private void assertInitialized() { if (!initialized) { throw new OSecurityException(ENCRYPTION_NOT_INITIALIZED_ERROR); } }
private void assertCiphertextSizeIsValid(int size) { if (size < MIN_CIPHERTEXT_SIZE) { throw new OSecurityException(format(INVALID_CIPHERTEXT_SIZE_ERROR, MIN_CIPHERTEXT_SIZE, size)); } }
private void assertNonBlocking(SecureRandom secureRandom) { ExecutorService executor = Executors.newSingleThreadExecutor(); try { executor.submit(() -> secureRandom.nextInt()).get(1, TimeUnit.MINUTES); } catch (InterruptedException | ExecutionException e) { throw new IllegalStateException(e); } catch (TimeoutException e) { throw new OSecurityException(BLOCKING_SECURE_RANDOM_ERROR); } finally { executor.shutdownNow(); } }
public byte[] encryptOrDecrypt(final int mode, final byte[] input, final int offset, final int length) throws Exception { if (!initialized) throw new OSecurityException("DES encryption algorithm is not available"); cipher.init(mode, theKey); final byte[] content; if (offset == 0 && length == input.length) { content = input; } else { content = new byte[length]; System.arraycopy(input, offset, content, 0, length); } return cipher.doFinal(content); } }
public byte[] encryptOrDecrypt(final int mode, final byte[] input, final int offset, final int length) throws Exception { if (!initialized) throw new OSecurityException("AES encryption algorithm is not available"); Cipher cipher = Cipher.getInstance(TRANSFORMATION); cipher.init(mode, theKey); final byte[] content; if (offset == 0 && length == input.length) { content = input; } else { content = new byte[length]; System.arraycopy(input, offset, content, 0, length); } return cipher.doFinal(content); } }
private static Cipher getCipherInstance() { try { return Cipher.getInstance(TRANSFORMATION); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { throw OException.wrapException(new OSecurityException(NO_SUCH_CIPHER), e); } }
/** * Uses the specified SecretKey as the private key and sets key algorithm from the SecretKey. */ public OSymmetricKey(final SecretKey secretKey) throws OSecurityException { if (secretKey == null) throw new OSecurityException("OSymmetricKey(SecretKey) secretKey is null"); this.secretKey = secretKey; this.secretKeyAlgorithm = secretKey.getAlgorithm(); }
/** * Returns the internal SecretKey as a Base64 String. */ public String getBase64Key() { if (secretKey == null) throw new OSecurityException("OSymmetricKey.getBase64Key() SecretKey is null"); return convertToBase64(secretKey.getEncoded()); }
/** * Sets the SecretKey based on the specified algorithm and Base64 key specified. */ public OSymmetricKey(final String algorithm, final String base64Key) throws OSecurityException { this.secretKeyAlgorithm = algorithm; try { final byte[] keyBytes = OSymmetricKey.convertFromBase64(base64Key); this.secretKey = new SecretKeySpec(keyBytes, secretKeyAlgorithm); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.OSymmetricKey() Exception: " + ex.getMessage()), ex); } }
/** * This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]). * * @param value The String to be encoded to Base64 then encrypted. * * @return A Base64-encoded JSON document. */ public String encrypt(final String value) { try { return encrypt(value.getBytes("UTF8")); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage()), ex); } }
/** * This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]). * * @param transform The cipher transformation to use. * @param value The String to be encoded to Base64 then encrypted. * * @return A Base64-encoded JSON document. */ public String encrypt(final String transform, final String value) { try { return encrypt(transform, value.getBytes("UTF8")); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage()), ex); } }
/** * This method decrypts the Base64-encoded JSON document using the specified algorithm and cipher transformation. * * @param encodedJSON The Base64-encoded JSON document. * * @return The decrypted array of bytes as a UTF8 String or null if not successful. */ public String decryptAsString(final String encodedJSON) { try { byte[] decrypted = decrypt(encodedJSON); return new String(decrypted, "UTF8"); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.decryptAsString() Exception: " + ex.getMessage()), ex); } }
private SecretKey createKey(String base64EncodedKey) { if (base64EncodedKey == null) { throw new OSecurityException(format(MISSING_KEY_ERROR, OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey())); } try { final byte[] keyBytes = Base64.getDecoder().decode(base64EncodedKey.getBytes()); validateKeySize(keyBytes.length); return new SecretKeySpec(keyBytes, ALGORITHM_NAME); } catch (IllegalArgumentException e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException(INVALID_KEY_ERROR), e); } }
public OEncryption configure(final String iOptions) { initialized = false; if (iOptions == null) throw new OSecurityException( "AES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'"); try { final byte[] key = Base64.getDecoder().decode(iOptions); theKey = new SecretKeySpec(key, ALGORITHM_NAME); // AES } catch (Exception e) { throw OException.wrapException(new OInvalidStorageEncryptionKeyException( "Cannot initialize AES encryption with current key. Assure the key is a BASE64 - 128 oe 256 bits long"), e); } this.initialized = true; return this; }
/** * Creates an OSymmetricKey from an InputStream containing a Base64 key. */ public static OSymmetricKey fromStream(final String algorithm, final InputStream is) { String base64Key = null; try { base64Key = OIOUtils.readStreamAsString(is); } catch (Exception ex) { throw OException.wrapException(new OSecurityException("OSymmetricKey.fromStream() Exception: " + ex.getMessage()), ex); } return new OSymmetricKey(algorithm, base64Key); }
public STATUSES getAccountStatus() { final String status = (String) document.field("status"); if (status == null) throw new OSecurityException("User '" + getName() + "' has no status"); return STATUSES.valueOf(status); }
@Override public byte[] decrypt(final byte[] input, final int offset, final int length) { assertInitialized(); assertRangeIsValid(input.length, offset, length); assertCiphertextSizeIsValid(length); byte[] nonce = readNonce(input); Cipher cipher = getAndInitializeCipher(DECRYPT_MODE, nonce); try { return cipher.doFinal(input, offset + GCM_NONCE_SIZE_IN_BYTES, length - GCM_NONCE_SIZE_IN_BYTES); } catch (AEADBadTagException e) { throw OException.wrapException(new OSecurityException(AUTHENTICATION_ERROR), e); } catch (IllegalBlockSizeException | BadPaddingException e) { throw new IllegalStateException("Unexpected exception during GCM decryption.", e); } }
public static boolean encodePassword(final ODocument iDocument) { if (iDocument.field("name") == null) throw new OSecurityException("User name not found"); final String password = (String) iDocument.field("password"); if (password == null) throw new OSecurityException("User '" + iDocument.field("name") + "' has no password"); if (Orient.instance().getSecurity() != null) { Orient.instance().getSecurity().validatePassword(password); } if (!password.startsWith("{")) { iDocument.field("password", encryptPassword(password)); return true; } return false; }
public void checkForClusterPermissions(final String iClusterName) { // CHECK FOR ORESTRICTED final Set<OClass> classes = getMetadata().getImmutableSchemaSnapshot().getClassesRelyOnCluster(iClusterName); for (OClass c : classes) { if (c.isSubClassOf(OSecurityShared.RESTRICTED_CLASSNAME)) throw new OSecurityException( "Class '" + c.getName() + "' cannot be truncated because has record level security enabled (extends '" + OSecurityShared.RESTRICTED_CLASSNAME + "')"); } }
/** * Creates an OSymmetricKey from an OSymmetricKeyConfig interface. */ public static OSymmetricKey fromConfig(final OSymmetricKeyConfig keyConfig) { if (keyConfig.usesKeyString()) { return fromString(keyConfig.getKeyAlgorithm(), keyConfig.getKeyString()); } else if (keyConfig.usesKeyFile()) { return fromFile(keyConfig.getKeyAlgorithm(), keyConfig.getKeyFile()); } else if (keyConfig.usesKeystore()) { return fromKeystore(keyConfig.getKeystoreFile(), keyConfig.getKeystorePassword(), keyConfig.getKeystoreKeyAlias(), keyConfig.getKeystoreKeyPassword()); } else { throw new OSecurityException("OSymmetricKey(OSymmetricKeyConfig) Invalid configuration"); } }