org.apache.nifi.security.util.crypto

Class NiFiLegacyCipherProvider

java.lang.Object

org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider

org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider

All Implemented Interfaces:

CipherProvider, PBECipherProvider

Deprecated.

@Deprecated
public class NiFiLegacyCipherProvider
extends OpenSSLPKCS5CipherProvider
implements PBECipherProvider

Provides a cipher initialized with the original NiFi key derivation process for password-based encryption (MD5 @ 1000 iterations). This is not a secure KeyDerivationFunction (KDF) and should no longer be used. It is provided only for backward-compatibility with legacy data. A strong KDF should be selected for any future use.

See Also:

BcryptCipherProvider, ScryptCipherProvider, PBKDF2CipherProvider

Field Summary

Fields

Modifier and Type	Field and Description
private static DeprecationLogger	deprecationLogger Deprecated.
private static int	ITERATION_COUNT Deprecated.
private static org.slf4j.Logger	logger Deprecated.

Constructor Summary

Constructors

Constructor and Description
NiFiLegacyCipherProvider() Deprecated.

Method Summary

Modifier and Type	Method and Description
private int	calculateSaltLength(EncryptionMethod encryptionMethod) Deprecated.
byte[]	generateSalt(EncryptionMethod encryptionMethod) Deprecated.
Cipher	getCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, int keyLength, boolean encryptMode) Deprecated. Returns an initialized cipher for the specified algorithm.
protected int	getIterationCount() Deprecated.
byte[]	readSalt(EncryptionMethod encryptionMethod, InputStream in) Deprecated. Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected.
byte[]	readSalt(InputStream in) Deprecated. Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected.
protected void	validateSalt(EncryptionMethod encryptionMethod, byte[] salt) Deprecated.
void	writeSalt(byte[] salt, OutputStream out) Deprecated. Writes the salt provided as part of the cipher stream, or throws an exception if it cannot be written.

Methods inherited from class org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider

generateSalt, getCipher, getCipher, getDefaultSaltLength, getInitializedCipher

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.nifi.security.util.crypto.PBECipherProvider

generateSalt, getDefaultSaltLength

Field Detail

logger

private static final org.slf4j.Logger logger

Deprecated.

deprecationLogger

private static final DeprecationLogger deprecationLogger

Deprecated.

ITERATION_COUNT

private static final int ITERATION_COUNT

Deprecated.

See Also:

Constant Field Values

Constructor Detail

NiFiLegacyCipherProvider

public NiFiLegacyCipherProvider()

Deprecated.

Method Detail

getCipher

public Cipher getCipher(EncryptionMethod encryptionMethod,
                        String password,
                        byte[] salt,
                        int keyLength,
                        boolean encryptMode)
                 throws Exception

Deprecated.

Returns an initialized cipher for the specified algorithm. The key (and IV if necessary) are derived using the NiFi legacy code, based on @see org.apache.nifi.crypto .OpenSSLPKCS5CipherProvider#getCipher(java.lang.String, java.lang.String, java.lang.String, byte[], boolean) [essentially MD5(password || salt) * 1000 ].

Specified by:

getCipher in interface PBECipherProvider

Overrides:

getCipher in class OpenSSLPKCS5CipherProvider

Parameters:

encryptionMethod - the EncryptionMethod

password - the secret input

salt - the salt

keyLength - the desired key length in bits (ignored because OpenSSL ciphers provide key length in algorithm name)

encryptMode - true for encrypt, false for decrypt

Returns:

the initialized cipher

Throws:

Exception - if there is a problem initializing the cipher

generateSalt

public byte[] generateSalt(EncryptionMethod encryptionMethod)

Deprecated.

validateSalt

protected void validateSalt(EncryptionMethod encryptionMethod,
                            byte[] salt)

Deprecated.

Overrides:

validateSalt in class OpenSSLPKCS5CipherProvider

calculateSaltLength

private int calculateSaltLength(EncryptionMethod encryptionMethod)

Deprecated.

readSalt

public byte[] readSalt(InputStream in)
                throws IOException,
                       ProcessException

Deprecated.

Description copied from class: OpenSSLPKCS5CipherProvider

Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected.

Specified by:

readSalt in interface PBECipherProvider

Overrides:

readSalt in class OpenSSLPKCS5CipherProvider

Parameters:

in - the cipher InputStream

Returns:

the salt

Throws:

IOException

ProcessException

readSalt

public byte[] readSalt(EncryptionMethod encryptionMethod,
                       InputStream in)
                throws IOException

Deprecated.

Returns the salt provided as part of the cipher stream, or throws an exception if one cannot be detected. This method is only implemented by NiFiLegacyCipherProvider because the legacy salt generation was dependent on the cipher block size.

Parameters:

encryptionMethod - the encryption method

in - the cipher InputStream

Returns:

the salt

Throws:

IOException

writeSalt

public void writeSalt(byte[] salt,
                      OutputStream out)
               throws IOException

Deprecated.

Description copied from interface: PBECipherProvider

Writes the salt provided as part of the cipher stream, or throws an exception if it cannot be written.

Specified by:

writeSalt in interface PBECipherProvider

Overrides:

writeSalt in class OpenSSLPKCS5CipherProvider

Parameters:

salt - the salt

out - the cipher OutputStream

Throws:

IOException

getIterationCount

protected int getIterationCount()

Deprecated.

Overrides:

getIterationCount in class OpenSSLPKCS5CipherProvider