/** * Build a credential instance from the key store entry. * * @param keyStoreEntry the key store entry to process * @param entityID the entityID to include in the credential * @param usage the usage type to include in the credential * @return the new credential instance, appropriate to the type of key store entry being processed * @throws SecurityException throw if there is a problem building a credential from the key store entry */ protected Credential buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage) throws SecurityException { log.debug("Building credential from keystore entry for entityID {}, usage type {}", entityID, usage); Credential credential = null; if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) { credential = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry, entityID, keystoreUsage); } else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) { credential = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry, entityID, keystoreUsage); } else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) { credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry, entityID, keystoreUsage); } else { throw new SecurityException("KeyStore entry was of an unsupported type: " + keyStoreEntry.getClass().getName()); } return credential; }
@Override public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) { CurrentMaterials materials = currMaterials.get(); if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) { if (materials.encryptionEntry instanceof SecretKeyEntry) { return materials.symRawMaterials; } else { try { return makeAsymMaterials(materials, context.getMaterialDescription()); } catch (GeneralSecurityException ex) { throw new DynamoDBMappingException("Unable to decrypt envelope key", ex); } } } else { return null; } }
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) { super(); this.encryptionEntry = encryptionEntry; this.signingEntry = signingEntry; if (encryptionEntry instanceof SecretKeyEntry) { if (signingEntry instanceof SecretKeyEntry) { this.symRawMaterials = new SymmetricRawMaterials( ((SecretKeyEntry) encryptionEntry).getSecretKey(), ((SecretKeyEntry) signingEntry).getSecretKey(), description); } else { this.symRawMaterials = new SymmetricRawMaterials( ((SecretKeyEntry) encryptionEntry).getSecretKey(), entry2Pair(signingEntry), description); } } else { this.symRawMaterials = null; } }
public static boolean storeKey(String name, SecretKey key) { if (ks == null) return false; try { KeyStore.Entry entry = new SecretKeyEntry(key); ks.setEntry(name, entry, pp); // closeStore(); return true; } catch (KeyStoreException e) { e.printStackTrace(); } return false; }
/** * Build a Credential from a keystore secret key entry. * * @param secretKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new Credential instance */ protected Credential processSecretKeyEntry(SecretKeyEntry secretKeyEntry, String entityID, UsageType usage) { log.debug("Processing SecretKeyEntry from keystore"); BasicCredential credential = new BasicCredential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setSecretKey(secretKeyEntry.getSecretKey()); return credential; }
private JceMasterKey internalGetMasterKey(final String provider, final String keyId) { final Entry entry; try { entry = keystore_.getEntry(keyId, keystore_.isKeyEntry(keyId) ? protection_ : null); } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) { throw new UnsupportedProviderException(e); } if (entry == null) { throw new NoSuchMasterKeyException(); } if (entry instanceof SecretKeyEntry) { final SecretKeyEntry skEntry = (SecretKeyEntry) entry; if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) { return null; } return JceMasterKey.getInstance(skEntry.getSecretKey(), provider, keyId, wrappingAlgorithm_); } else if (entry instanceof PrivateKeyEntry) { final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry; if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) { return null; } return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey(), provider, keyId, wrappingAlgorithm_); } else if (entry instanceof TrustedCertificateEntry) { final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry; if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) { return null; } return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(), null, provider, keyId, wrappingAlgorithm_); } else { throw new NoSuchMasterKeyException(); } }
@Override public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) { CurrentMaterials materials = currMaterials.get(); if (materials.encryptionEntry instanceof SecretKeyEntry) { return materials.symRawMaterials; } else { try { return makeAsymMaterials(materials, description); } catch (GeneralSecurityException ex) { throw new DynamoDBMappingException("Unable to encrypt envelope key", ex); } } }
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials, Map<String, String> description) throws GeneralSecurityException { KeyPair encryptionPair = entry2Pair(materials.encryptionEntry); if (materials.signingEntry instanceof SecretKeyEntry) { return new AsymmetricRawMaterials(encryptionPair, ((SecretKeyEntry) materials.signingEntry).getSecretKey(), description); } else { return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry), description); } }
@BeforeClass public static void setUpBeforeClass() throws Exception { KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256"); macGen.init(256, Utils.getRng()); macKey = macGen.generateKey(); KeyGenerator aesGen = KeyGenerator.getInstance("AES"); aesGen.init(128, Utils.getRng()); encryptionKey = aesGen.generateKey(); keyStore = KeyStore.getInstance("jceks"); keyStore.load(null, password.toCharArray()); KeyFactory kf = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.decode(keyPem)); privateKey = kf.generatePrivate(rsaSpec); CertificateFactory cf = CertificateFactory.getInstance("X509"); certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certPem))); keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection); keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection); keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection); keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection); keyStore.setCertificateEntry("trustedCert", certificate); }
/** * {@inheritDoc} * * @see jp.co.future.uroborosql.filter.AbstractSqlFilter#initialize() */ @Override public void initialize() { if (getCryptColumnNames() == null || getCryptColumnNames().isEmpty()) { setSkipFilter(true); return; } else { cryptParamKeys = new ArrayList<>(); List<String> newColumnNames = new ArrayList<>(); for (String columnName : getCryptColumnNames()) { cryptParamKeys.add(CaseFormat.CAMEL_CASE.convert(columnName)); newColumnNames.add(CaseFormat.UPPER_SNAKE_CASE.convert(columnName)); } // 定義ファイルで指定されたカラム名は大文字でない可能性があるので、ここで大文字に置換し直す cryptColumnNames = newColumnNames; } KeyStore store; try { if (StringUtils.isBlank(getKeyStoreFilePath())) { LOG.error("Invalid KeyStore file path. Path:{}", getKeyStoreFilePath()); setSkipFilter(true); return; } File storeFile = new File(getKeyStoreFilePath()); if (!storeFile.exists()) { LOG.error("Not found KeyStore file path. Path:{}", getKeyStoreFilePath()); setSkipFilter(true); return; } if (storeFile.isDirectory()) { LOG.error("Invalid KeyStore file path. Path:{}", getKeyStoreFilePath()); setSkipFilter(true); return; } if (StringUtils.isBlank(getStorePassword())) { LOG.error("Invalid password for access KeyStore."); setSkipFilter(true); return; } if (StringUtils.isBlank(getAlias())) { LOG.error("KeyStoreにアクセスするためのエイリアスが指定されていません。"); LOG.error("No alias for access KeyStore."); setSkipFilter(true); return; } store = KeyStore.getInstance("JCEKS"); char[] pass; try (InputStream is = new BufferedInputStream(new FileInputStream(storeFile))) { pass = new String(Base64.getUrlDecoder().decode(getStorePassword())).toCharArray(); store.load(is, pass); } KeyStore.SecretKeyEntry entry = (SecretKeyEntry) store.getEntry(getAlias(), new KeyStore.PasswordProtection(pass)); secretKey = entry.getSecretKey(); encryptCipher = Cipher.getInstance(transformationType); encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey); } catch (Exception ex) { LOG.error("Failed to acquire secret key. Cause:{}", ex.getMessage()); setSkipFilter(true); ex.printStackTrace(); } }
public static void assertSecretKey(Entry actual) throws Exception { assertSame(SecretKeyEntry.class, actual.getClass()); assertEquals(SECRET_KEY, ((SecretKeyEntry) actual).getSecretKey()); }
