @param usage the usage type to set
* @return new Credential instance
*/
protected Credential processSecretKeyEntry(SecretKeyEntry secretKeyEntry,UsageType usage) {
log.debug("Processing SecretKeyEntry from keystore");
BasicCredential credential = new BasicCredential();
credential.setEntityId(entityID);
credential.setUsageType(usage);
credential.setSecretKey(secretKeyEntry.getSecretKey());
return credential;
}
项目:aws-encryption-sdk-java
文件:KeyStoreProvider.java
private JceMasterKey internalGetMasterKey(final String provider,final String keyId) {
final Entry entry;
try {
entry = keystore_.getEntry(keyId,keystore_.isKeyEntry(keyId) ? protection_ : null);
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw new UnsupportedProviderException(e);
}
if (entry == null) {
throw new NoSuchMasterKeyException();
}
if (entry instanceof SecretKeyEntry) {
final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(skEntry.getSecretKey(),provider,keyId,wrappingalgorithm_);
} else if (entry instanceof PrivateKeyEntry) {
final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(),pkEntry.getPrivateKey(),wrappingalgorithm_);
} else if (entry instanceof TrustedCertificateEntry) {
final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(),null,wrappingalgorithm_);
} else {
throw new NoSuchMasterKeyException();
}
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials,description);
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to encrypt envelope key",ex);
}
}
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
private asymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,Map<String,String> description) throws GeneralSecurityException {
KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
if (materials.signingEntry instanceof SecretKeyEntry) {
return new asymmetricRawMaterials(encryptionPair,((SecretKeyEntry) materials.signingEntry).getSecretKey(),description);
} else {
return new asymmetricRawMaterials(encryptionPair,entry2Pair(materials.signingEntry),description);
}
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProviderTest.java
@BeforeClass
public static void setUpBeforeClass() throws Exception {
KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
macGen.init(256,Utils.getRng());
macKey = macGen.generateKey();
KeyGenerator aesGen = KeyGenerator.getInstance("AES");
aesGen.init(128,Utils.getRng());
encryptionKey = aesGen.generateKey();
keyStore = KeyStore.getInstance("jceks");
keyStore.load(null,password.tochararray());
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.decode(keyPem));
privateKey = kf.generatePrivate(rsaSpec);
CertificateFactory cf = CertificateFactory.getInstance("X509");
certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certPem)));
keyStore.setEntry("enc",new SecretKeyEntry(encryptionKey),passwordProtection);
keyStore.setEntry("sig",new SecretKeyEntry(macKey),passwordProtection);
keyStore.setEntry("enc-a",new PrivateKeyEntry(privateKey,new Certificate[] {certificate}),passwordProtection);
keyStore.setEntry("sig-a",passwordProtection);
keyStore.setCertificateEntry("trustedCert",certificate);
}
/**
* {@inheritDoc}
*
* @see jp.co.future.uroborosql.filter.AbstractsqlFilter#initialize()
*/
@Override
public void initialize() {
if (getCryptColumnNames() == null || getCryptColumnNames().isEmpty()) {
setSkipFilter(true);
return;
} else {
cryptParamKeys = new ArrayList<>();
List<String> newColumnNames = new ArrayList<>();
for (String columnName : getCryptColumnNames()) {
cryptParamKeys.add(CaseFormat.CAMEL_CASE.convert(columnName));
newColumnNames.add(CaseFormat.UPPER_SNAKE_CASE.convert(columnName));
}
// 定義ファイルで指定されたカラム名は大文字でない可能性があるので、ここで大文字に置換し直す
cryptColumnNames = newColumnNames;
}
KeyStore store;
try {
if (StringUtils.isBlank(getKeyStoreFilePath())) {
LOG.error("Invalid KeyStore file path. Path:{}",getKeyStoreFilePath());
setSkipFilter(true);
return;
}
File storeFile = new File(getKeyStoreFilePath());
if (!storeFile.exists()) {
LOG.error("Not found KeyStore file path. Path:{}",getKeyStoreFilePath());
setSkipFilter(true);
return;
}
if (storeFile.isDirectory()) {
LOG.error("Invalid KeyStore file path. Path:{}",getKeyStoreFilePath());
setSkipFilter(true);
return;
}
if (StringUtils.isBlank(getStorePassword())) {
LOG.error("Invalid password for access KeyStore.");
setSkipFilter(true);
return;
}
if (StringUtils.isBlank(getAlias())) {
LOG.error("KeyStoreにアクセスするためのエイリアスが指定されていません。");
LOG.error("No alias for access KeyStore.");
setSkipFilter(true);
return;
}
store = KeyStore.getInstance("JCEKS");
char[] pass;
try (InputStream is = new BufferedInputStream(new FileInputStream(storeFile))) {
pass = new String(Base64.getUrlDecoder().decode(getStorePassword())).tochararray();
store.load(is,pass);
}
KeyStore.SecretKeyEntry entry = (SecretKeyEntry) store.getEntry(getAlias(),new KeyStore.PasswordProtection(pass));
secretKey = entry.getSecretKey();
encryptCipher = Cipher.getInstance(transformationType);
encryptCipher.init(Cipher.ENCRYPT_MODE,secretKey);
} catch (Exception ex) {
LOG.error("Failed to acquire secret key. Cause:{}",ex.getMessage());
setSkipFilter(true);
ex.printstacktrace();
}
}
public static void assertSecretKey(Entry actual)
throws Exception {
assertSame(SecretKeyEntry.class,actual.getClass());
assertEquals(SECRET_KEY,((SecretKeyEntry) actual).getSecretKey());
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。