byte[] rndBytes = BigIntegers.asUnsignedByteArray(bi);
public byte[] decrypt(byte[] encrypt) throws EncryptionServiceException { try { byte[] myNonce = new byte[GCM_IV_NONCE_SIZE_BYTES]; byte[] mySalt = new byte[PBKDF2_SALT_SIZE_BYTES]; ByteArrayInputStream fileInputStream = new ByteArrayInputStream(encrypt); fileInputStream.read(myNonce); fileInputStream.read(mySalt); SecretKey key = new SecretKeySpec(generateKey(mySalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, myNonce); myCipher.init(Cipher.DECRYPT_MODE, key, spec); return myCipher.doFinal(Arrays.copyOfRange(encrypt, GCM_IV_NONCE_SIZE_BYTES + PBKDF2_SALT_SIZE_BYTES, encrypt.length)); } catch (Exception e) { logger.error("Decryption failed", e); throw new EncryptionServiceException(e); } }
public byte[] encrypt(String plaintext) throws EncryptionServiceException { try { byte[] newSalt = generateRandomArray(PBKDF2_SALT_SIZE_BYTES); SecretKey key = new SecretKeySpec(generateKey(newSalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); byte[] newNonce = generateRandomArray(GCM_IV_NONCE_SIZE_BYTES); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, newNonce); myCipher.init(Cipher.ENCRYPT_MODE, key, spec); byte[] bytes = plaintext.getBytes(); return Arrays.concatenate(newNonce, newSalt, myCipher.doFinal(bytes)); } catch (Exception e) { logger.error("Encryption failed", e); throw new EncryptionServiceException(e); } }
Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null);
try { byte[] buf = readFile(file); byte[] toHash = Arrays.concatenate(buf, hashBuilder.toString().getBytes(UTF_8)); hashBuilder.setLength(0); hashBuilder.append(Hex.toHexString(hash(toHash, new SHA3Digest()))); } catch (IOException ex) { throw new RuntimeException(format("Error while reading file %s", file.getAbsolutePath()), ex);
public BasicTlsPSKIdentity(String identity, byte[] psk) { this.identity = Strings.toUTF8ByteArray(identity); this.psk = Arrays.clone(psk); }
@SuppressWarnings("unchecked") Collection<X509CertificateHolder> matches = certificatesStore.getMatches((Selector<X509CertificateHolder>) signerInformation.getSID()); X509CertificateHolder certificateHolder = matches.iterator().next(); X509Certificate certFromSignedData = new JcaX509CertificateConverter().getCertificate(certificateHolder); X509CertificateHolder tstCertHolder = (X509CertificateHolder) timeStampToken.getCertificates().getMatches(null).iterator().next(); X509Certificate certFromTimeStamp = new JcaX509CertificateConverter().getCertificate(tstCertHolder); certificateHolderSet.addAll(certificatesStore.getMatches(null)); certificateHolderSet.addAll(timeStampToken.getCertificates().getMatches(null)); verifyCertificateChain(new CollectionStore<>(certificateHolderSet), certFromTimeStamp, timeStampToken.getTimeStampInfo().getGenTime());
if (IPAddress.isValidIPv6WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv6(subjectAlternativeNameIp) || IPAddress.isValidIPv4WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv4(subjectAlternativeNameIp)) { subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, subjectAlternativeNameIp));
private void generatesDifferentCipherTexts(BytesEncryptor bcEncryptor) { byte[] encrypted1 = bcEncryptor.encrypt(testData); byte[] encrypted2 = bcEncryptor.encrypt(testData); Assert.assertFalse(Arrays.areEqual(encrypted1, encrypted2)); byte[] decrypted1 = bcEncryptor.decrypt(encrypted1); byte[] decrypted2 = bcEncryptor.decrypt(encrypted2); Assert.assertArrayEquals(testData, decrypted1); Assert.assertArrayEquals(testData, decrypted2); }
/** * Converts a character password to bytes incorporating the required trailing zero byte. * * @param password the password to be encoded. * @return a byte representation of the password in UTF8 + trailing zero. */ public static byte[] passwordToByteArray(char[] password) { return Arrays.append(Strings.toUTF8ByteArray(password), (byte)0); }
static byte[] tweakFunction(long tweakValue) { byte[] bs = Pack.longToLittleEndian(tweakValue); return Arrays.concatenate(bs, bs); } private static final int BLOCK_SIZE = Property.DP_AESXTS_BLOCK_SIZE.asInteger().orElse(4096);
byte[] alteredCiphertext = Arrays.clone(originalCiphertext); alteredCiphertext[8] = (byte) (alteredCiphertext[8] ^ 0x08); // <<< Change 100$ to 900$
if (! org.bouncycastle.util.Arrays.constantTimeAreEqual(expectedAuthTag, authTag)) {
public Integer getSubnetMaskLength(String maskString){ if(!IPAddress.isValidIPv4(maskString)){ return null;
@Test public void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_CLIENT_CREDENTIALS, Strings.split(clientScopes, ',')); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt decode = JwtHelper.decode(accessToken.getValue()); assertThat(decode.getHeader().getJku(), startsWith(uaaUrl)); assertThat(decode.getHeader().getJku(), is("https://uaa.some.test.domain.com:555/uaa/token_keys")); }
private void verifyCertificateChain(Store<X509CertificateHolder> certificatesStore, X509Certificate certFromSignedData, Date signDate) throws CertificateVerificationException, CertificateException { // Verify certificate chain (new since 10/2018) // Please post bad PDF files that succeed and // good PDF files that fail in // https://issues.apache.org/jira/browse/PDFBOX-3017 Collection<X509CertificateHolder> certificateHolders = certificatesStore.getMatches(null); Set<X509Certificate> additionalCerts = new HashSet<>(); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); for (X509CertificateHolder certHolder : certificateHolders) { X509Certificate certificate = certificateConverter.getCertificate(certHolder); if (!certificate.equals(certFromSignedData)) { additionalCerts.add(certificate); } } CertificateVerifier.verifyCertificate(certFromSignedData, additionalCerts, true, signDate); }
public BasicTlsPSKIdentity(String identity, byte[] psk) { this.identity = Strings.toUTF8ByteArray(identity); this.psk = Arrays.clone(psk); }
/** * Processes a signer store and goes through the signers certificate-chain. Adds the found data * to the certInfo. Handles only the first signer, although multiple would be possible, but is * not yet practicable. * * @param certificatesStore To get the certificate information from. Certificates will be saved * in certificatesMap. * @param signedData data from which to get the SignerInformation * @param certInfo where to add certificate information * @return Signer Information of the processed certificatesStore for further usage. * @throws IOException on data-processing error * @throws CertificateProccessingException on a specific error with a certificate */ private SignerInformation processSignerStore(Store<X509CertificateHolder> certificatesStore, CMSSignedData signedData, CertSignatureInformation certInfo) throws IOException, CertificateProccessingException { Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation signerInformation = signers.iterator().next(); @SuppressWarnings("unchecked") Collection<X509CertificateHolder> matches = certificatesStore .getMatches((Selector<X509CertificateHolder>) signerInformation.getSID()); X509Certificate certificate = getCertFromHolder(matches.iterator().next()); Collection<X509CertificateHolder> allCerts = certificatesStore.getMatches(null); addAllCerts(allCerts); traverseChain(certificate, certInfo, MAX_CERTIFICATE_CHAIN_DEPTH); return signerInformation; }
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
/** * get certificate info */ @SuppressWarnings("unchecked") public List<CertificateMeta> parse() throws CertificateException { CMSSignedData cmsSignedData; try { cmsSignedData = new CMSSignedData(data); } catch (CMSException e) { throw new CertificateException(e); } Store<X509CertificateHolder> certStore = cmsSignedData.getCertificates(); SignerInformationStore signerInfos = cmsSignedData.getSignerInfos(); Collection<SignerInformation> signers = signerInfos.getSigners(); List<X509Certificate> certificates = new ArrayList<>(); for (SignerInformation signer : signers) { Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID()); for (X509CertificateHolder holder : matches) { certificates.add(new JcaX509CertificateConverter().setProvider(provider).getCertificate(holder)); } } return CertificateMetas.from(certificates); }