javax.crypto.SealedObject Java Examples

The following examples show how to use javax.crypto.SealedObject. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeyProtector.java    From jdk8u60 with GNU General Public License v2.0 7 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #2
Source File: KeyProtector.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #3
Source File: KeyProtector.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #4
Source File: MetadataEncryptor.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Encrypt a properties if the data definition (model-specific) requires it.
 * 
 * @param propertyQName             the property qualified name
 * @param inbound                   the property to encrypt
 * @return                          the encrypted property or the original if encryption is not required
 */
public Serializable encrypt(QName propertyQName, Serializable inbound)
{
    PropertyDefinition propertyDef = dictionaryService.getProperty(propertyQName);
    if (inbound == null || propertyDef == null || !(propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)))
    {
        return inbound;
    }
    if (inbound instanceof SealedObject)
    {
        return inbound;
    }
    Serializable outbound = encryptor.sealObject(KeyProvider.ALIAS_METADATA, null, inbound);
    // Done
    return outbound;
}
 
Example #5
Source File: KeyProtector.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #6
Source File: KeyProtector.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #7
Source File: MetadataEncryptor.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Decrypt a property if the data definition (model-specific) requires it.
 * 
 * @param propertyQName             the property qualified name
 * @param inbound                   the property to decrypt
 * @return                          the decrypted property or the original if it wasn't encrypted
 */
public Serializable decrypt(QName propertyQName, Serializable inbound)
{
    PropertyDefinition propertyDef = dictionaryService.getProperty(propertyQName);
    if (inbound == null || propertyDef == null || !(propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)))
    {
        return inbound;
    }
    if (!(inbound instanceof SealedObject))
    {
        return inbound;
    }
    try
    {
     Serializable outbound = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, inbound);
     // Done
     return outbound;
    }
    catch(KeyException e)
    {
    	throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
    }
}
 
Example #8
Source File: WalletUtils.java    From blockchain-java with Apache License 2.0 6 votes vote down vote up
/**
 * 加载钱包数据
 */
private Wallets loadFromDisk() {
    try {
        SecretKeySpec sks = new SecretKeySpec(CIPHER_TEXT, ALGORITHM);
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, sks);
        @Cleanup CipherInputStream cipherInputStream = new CipherInputStream(
                new BufferedInputStream(new FileInputStream(WALLET_FILE)), cipher);
        @Cleanup ObjectInputStream inputStream = new ObjectInputStream(cipherInputStream);
        SealedObject sealedObject = (SealedObject) inputStream.readObject();
        return (Wallets) sealedObject.getObject(cipher);
    } catch (Exception e) {
        log.error("Fail to load wallet from disk ! ", e);
        throw new RuntimeException("Fail to load wallet from disk ! ");
    }
}
 
Example #9
Source File: WalletUtils.java    From blockchain-java with Apache License 2.0 6 votes vote down vote up
/**
 * 保存钱包数据
 */
private void saveToDisk(Wallets wallets) {
    try {
        if (wallets == null) {
            log.error("Fail to save wallet to file ! wallets is null ");
            throw new Exception("ERROR: Fail to save wallet to file !");
        }
        SecretKeySpec sks = new SecretKeySpec(CIPHER_TEXT, ALGORITHM);
        // Create cipher
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, sks);
        SealedObject sealedObject = new SealedObject(wallets, cipher);
        // Wrap the output stream
        @Cleanup CipherOutputStream cos = new CipherOutputStream(
                new BufferedOutputStream(new FileOutputStream(WALLET_FILE)), cipher);
        @Cleanup ObjectOutputStream outputStream = new ObjectOutputStream(cos);
        outputStream.writeObject(sealedObject);
    } catch (Exception e) {
        log.error("Fail to save wallet to disk !", e);
        throw new RuntimeException("Fail to save wallet to disk !");
    }
}
 
Example #10
Source File: NodePropertyValue.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
Serializable convert(Serializable value)
{
    if (value == null)
    {
        return null;
    }
    else if (value instanceof SealedObject)
    {
        return value;
    }
    else
    {
        throw new IllegalArgumentException("Encrypted properties must be encrypted by the client.");
    }
}
 
Example #11
Source File: KeyProtector.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #12
Source File: KeyProtector.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #13
Source File: AbstractEncryptor.java    From alfresco-core with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public Serializable sealObject(String keyAlias, AlgorithmParameters params, Serializable input)
{
    if (input == null)
    {
        return null;
    }
    Cipher cipher = getCipher(keyAlias, params, Cipher.ENCRYPT_MODE);
    if (cipher == null)
    {
        return input;
    }
    try
    {
        return new SealedObject(input, cipher);
    }
    catch (Exception e)
    {
        throw new AlfrescoRuntimeException("Failed to seal object", e);
    }
}
 
Example #14
Source File: RangerKeyStore.java    From ranger with Apache License 2.0 6 votes vote down vote up
private SealedObject sealKey(Key key, char[] password) throws Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("==> RangerKeyStore.sealKey()");
    }
    // Create SecretKey
    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
    SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
    pbeKeySpec.clearPassword();

    // Generate random bytes + set up the PBEParameterSpec
    SecureRandom random = new SecureRandom();
    byte[] salt = new byte[8];
    random.nextBytes(salt);
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // Seal the Key
    Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey, pbeSpec);
    if (logger.isDebugEnabled()) {
        logger.debug("<== RangerKeyStore.sealKey()");
    }
    return new RangerSealedObject(key, cipher);
}
 
Example #15
Source File: KeyProtector.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #16
Source File: RangerKeyStore.java    From ranger with Apache License 2.0 6 votes vote down vote up
private Key unsealKey(SealedObject sealedKey, char[] password) throws Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("==> RangerKeyStore.unsealKey()");
    }
    // Create SecretKey
    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
    SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
    pbeKeySpec.clearPassword();

    // Get the AlgorithmParameters from RangerSealedObject
    AlgorithmParameters algorithmParameters = null;
    if (sealedKey instanceof RangerSealedObject) {
        algorithmParameters = ((RangerSealedObject) sealedKey).getParameters();
    } else {
        algorithmParameters = new RangerSealedObject(sealedKey).getParameters();
    }

    // Unseal the Key
    Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
    cipher.init(Cipher.DECRYPT_MODE, secretKey, algorithmParameters);
    if (logger.isDebugEnabled()) {
        logger.debug("<== RangerKeyStore.unsealKey()");
    }
    return (Key) sealedKey.getObject(cipher);
}
 
Example #17
Source File: KeyProtector.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #18
Source File: ObjectSealer.java    From chvote-1-0 with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Parses a SealedObject from the given byte array and retrieves the original wrapped object
 *
 * @param encryptedObject a byte array representing a SealedObject
 * @param maxBytes        the maximum size allowed for the read object
 * @return the original Serializable object
 * @throws CryptoOperationRuntimeException
 * @see #sealObject(java.io.Serializable) the matching wrapping operation
 */
public Object unsealObject(byte[] encryptedObject, long maxBytes) {
    try {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encryptedObject);
        SealedObject sealedObject = SafeObjectReader.safeReadObject(SealedObject.class, new ArrayList<>(), MAX_OBJECTS, maxBytes, byteArrayInputStream);
        return sealedObject.getObject(key);
    } catch (IOException | ClassNotFoundException | InvalidKeyException | NoSuchAlgorithmException e) {
        throw new CryptoOperationRuntimeException("cannot unseal object", e);
    }

}
 
Example #19
Source File: ObjectSealer.java    From chvote-1-0 with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Wraps any serializable object into a SealedObject and returns the corresponding byte array
 *
 * @param object the object to seal
 * @return the byte array representing the SealedObject (locked with the cipher and key provided to the constructor)
 * @throws CryptoOperationRuntimeException
 * @see #unsealObject(byte[], long) the matching unwrapping method
 */
public byte[] sealObject(Serializable object) {
    ByteArrayOutputStream byteArrayOutputStream = null;
    try {
        cipher.init(Cipher.ENCRYPT_MODE, key, SecureRandomFactory.createPRNG());
        SealedObject sealedObject = new SealedObject(object, cipher);
        byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        objectOutputStream.writeObject(sealedObject);
    } catch (InvalidKeyException | IOException | IllegalBlockSizeException e) {
        throw new CryptoOperationRuntimeException("cannot seal object", e);
    }

    return byteArrayOutputStream.toByteArray();
}
 
Example #20
Source File: KeyProtector.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException
{
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, skey, params);
        return (Key)soForKeyProtector.getObject(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    }
}
 
Example #21
Source File: TestSealedObjectNull.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException,
        IllegalBlockSizeException, ClassNotFoundException,
        BadPaddingException {
    Cipher nullCipher = new NullCipher();

    // Seal
    SealedObject so = new SealedObject(SEAL_STR, nullCipher);

    // Unseal and compare
    if (!(SEAL_STR.equals(so.getObject(nullCipher)))) {
        throw new RuntimeException("Unseal and compare failed.");
    }

    System.out.println("Test passed.");
}
 
Example #22
Source File: TestSealedObjectNull.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException,
        IllegalBlockSizeException, ClassNotFoundException,
        BadPaddingException {
    Cipher nullCipher = new NullCipher();

    // Seal
    SealedObject so = new SealedObject(SEAL_STR, nullCipher);

    // Unseal and compare
    if (!(SEAL_STR.equals(so.getObject(nullCipher)))) {
        throw new RuntimeException("Unseal and compare failed.");
    }

    System.out.println("Test passed.");
}
 
Example #23
Source File: TestSealedObjectNull.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException,
        IllegalBlockSizeException, ClassNotFoundException,
        BadPaddingException {
    Cipher nullCipher = new NullCipher();

    // Seal
    SealedObject so = new SealedObject(SEAL_STR, nullCipher);

    // Unseal and compare
    if (!(SEAL_STR.equals(so.getObject(nullCipher)))) {
        throw new RuntimeException("Unseal and compare failed.");
    }

    System.out.println("Test passed.");
}
 
Example #24
Source File: KeyProtector.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException
{
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, skey, params);
        return (Key)soForKeyProtector.getObject(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    }
}
 
Example #25
Source File: KeyProtector.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException
{
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, skey, params);
        return (Key)soForKeyProtector.getObject(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    }
}
 
Example #26
Source File: BallotDecryptionController.java    From chvote-1-0 with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
protected List<EncryptedBallotAndWrappedKey> call() throws Exception {
    // Need to create the stream here, so it'll be available to the executor thread
    try (InputStream encBallotsInputStream = Files.newInputStream(encryptedBallotsFile.toPath(), StandardOpenOption.READ)) {
        return (List<EncryptedBallotAndWrappedKey>) SafeObjectReader.safeReadObject(
                ArrayList.class,
                Arrays.asList(EncryptedBallotAndWrappedKey.class, SealedObject.class),
                maxObjects,
                maxBytes,
                encBallotsInputStream);
    }
}
 
Example #27
Source File: KeyProtector.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException
{
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, skey, params);
        return (Key)soForKeyProtector.getObject(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    }
}
 
Example #28
Source File: KeyProtector.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unseals the sealed key.
 */
Key unseal(SealedObject so)
    throws NoSuchAlgorithmException, UnrecoverableKeyException
{
    try {
        // create PBE key from password
        PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
        SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
        pbeKeySpec.clearPassword();

        SealedObjectForKeyProtector soForKeyProtector = null;
        if (!(so instanceof SealedObjectForKeyProtector)) {
            soForKeyProtector = new SealedObjectForKeyProtector(so);
        } else {
            soForKeyProtector = (SealedObjectForKeyProtector)so;
        }
        AlgorithmParameters params = soForKeyProtector.getParameters();
        if (params == null) {
            throw new UnrecoverableKeyException("Cannot get " +
                                                "algorithm parameters");
        }
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                  SunJCE.getInstance(),
                                                  "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.DECRYPT_MODE, skey, params);
        return (Key)soForKeyProtector.getObject(cipher);
    } catch (NoSuchAlgorithmException ex) {
        // Note: this catch needed to be here because of the
        // later catch of GeneralSecurityException
        throw ex;
    } catch (IOException ioe) {
        throw new UnrecoverableKeyException(ioe.getMessage());
    } catch (ClassNotFoundException cnfe) {
        throw new UnrecoverableKeyException(cnfe.getMessage());
    } catch (GeneralSecurityException gse) {
        throw new UnrecoverableKeyException(gse.getMessage());
    }
}
 
Example #29
Source File: KeyProtector.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = null;
    Cipher cipher;
    try {
        sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
        pbeKeySpec.clearPassword();

        // seal key
        PBEWithMD5AndTripleDESCipher cipherSpi;
        cipherSpi = new PBEWithMD5AndTripleDESCipher();
        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                           "PBEWithMD5AndTripleDES");
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    } finally {
        if (sKey != null) sKey.destroy();
    }
    return new SealedObjectForKeyProtector(key, cipher);
}
 
Example #30
Source File: TestSealedObjectNull.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException,
        IllegalBlockSizeException, ClassNotFoundException,
        BadPaddingException {
    Cipher nullCipher = new NullCipher();

    // Seal
    SealedObject so = new SealedObject(SEAL_STR, nullCipher);

    // Unseal and compare
    if (!(SEAL_STR.equals(so.getObject(nullCipher)))) {
        throw new RuntimeException("Unseal and compare failed.");
    }

    System.out.println("Test passed.");
}