org.apache.nifi.security.util.crypto

Class OpenSSLPKCS5CipherProvider

java.lang.Object

org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider

All Implemented Interfaces:

CipherProvider, PBECipherProvider

Direct Known Subclasses:

NiFiLegacyCipherProvider

public class OpenSSLPKCS5CipherProvider
extends Object
implements PBECipherProvider

Field Summary

Fields

Modifier and Type	Field and Description
private static int	DEFAULT_SALT_LENGTH
private static byte[]	EMPTY_SALT
private static int	ITERATION_COUNT
private static org.slf4j.Logger	logger
private static String	OPENSSL_EVP_HEADER_MARKER
private static int	OPENSSL_EVP_HEADER_SIZE

Constructor Summary

Constructors

Constructor and Description
OpenSSLPKCS5CipherProvider()

Method Summary

Modifier and Type	Method and Description
byte[]	generateSalt() Returns a random salt suitable for this cipher provider.
Cipher	getCipher(EncryptionMethod encryptionMethod, String password, boolean encryptMode) Convenience method without key length parameter.
Cipher	getCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, boolean encryptMode) Convenience method without key length parameter.
Cipher	getCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, int keyLength, boolean encryptMode) Returns an initialized cipher for the specified algorithm.
int	getDefaultSaltLength() Returns the default salt length for this implementation.
protected Cipher	getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, boolean encryptMode)
protected int	getIterationCount()
byte[]	readSalt(InputStream in) Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected.
protected void	validateSalt(EncryptionMethod encryptionMethod, byte[] salt)
void	writeSalt(byte[] salt, OutputStream out) Writes the salt provided as part of the cipher stream, or throws an exception if it cannot be written.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

ITERATION_COUNT

private static final int ITERATION_COUNT

See Also:

Constant Field Values

DEFAULT_SALT_LENGTH

private static final int DEFAULT_SALT_LENGTH

See Also:

Constant Field Values

EMPTY_SALT

private static final byte[] EMPTY_SALT

OPENSSL_EVP_HEADER_MARKER

private static final String OPENSSL_EVP_HEADER_MARKER

See Also:

Constant Field Values

OPENSSL_EVP_HEADER_SIZE

private static final int OPENSSL_EVP_HEADER_SIZE

See Also:

Constant Field Values

Constructor Detail

OpenSSLPKCS5CipherProvider

public OpenSSLPKCS5CipherProvider()

Method Detail

getCipher

public Cipher getCipher(EncryptionMethod encryptionMethod,
                        String password,
                        byte[] salt,
                        int keyLength,
                        boolean encryptMode)
                 throws Exception

Returns an initialized cipher for the specified algorithm. The key (and IV if necessary) are derived using the OpenSSL EVP_BytesToKey proprietary KDF [essentially MD5(password || salt) ].

Specified by:

getCipher in interface PBECipherProvider

Parameters:

encryptionMethod - the EncryptionMethod

password - the secret input

salt - the salt

keyLength - the desired key length in bits (ignored because OpenSSL ciphers provide key length in algorithm name)

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher

getCipher

public Cipher getCipher(EncryptionMethod encryptionMethod,
                        String password,
                        boolean encryptMode)
                 throws Exception

Convenience method without key length parameter. See OpenSSLPKCS5CipherProvider#getCipher(EncryptionMethod, String, int, boolean)

Parameters:

encryptionMethod - the EncryptionMethod

password - the secret input

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher

getCipher

public Cipher getCipher(EncryptionMethod encryptionMethod,
                        String password,
                        byte[] salt,
                        boolean encryptMode)
                 throws Exception

Convenience method without key length parameter. See getCipher(EncryptionMethod, String, byte[], int, boolean)

Parameters:

encryptionMethod - the EncryptionMethod

password - the secret input

salt - the salt

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher

getInitializedCipher

protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod,
                                      String password,
                                      byte[] salt,
                                      boolean encryptMode)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException,
                                      InvalidKeySpecException,
                                      NoSuchPaddingException,
                                      InvalidKeyException,
                                      InvalidAlgorithmParameterException

Throws:

NoSuchAlgorithmException

NoSuchProviderException

InvalidKeySpecException

NoSuchPaddingException

InvalidKeyException

InvalidAlgorithmParameterException

validateSalt

protected void validateSalt(EncryptionMethod encryptionMethod,
                            byte[] salt)

getIterationCount

protected int getIterationCount()

generateSalt

public byte[] generateSalt()

Description copied from interface: PBECipherProvider

Returns a random salt suitable for this cipher provider.

Specified by:

generateSalt in interface PBECipherProvider

Returns:

a random salt

See Also:

PBECipherProvider.getDefaultSaltLength()

getDefaultSaltLength

public int getDefaultSaltLength()

Description copied from interface: PBECipherProvider

Returns the default salt length for this implementation.

Specified by:

getDefaultSaltLength in interface PBECipherProvider

Returns:

the default salt length in bytes

readSalt

public byte[] readSalt(InputStream in)
                throws IOException

Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected.

Specified by:

readSalt in interface PBECipherProvider

Parameters:

in - the cipher InputStream

Returns:

the salt

Throws:

IOException

writeSalt

public void writeSalt(byte[] salt,
                      OutputStream out)
               throws IOException

Description copied from interface: PBECipherProvider

Writes the salt provided as part of the cipher stream, or throws an exception if it cannot be written.

Specified by:

writeSalt in interface PBECipherProvider

Parameters:

salt - the salt

out - the cipher OutputStream

Throws:

IOException