javax.crypto.Mac Scala Examples
The following examples show how to use javax.crypto.Mac.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
Source File: WithMacSigningKey.scala From tsec with MIT License | 5 votes |
package tsec.mac.jca import javax.crypto.{KeyGenerator, Mac, SecretKey} import javax.crypto.spec.SecretKeySpec import cats.Id import cats.effect.Sync import cats.instances.either._ import cats.syntax.either._ import tsec.keygen.symmetric.{IdKeyGen, SymmetricKeyGen} import tsec.mac.{MAC, MacAPI} protected[tsec] abstract class WithMacSigningKey[A](algo: String, keyLenBits: Int) extends MacKeyGenerator[A] with MacAPI[A, MacSigningKey] { implicit def syncMac[F[_]](implicit F: Sync[F]): JCAMessageAuth[F, A] = new JCAMessageAuth[F, A]() { def algorithm: String = algo protected[tsec] def genInstance: F[Mac] = F.delay(Mac.getInstance(algo)) protected[tsec] def signInternal(m: Mac, k: SecretKey, content: Array[Byte]): F[MAC[A]] = F.delay { m.init(k) MAC[A](m.doFinal(content)) } } implicit val macInstanceEither: JCAMessageAuth[MacErrorM, A] = new JCAMessageAuth[MacErrorM, A]() { def algorithm: String = algo protected[tsec] def genInstance: MacErrorM[Mac] = Either.catchNonFatal(Mac.getInstance(algo)) protected[tsec] def signInternal(m: Mac, k: SecretKey, content: Array[Byte]): MacErrorM[MAC[A]] = Either.catchNonFatal { m.init(k) MAC[A](m.doFinal(content)) } } implicit def genKeyMac[F[_]](implicit F: Sync[F]): MacKeyGen[F, A] = new SymmetricKeyGen[F, A, MacSigningKey] { def generateKey: F[MacSigningKey[A]] = F.delay(impl.generateKeyUnsafe()) def build(rawKey: Array[Byte]): F[MacSigningKey[A]] = F.delay(MacSigningKey[A](new SecretKeySpec(rawKey, algo))) } implicit def genKeyMacError: MacKeyGen[MacErrorM, A] = new MacKeyGen[MacErrorM, A] { def generateKey: MacErrorM[MacSigningKey[A]] = Either.catchNonFatal(impl.generateKeyUnsafe()) def build(rawKey: Array[Byte]): MacErrorM[MacSigningKey[A]] = Either.catchNonFatal(impl.buildKeyUnsafe(rawKey)) } implicit val idKeygenMac: IdKeyGen[A, MacSigningKey] = new IdKeyGen[A, MacSigningKey] { def generateKey: Id[MacSigningKey[A]] = impl.generateKeyUnsafe() def build(rawKey: Array[Byte]): Id[MacSigningKey[A]] = impl.buildKeyUnsafe(rawKey) } object impl { def generator: KeyGenerator = KeyGenerator.getInstance(algo) def generateKeyUnsafe(): MacSigningKey[A] = MacSigningKey.fromJavaKey[A](generator.generateKey()) def buildKeyUnsafe(key: Array[Byte]): MacSigningKey[A] = MacSigningKey.fromJavaKey[A](new SecretKeySpec(key, algo)) } implicit def keyGen: MacKeyGenerator[A] = this }
Example 2
Source File: Hmac.scala From incubator-toree with Apache License 2.0 | 5 votes |
package org.apache.toree.communication.security import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import org.apache.toree.communication.security.HmacAlgorithm.HmacAlgorithm object HmacAlgorithm extends Enumeration { type HmacAlgorithm = Value def apply(key: String) = Value(key) val MD5 = Value("HmacMD5") val SHA1 = Value("HmacSHA1") val SHA256 = Value("HmacSHA256") } object Hmac { def apply(key: String, algorithm: HmacAlgorithm = HmacAlgorithm.SHA256) = new Hmac(key, algorithm) def newMD5(key: String): Hmac = this(key, HmacAlgorithm.MD5) def newSHA1(key: String): Hmac = this(key, HmacAlgorithm.SHA1) def newSHA256(key: String): Hmac = this(key, HmacAlgorithm.SHA256) } class Hmac( val key: String, val algorithm: HmacAlgorithm = HmacAlgorithm.SHA256 ) { private var mac: Mac = _ private var secretKeySpec: SecretKeySpec = _ if (key.nonEmpty) { mac = Mac.getInstance(algorithm.toString) secretKeySpec = new SecretKeySpec(key.getBytes, algorithm.toString) mac.init(secretKeySpec) } def apply(items: String*): String = digest(items) def digest(items: Seq[String]): String = if (key.nonEmpty) { mac synchronized { items.map(_.getBytes("UTF-8")).foreach(mac.update) mac.doFinal().map("%02x" format _).mkString } } else "" }
Example 3
Source File: JwsAlgorithm.scala From akka-http-session with Apache License 2.0 | 5 votes |
package com.softwaremill.session import java.nio.charset.StandardCharsets.UTF_8 import java.security.spec.PKCS8EncodedKeySpec import java.security.{KeyFactory, PrivateKey, Signature} import java.util.Base64 import com.typesafe.config.Config import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import scala.util.{Failure, Success, Try} sealed trait JwsAlgorithm { def value: String def sign(message: String): String protected def encode(bytes: Array[Byte]): String = Base64.getUrlEncoder.withoutPadding().encodeToString(bytes) } object JwsAlgorithm { case class Rsa(privateKey: PrivateKey) extends JwsAlgorithm { override val value: String = "RS256" override def sign(message: String): String = { val privateSignature: Signature = Signature.getInstance("SHA256withRSA") privateSignature.initSign(privateKey) privateSignature.update(message.getBytes(UTF_8)) encode(privateSignature.sign()) } } object Rsa { def fromConfig(jwsConfig: Config): Try[Rsa] = { def readKeyFromConf(): Try[String] = { val configKey = "rsa-private-key" Option(jwsConfig.hasPath(configKey)) .filter(identity) .flatMap(_ => Option(jwsConfig.getString(configKey))) .filter(_.trim.nonEmpty) .map(_.replaceAll("\\s", "").replaceAll("-----[^-]+-----", "")) .map(Success(_)) .getOrElse(Failure(new IllegalArgumentException( "akka.http.session.jws.rsa-private-key must be defined in order to use alg = RS256"))) } readKeyFromConf() .flatMap { key => Try { val keyFactory = KeyFactory.getInstance("RSA") val privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder.decode(key))) Rsa(privateKey) }.recoverWith { case ex => Failure(new IllegalArgumentException("Invalid RSA private key", ex)) } } } } case class HmacSHA256(serverSecret: String) extends JwsAlgorithm { override val value: String = "HS256" override def sign(message: String): String = { val key = serverSecret.getBytes("UTF-8") val mac = Mac.getInstance("HmacSHA256") mac.init(new SecretKeySpec(key, "HmacSHA256")) encode(mac.doFinal(message.getBytes("utf-8"))) } } }
Example 4
Source File: Crypto.scala From akka-http-session with Apache License 2.0 | 5 votes |
package com.softwaremill.session import java.security.MessageDigest import java.util import com.softwaremill.session.SessionUtil._ import javax.crypto.spec.SecretKeySpec import javax.crypto.{Cipher, Mac} object Crypto { def sign_HmacSHA1_hex(message: String, secret: String): String = { val key = secret.getBytes("UTF-8") val mac = Mac.getInstance("HmacSHA1") mac.init(new SecretKeySpec(key, "HmacSHA1")) toHexString(mac.doFinal(message.getBytes("utf-8"))) } def sign_HmacSHA256_base64_v0_5_2(message: String, secret: String): String = { val key = secret.getBytes("UTF-8") val mac = Mac.getInstance("HmacSHA256") mac.init(new SecretKeySpec(key, "HmacSHA256")) SessionUtil.toBase64_v0_5_2(mac.doFinal(message.getBytes("utf-8"))) } def encrypt_AES(value: String, secret: String): String = { val raw = util.Arrays.copyOf(secret.getBytes("utf-8"), 16) val skeySpec = new SecretKeySpec(raw, "AES") val cipher = Cipher.getInstance("AES") cipher.init(Cipher.ENCRYPT_MODE, skeySpec) toHexString(cipher.doFinal(value.getBytes("utf-8"))) } def decrypt_AES(value: String, secret: String): String = { val raw = util.Arrays.copyOf(secret.getBytes("utf-8"), 16) val skeySpec = new SecretKeySpec(raw, "AES") val cipher = Cipher.getInstance("AES") cipher.init(Cipher.DECRYPT_MODE, skeySpec) new String(cipher.doFinal(hexStringToByte(value))) } def hash_SHA256(value: String): String = { val digest = MessageDigest.getInstance("SHA-256") toHexString(digest.digest(value.getBytes("UTF-8"))) } }
Example 5
Source File: S3UploadController.scala From scuruto with MIT License | 5 votes |
package controller.upload import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import _root_.controller.UploadController import lib._ import model.Upload import model.typebinder.UserId import org.apache.commons.codec.binary.Base64 import org.joda.time.format.DateTimeFormat import org.joda.time._ import skinny._ object S3UploadController extends UploadController { override def destination: UploadDestination = UploadDestination("s3") // -------------- // sign val AWS_ACCESS_KEY = "AWS_ACCESS_KEY" val AWS_SECRET_KEY = "AWS_SECRET_KEY" def sign: String = { val userId = policiesParams.getAs[UserId]("user_id").get val filename = params("filename") val ext = filename.split('.').last val seed = userId.value + "_" + DateTime.now().toString + "_" + filename val baseDir = SkinnyConfig.stringConfigValue("upload.s3.baseDir").getOrElse("") val path = baseDir + new Sha1Digest(seed).digestString + "." + ext val bucket = SkinnyConfig.stringConfigValue("upload.s3.bucket").getOrElse(throw new IllegalArgumentException) val policyDocument = toJSONString(Map( "expiration" -> new DateTime(DateTimeZone.UTC).plusMinutes(1).toString(DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss'Z")), "conditions" -> Array( Map("bucket" -> bucket), Map("key" -> path), Map("Content-Type" -> policiesParams.getAs("content_type")), Array("content-length-range", policiesParams.getAs("size"), policiesParams.getAs("size")) ) ), underscoreKeys = false) val policy = Base64.encodeBase64String(policyDocument.getBytes("UTF-8")) val hmac = Mac.getInstance("HmacSHA1") hmac.init(new SecretKeySpec(sys.env(AWS_SECRET_KEY).getBytes("UTF-8"), "HmacSHA1")) val signature = Base64.encodeBase64String(hmac.doFinal(policy.getBytes("UTF-8"))) // add to uploads table Upload.createWithAttributes( 'user_id -> userId.value, 'original_filename -> filename, 'filename -> path ) // response toJSONString(Map( "url" -> s"https://$bucket.s3.amazonaws.com/", "form" -> Map( "AWSAccessKeyId" -> sys.env(AWS_ACCESS_KEY), "signature" -> signature, "policy" -> policy, "key" -> path, "Content-Type" -> policiesParams.getAs("content_type") ) ), underscoreKeys = false) } // -------------- override def upload: Any = throw new UnsupportedOperationException // -------------- override def uploadedFileBaseUrl: UploadedBaseURL = UploadedBaseURL("s3") }
Example 6
Source File: GameHeaderCryptTBC.scala From wowchat with GNU General Public License v3.0 | 5 votes |
package wowchat.game import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec class GameHeaderCryptTBC extends GameHeaderCrypt { override def init(key: Array[Byte]): Unit = { super.init(key) val hmacSeed = Array( 0x38, 0xA7, 0x83, 0x15, 0xF8, 0x92, 0x25, 0x30, 0x71, 0x98, 0x67, 0xB1, 0x8C, 0x04, 0xE2, 0xAA ).map(_.toByte) val md = Mac.getInstance("HmacSHA1") md.init(new SecretKeySpec(hmacSeed, "HmacSHA1")) md.update(key) _key = md.doFinal() } }
Example 7
Source File: GameHeaderCryptWotLK.scala From wowchat with GNU General Public License v3.0 | 5 votes |
package wowchat.game import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec class GameHeaderCryptWotLK extends GameHeaderCrypt { private var clientCrypt: RC4 = _ private var serverCrypt: RC4 = _ protected val serverHmacSeed: Array[Byte] = Array( 0xCC, 0x98, 0xAE, 0x04, 0xE8, 0x97, 0xEA, 0xCA, 0x12, 0xDD, 0xC0, 0x93, 0x42, 0x91, 0x53, 0x57 ).map(_.toByte) protected val clientHmacSeed: Array[Byte] = Array( 0xC2, 0xB3, 0x72, 0x3C, 0xC6, 0xAE, 0xD9, 0xB5, 0x34, 0x3C, 0x53, 0xEE, 0x2F, 0x43, 0x67, 0xCE ).map(_.toByte) override def decrypt(data: Array[Byte]): Array[Byte] = { if (!_initialized) { return data } serverCrypt.cryptToByteArray(data) } override def encrypt(data: Array[Byte]): Array[Byte] = { if (!_initialized) { return data } clientCrypt.cryptToByteArray(data) } override def init(key: Array[Byte]): Unit = { val md = Mac.getInstance("HmacSHA1") md.init(new SecretKeySpec(serverHmacSeed, "HmacSHA1")) md.update(key) val serverKey = md.doFinal() md.init(new SecretKeySpec(clientHmacSeed, "HmacSHA1")) md.update(key) val clientKey = md.doFinal() serverCrypt = new RC4(serverKey) serverCrypt.cryptToByteArray(new Array[Byte](1024)) clientCrypt = new RC4(clientKey) clientCrypt.cryptToByteArray(new Array[Byte](1024)) _initialized = true } }
Example 8
Source File: AuthToken.scala From docspell with GNU General Public License v3.0 | 5 votes |
package docspell.backend.auth import java.time.Instant import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import cats.effect._ import cats.implicits._ import docspell.backend.Common import docspell.backend.auth.AuthToken._ import docspell.common._ import scodec.bits.ByteVector case class AuthToken(millis: Long, account: AccountId, salt: String, sig: String) { def asString = s"$millis-${b64enc(account.asString)}-$salt-$sig" def sigValid(key: ByteVector): Boolean = { val newSig = AuthToken.sign(this, key) AuthToken.constTimeEq(sig, newSig) } def sigInvalid(key: ByteVector): Boolean = !sigValid(key) def notExpired(validity: Duration): Boolean = !isExpired(validity) def isExpired(validity: Duration): Boolean = { val ends = Instant.ofEpochMilli(millis).plusMillis(validity.millis) Instant.now.isAfter(ends) } def validate(key: ByteVector, validity: Duration): Boolean = sigValid(key) && notExpired(validity) } object AuthToken { private val utf8 = java.nio.charset.StandardCharsets.UTF_8 def fromString(s: String): Either[String, AuthToken] = s.split("\\-", 4) match { case Array(ms, as, salt, sig) => for { millis <- asInt(ms).toRight("Cannot read authenticator data") acc <- b64dec(as).toRight("Cannot read authenticator data") accId <- AccountId.parse(acc) } yield AuthToken(millis, accId, salt, sig) case _ => Left("Invalid authenticator") } def user[F[_]: Sync](accountId: AccountId, key: ByteVector): F[AuthToken] = for { salt <- Common.genSaltString[F] millis = Instant.now.toEpochMilli cd = AuthToken(millis, accountId, salt, "") sig = sign(cd, key) } yield cd.copy(sig = sig) private def sign(cd: AuthToken, key: ByteVector): String = { val raw = cd.millis.toString + cd.account.asString + cd.salt val mac = Mac.getInstance("HmacSHA1") mac.init(new SecretKeySpec(key.toArray, "HmacSHA1")) ByteVector.view(mac.doFinal(raw.getBytes(utf8))).toBase64 } private def b64enc(s: String): String = ByteVector.view(s.getBytes(utf8)).toBase64 private def b64dec(s: String): Option[String] = ByteVector.fromValidBase64(s).decodeUtf8.toOption private def asInt(s: String): Option[Long] = Either.catchNonFatal(s.toLong).toOption private def constTimeEq(s1: String, s2: String): Boolean = s1.zip(s2) .foldLeft(true)({ case (r, (c1, c2)) => r & c1 == c2 }) & s1.length == s2.length }
Example 9
Source File: Crypto.scala From tepkin with Apache License 2.0 | 5 votes |
package net.fehmicansaglam.tepkin.util import java.security.MessageDigest import javax.crypto.spec.{PBEKeySpec, SecretKeySpec} import javax.crypto.{Mac, SecretKeyFactory} import net.fehmicansaglam.bson.util.Codec trait Crypto extends Codec { def sha1(value: String): String = { val digest = sha1(value.getBytes("UTF-8")) encodeBase64(digest) } def sha1(value: Array[Byte]): Array[Byte] = { MessageDigest.getInstance("SHA-1").digest(value) } def hmac(value: Array[Byte], key: String): Array[Byte] = { val signingKey = new SecretKeySpec(value, "HmacSHA1") val mac = Mac.getInstance("HmacSHA1") mac.init(signingKey) mac.doFinal(decodeUtf8(key)) } def keyDerive(password: String, salt: Array[Byte], iterations: Int): Array[Byte] = { val spec = new PBEKeySpec(password.toCharArray, salt, iterations, 20 * 8 ) val keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1") keyFactory.generateSecret(spec).getEncoded } def xor(as: Array[Byte], bs: Array[Byte]): Array[Byte] = { as.zip(bs).map { case (a, b) => (a ^ b).toByte } } } object Crypto extends Crypto
Example 10
Source File: AuthUtil.scala From shield with MIT License | 5 votes |
package shield.aws import java.nio.charset.StandardCharsets import java.security.MessageDigest import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import org.apache.commons.codec.binary.Hex import org.joda.time.format.DateTimeFormat import org.joda.time.{DateTime, DateTimeZone} import spray.http.HttpHeaders.RawHeader import spray.http.HttpRequest object HexBytesUtil { def hex2bytes(hex: String): Array[Byte] = { hex.replaceAll("[^0-9A-Fa-f]", "").sliding(2, 2).toArray.map(Integer.parseInt(_, 16).toByte) } def bytes2hex(bytes: Array[Byte], sep: Option[String] = None): String = { sep match { case None => bytes.map("%02x".format(_)).mkString case _ => bytes.map("%02x".format(_)).mkString(sep.get) } } }
Example 11
Source File: Hmac.scala From incubator-toree with Apache License 2.0 | 5 votes |
package org.apache.toree.communication.security import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import org.apache.toree.communication.security.HmacAlgorithm.HmacAlgorithm object HmacAlgorithm extends Enumeration { type HmacAlgorithm = Value def apply(key: String) = Value(key) val MD5 = Value("HmacMD5") val SHA1 = Value("HmacSHA1") val SHA256 = Value("HmacSHA256") } object Hmac { def apply(key: String, algorithm: HmacAlgorithm = HmacAlgorithm.SHA256) = new Hmac(key, algorithm) def newMD5(key: String): Hmac = this(key, HmacAlgorithm.MD5) def newSHA1(key: String): Hmac = this(key, HmacAlgorithm.SHA1) def newSHA256(key: String): Hmac = this(key, HmacAlgorithm.SHA256) } class Hmac( val key: String, val algorithm: HmacAlgorithm = HmacAlgorithm.SHA256 ) { private var mac: Mac = _ private var secretKeySpec: SecretKeySpec = _ if (key.nonEmpty) { mac = Mac.getInstance(algorithm.toString) secretKeySpec = new SecretKeySpec(key.getBytes, algorithm.toString) mac.init(secretKeySpec) } def apply(items: String*): String = digest(items) def digest(items: Seq[String]): String = if (key.nonEmpty) { mac synchronized { items.map(_.getBytes("UTF-8")).foreach(mac.update) mac.doFinal().map("%02x" format _).mkString } } else "" }
Example 12
Source File: Encoder.scala From twitter4s with Apache License 2.0 | 5 votes |
package com.danielasfregola.twitter4s.util import java.security.MessageDigest import java.util.Base64 import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec private[twitter4s] trait Encoder { def toHmacSha1(base: String, secret: String): String = { val HMAC_SHA1 = "HmacSHA1" val UTF8 = "UTF-8" val secretKeySpec = new SecretKeySpec(secret.getBytes(UTF8), HMAC_SHA1) val mac = Mac.getInstance(HMAC_SHA1) mac.init(secretKeySpec) val bytesToSign = base.getBytes(UTF8) val digest = mac.doFinal(bytesToSign) Base64.getEncoder.encodeToString(digest) } def toBase64(data: Array[Byte]): String = Base64.getEncoder.encodeToString(data) def toSha1(base: String): String = { val SHA1 = "SHA-1" val messageDigest = MessageDigest.getInstance(SHA1) val bytes = messageDigest.digest(base.getBytes) val stringBuffer = new StringBuffer bytes.foreach { byte => stringBuffer.append(Integer.toString((byte & 0xff) + 0x100, 16).substring(1)) } stringBuffer.toString } }
Example 13
Source File: Utils.scala From akka-pusher with MIT License | 5 votes |
package com.github.dtaniwaki.akka_pusher import java.math.BigInteger import java.security.MessageDigest import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import akka.http.scaladsl.model.Uri object Utils { val HEX = 16 val LENGTH = 32 def byteArrayToString(data: Array[Byte]): String = { val bigInteger = new BigInteger(1, data) var hash = bigInteger.toString(HEX) while (hash.length() < LENGTH) { hash = "0" + hash } hash } def md5(string: String): String = { val bytesOfMessage = string.getBytes("UTF-8") val md = MessageDigest.getInstance("MD5") val digest = md.digest(bytesOfMessage) byteArrayToString(digest) } def sha256(secret: String, string: String): String = { val signingKey = new SecretKeySpec(secret.getBytes(), "HmacSHA256") val mac = Mac.getInstance("HmacSHA256") mac.init(signingKey) val digest = mac.doFinal(string.getBytes("UTF-8")) val bigInteger = new BigInteger(1, digest) String.format("%0" + (digest.length << 1) + "x", bigInteger) } def normalizeQuery(query: Uri.Query): Uri.Query = { Uri.Query(query.map { case (k, v) => (k.toString.toLowerCase, v) }.sortBy(_._1): _*) } }